Principal Security Architect

POSITION OVERVIEW

Kshema General Insurance is seeking a Principal Security Architect to join our security organization. This role reports to the Chief Technology Officer and will play a critical role in shaping and executing Kshema's cloud security strategy across a diverse and evolving technology landscape.

The role will work closely with development teams, product teams, and others across the organization to integrate security into the delivery lifecycle from design through deployment. This person will play a key role in defining security requirements, performing application security assessments, and providing developers with remediation advice.

DUTIES & RESPONSIBILITIES

• Work independently with developers, system/network engineers, product owners, and other colleagues to ensure secure design, development, and implementation of applications, infrastructure, and networks.
• Participate in engineering projects to identify threats and vulnerabilities in our cloud infrastructure and system architectures.
• Define cybersecurity requirements and security concepts and work with engineering teams to successfully deliver business solutions.
• Perform security design reviews of cloud systems, and networks.
• Provide remediation guidance and recommendations to systems administrators.
• Develop enterprise standards based on security best practices.
• Demonstrate deep expertise in Azure and either AWS or Google Cloud Platform (GCP), including native security services.
• Design secure cloud-native and hybrid architectures, including zero trust, micro-segmentation, and secure access patterns.
• Design secure VPCs, firewalls, VPNs, and secure connectivity between on-prem and cloud.
• Protect data utilizing Encryption (at rest, in transit, and in use), key management (KMS, HSM), tokenization, and data classification.
• Integrate security into CI/CD pipelines, infrastructure as code (IaC) scanning, and container security (e.g., Kubernetes, Docker).
• Conduct threat modeling, risk assessments, and security reviews for cloud workloads.
• Define and drive cloud security strategy aligned with business and IT goals.
• Create architecture diagrams, security design documents, and architecture decision records.
• Closely work with CISO in evaluating technology initiatives and projects to determine advanced cybersecurity requirements and controls necessary to comply with company policies, standards, and industry best practices.
• Demonstrate best practices, create proofs-of-concept and propose solutions to Customer's Software and Infrastructure Architects and provide strategic technical direction across the development and infrastructure teams.
• Build and sustain good working relationships with development and infrastructure teams and involve them in the overall application and cloud Security Technology strategy.
• Develop security related user stories and product specific threat models for products, as well as CI/CD pipelines and infrastructure-as-code.
• Develop technical security requirements for the business and see them through the development lifecycle.
• Collaborate with business contacts to ensure third-party cloud applications comply with our standards, controls, policies, and principles.

MINIMUM REQUIREMENTS

• Bachelor's degree in computer science or business with emphasis in IT or the equivalent combination of education, training and work experience.
• Requires 10+ years of experience in cybersecurity, with at least 4 years focused on cloud security architecture.
• Proven experience designing and securing solutions in Azure (preferred), and/or AWS
• Deep understanding of cloud-native services, container security (e.g., Kubernetes), and serverless architectures.
• Strong knowledge of DevSecOps practices and secure software development lifecycle (SSDLC).
• Familiarity with compliance frameworks such as NIST, ISO 27001, SOC 2, HIPAA, and PCI-DSS.
• Advanced knowledge of IAM principles, federation, SSO, RBAC/ABAC, and privileged access management.
• Relevant certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, CISSP, or CCSP.
• Hands-on practical experience high quality threat models and knowledge of MITRE framework, STRIDE framework and kill chains.
• Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts.
• Hands-on experience in performing threat modeling for applications, identifying threats, and suggesting optimal mitigation strategies.
• Strong understanding of threat modeling methodologies (e.g., STRIDE, DREAD, PASTA).
• Proficiency in using threat modeling tools (e.g., Microsoft Threat Modeling Tool, Threat Modeler, OWASP Threat Dragon).
• In-depth knowledge of common security vulnerabilities (e.g., OWASP Top Ten, CVEs) and attack vectors.

PREFERRED EXPERIENCE

• Experience in regulated industries (e.g., financial services, insurance, healthcare).
• Strong communication and leadership skills, with the ability to influence technical and non-technical stakeholders.
• Experience leading security architecture programs or initiatives at the enterprise level.
• Experience with Container security platforms.
• Experience incorporating security policy into Infrastructure as Code.