Security Architecture and ENGINEERING

Main Purpose of the Role:

The Cyber Security Architect is responsible for defining, designing, and governing secure architecture standards across the enterprise.

The role ensures that all technology solutions, IT projects, cloud platforms, and cybersecurity tools align with the organization’s security strategy, regulatory expectations, and risk management frameworks.

The Architect acts as the senior security advisor for delivery teams, evaluates new solutions, drives integration of security technologies, and provides SME guidance on core cybersecurity domains and enterprise tools.

Key Responsibilities:

Security Architecture & Design

· Develop, maintain, and publish enterprise security architecture standards, patterns, reference models, and future-state architecture roadmaps.

· Embed security architecture principles across cloud, on-prem, application, data, network, and endpoint environments.

· Review project solution designs and provide approved secure architecture recommendations including cloud security, segmentation, encryption, and monitoring requirements.

· Translate business and technology needs into secure, scalable, compliant, and cost-effective designs.

· Support secure-by-design adoption across projects, platforms, and engineering teams.

Technology Governance & Assurance

· Conduct architectural assessments, design reviews, and security evaluations for new initiatives and major IT changes.

· Validate the configuration and integration of enterprise cybersecurity tools against architectural standards.

· Ensure adherence to regulatory and compliance frameworks (ISO 27001, NIST CSF, CIS, GDPR, RBI/SEBI guidelines, etc.).

· Maintain alignment with enterprise architecture, global cybersecurity strategy, and risk appetite.

Cybersecurity SME – Domain Expertise

Provide deep subject-matter expertise across all core cybersecurity domains and associated security tools/platforms. The role ensures end-to-end architectural coverage, tool alignment, and technical leadership across the following:

· Cloud Security (AWS, Azure, GCP): Architect secure cloud landing zones, policies, identity models, segmentation, and monitoring using Prisma Cloud, Wiz, Microsoft Defender for Cloud, AWS Security Hub, cloud-native firewall & IAM services, and container security platforms.

· Endpoint & Workload Protection: Design endpoint security baseline, detection models, and threat prevention architecture using EDR/XDR platforms such as CrowdStrike, Microsoft Defender, SentinelOne, and OS hardening frameworks.

· Network & Perimeter Security: Architect secure network topology, segmentation, and threat prevention using Palo Alto, Fortinet, Cisco Firewalls, Proxies, VPN, DNS Security, Zero Trust edge, and IDS/IPS technologies.

· Application & API Security: Define secure application architecture, threat modeling, DevSecOps integration, and application protection using WAFs, API Gateways, SAST/DAST tools and API security platforms.

· Data Security, Encryption & Governance: Design enterprise data protection models including encryption, DLP, data classification, tokenization, key management using DLP suites, CASB, KMS, HSMs, and data access governance tools.

· Zero Trust Architecture: Lead organization-wide adoption of Zero Trust principles such as identity-first access, micro-segmentation, continuous validation, session risk scoring, and telemetry-driven decisions across cloud, network, and applications.

Stakeholder Engagement & Advisory

· Work as a trusted advisor to IT, Security, Cloud, Infrastructure, Application, and Business teams.

· Conduct architectural walkthroughs and provide guidance to project managers, technical engineers, and operations teams.

· Support vendor evaluations and conduct security due diligence on third-party solutions.

Documentation & Communication

· Produce architecture blueprints, HLD/LLD documents, security patterns, and integration diagrams.

· Document design gaps, risks, mitigations, and deliver clear technical recommendations.

· Maintain security reference architectures and reusable templates for enterprise-wide use

Skills and Experience:

· Education and Experience:

o Strong secondary-level education is required, ideally to A-level or equivalent standard, in a technical or analytical discipline.

o A university degree is not essential, though a qualification in Cyber Security, Information Technology, Risk Management, or a related field would be considered advantageous.

o 8+ years of experience in cyber security or information security roles.

· Knowledge and Skills:

o Strong understanding of enterprise security architecture, frameworks, and best practices.

o Expertise across cybersecurity domains such as cloud, network, endpoint, application, data security, and

monitoring.

o Experience with security tools and platforms for data, endpoint protection and cloud security.

o Knowledge of risk assessment and secure design principles.

o Ability to design secure architectures, review solutions, and provide guidance to technical teams.

Success Measures

o Timely review and approval of project architectures for security compliance.

o Effective integration and optimization of security tools across domains.

o Mitigation of identified risks through architecture guidance.

o Adoption of secure design principles and Zero Trust practices.

· Soft Skills:

o Strong communication skills to translate complex technical concepts to executives, business, and technical teams.

o Excellent stakeholder management and influencing skills across cross-functional teams.

o Strategic thinking and problem-solving to make risk-based decisions.

o Leadership & mentoring: guiding junior architects and cybersecurity engineers.

o Collaboration skills for working with IT, Cloud, Security Operations, Application, and Project teams.

o Strong analytical skills for evaluating technologies, risks, and architectural trade-offs.

· Certifications (Nice to have)

o Security certifications: CISSP, CCSP, CISM, CEH, GCP/Azure/AWS Security Specialty, or any relevant architecture certification.

Desired but not necessary:

· Exposure to Zero Trust initiatives, SASE, DevSecOps, threat modeling frameworks, and container security.

· Familiarity with automation (Python, PowerShell, Terraform), IaC security, and CI/CD pipelines.

Personal Requirements:

· Excellent communication skills

· Results driven, with a strong sense of accountability

· A proactive, motivated approach.

· The ability to operate with urgency and prioritise work accordingly

· Strong decision making skills, the ability to demonstrate sound judgement

· A structured and logical approach to work

· Strong problem solving skills

· A creative and innovative approach to work

· Excellent interpersonal skills

· The ability to manage large workloads and tight deadlines

· Excellent attention to detail and accuracy

· A calm approach, with the ability to perform well in a pressurised environment