Security Architect
Security Architect
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Key Responsibilities
Security Architecture Review:
o Assess system designs to identify deficiencies in security controls.
o Evaluate risks related to confidentiality integrity and availability (CIA).
o Propose actionable recommendations and design alternatives to address identified risks.
o Clearly communicate risks solutions and design choices to technical and nontechnical stakeholders.
Risk Management
o Perform structured risk assessment using methodologies such as OWASP Risk Rating or other qualitative frameworks.
o Assess risks associated with systems applications and thirdparty services qualifying them in terms of likelihood and impact.
o Develop both tactical strategic recommendations to remediate identified risks.
o Collaborate with stakeholders to prioritize risk mitigation efforts based on business objectives and technical feasibility.
o Provide clear and concise reports on risk findings and remediations strategies to leadership and across functional teams.
Cloud Security:
o Strong expertise in AWS services: IAM KMS RDS S3 EC2 GuardDuty CloudTrail Security Hub VPC ECS and EKS.
o Familiarity with AWS WellArchitected Framework CIS Benchmarks and best practices for securing cloud environments.
o Experience with M365 and Azure AD/Entra ID including conditional access policies Intune and hybrid identity configurations.
o Proficiency in encryption at rest and in transit identitybased access controls and monitoring for cloud services.
Networking:
o Indepth knowledge of cloud networking architectures including Direct Connect VPC peering hubandspoke design mesh networking and VPNs.
o Expertise in network traffic controls: IDS/IPS WAFs TLS termination strategies (offload passthrough bridging) and load balancing.
o Proficiency in certificate management certificatebased authentication and mutual TLS.
Encryption and Key Management:
o Expertise in enterprise encryption best practices and secure key management.
o Strong experience with AWS KMS AWS CloudHSM and other encryption solutions.
o Proficiency with secrets management tools like HashiCorp Vault and CyberArk to secure sensitive credentials and encryption keys.
Identity and Access Management (IAM):
o Strong understanding of Microsoft Active Directory Azure AD/Entra ID AWS IAM roles Okta PingFederate Radius and TACACS.
o Proficiency in authentication mechanisms: SAML OAuth OIDC FIDO and MFA.
o Expertise in managing human credentials and nonhuman credentials (e.g.
machine/system accounts service principals application secrets).
o Familiarity with tokenbased authentication methods including JWT OAuth tokens and API keys.
o Knowledge of entitlements management including rolebased and attributebased access controls.
API Security:
o Strong experience with API gateways like Apigee and AWS API Gateway.
o Expertise with AWSnative API security tools: Amazon WAF Lambda Authorizers AWS Cognito and AWS CloudFront.
o Familiarity with advanced API security tools like Imperva and SALT Security.
o Proficiency in tokenbased API security mechanisms rate limiting throttling and mutual TLS.
Secure Software Development Lifecycle (SDLC):
o Strong knowledge of the OWASP Web Top 10 and OWASP API Top 10 for identifying and mitigating vulnerabilities.
o Ability to review application architectures for vulnerabilities secure session
management and business logic flaws.
o Proficiency with secure coding practices token validation and managing session lifecycles.
SaaS Security:
o Expertise in assessing and securing SaaS and PaaS services with SSO integration MFA SIEM monitoring and rolebased access controls.
o Ability to evaluate SaaS vendors’ security posture by reviewing SOC reports BCDR documentation and ISO certifications.
o Understanding of multitenancy vs. dedicated tenancy models and associated risks.
o Experience implementing BYOK (Bring Your Own Key) and HYOK (Hold Your Own Key) models for SaaS services.
Streaming and Big Data Security:
o Expertise in securing streaming solutions like Kafka RabbitMQ IBM MQ AWS Kinesis and Firehose.
o Familiarity with big data solutions like Snowflake and Cassandra including managed Cassandra instances.
o Knowledge of Snowflake security best practices including access controls encryption and data governance.
Database Security:
o Expertise in database activity monitoring and security best practices for relational and nonrelational databases.
o Understanding of availability models such as log shipping snapshots and readonly replicas.
o Proficiency in designing and reviewing secure database architectures using AWS RDS and other managed solutions.
Business Continuity and Disaster Recovery (BCDR):
o Deep understanding of high availability fault tolerance and disaster recovery in cloud and traditional environments.
o Proficiency in designing multiAZ vs. multiregion architectures for disaster recovery and fault tolerance in AWS.
o Expertise in backup restore and replication strategies for cloud and onpremises environments.
SIEM and Log Management:
o Proficiency with SIEM platforms (e.g. Splunk) for log correlation event monitoring and actionable alerting.
Regulatory Compliance:
o Strong understanding of regulatory requirements for financial services and their implications across security domains.
Employment Type
Full Time
