Architect - Platform (Security Specialist)

Job Description While technology is the heart of our business, a global and diverse culture is the heart of our success. We love our people and we take pride in catering them to a culture built on transparency, diversity, integrity, learning and growth. If working in an environment that encourages you to innovate and excel, not just in professional but personal life, interests you- you would enjoy your career with Quantiphi Role : Architect - Platform (Security Specialist) Experience: 7-14 Years Location: Mumbai/Bangalore Key Responsibilities - Design, build, and secure AWS platform infrastructure using IaC (CloudFormation / Terraform). - Implement and manage security controls across AWS environments (IAM, KMS, Secrets Manager, Network Firewall). - Build automated security guardrails and compliance checks using AWS Security Hub, Config, and IAM Access Analyzer. Develop secure CI/CD pipelines, including automated policy checks, vulnerability scans, and artifact integrity validation. - Implement centralized logging and monitoring using CloudWatch, SIEM tools, GuardDuty, and VPC Flow Logs. - Collaborate with application and DevOps teams to define secure architecture patterns, network segmentation, and zero-trust controls. - Conduct regular security assessments, risk reviews, and threat modelling for workloads hosted on AWS. - Enforce tagging standards, data-classification controls, and lifecycle policies across AWS resources. - Support incident response activities, root-cause analysis, remediation planning, and post-incident improvements. - Document platform security design, runbooks, best practices, and alignment with enterprise security standards. - Manage and integrate security tools such as SIEM, DLP, Cloud Proxy, CASB, or Isolation systems when relevant to AWS workloads. - Provide training and guidance to engineering teams on secure AWS usage, identity governance, and least-privilege access. - Experience integrating AWS environments with Security Operations Centers (SOC) for real-time alerting, threat detection, and incident escalation workflows. Must Have Skills - Overall 7+ years of Experience in AWS Cloud platform/security engineering and 3-5 years of experience in cloud security/cybersecurity. - Deep knowledge of AWS security services: IAM, KMS, Security Hub, GuardDuty, AWS Config, VPC Security, WAF, Network Firewall. - Strong understanding of cloud security models, zero-trust principles, least privilege, encryption, data protection, and network security fundamentals. - Hands-on experience with either of IaC tools: CloudFormation, Terraform, CDK. - Proficiency in scripting languages such as Python or Bash for automation. - Experience setting up centralized logging, SIEM integrations, and security event monitoring. - Strong understanding of CI/CD security, artifact scanning, secrets management, and pipeline hardening. - Knowledge of network security tools and concepts: firewalls, proxies, routing, segmentation, DLP, isolation appliances. - Familiarity with compliance frameworks (GDPR, HIPAA, PCI, SOC2) and ability to enforce security baseline standards. - Strong analytical and troubleshooting skills to resolve platform and security issues. - Excellent communication and collaboration skills to work across cross-functional engineering and security teams. - Exposure to advanced data protection practices such as data classification, DLP controls, encryption strategy design, and secure data lifecycle management. Good to Have Skills - Experience securing multi-cloud (AWS + GCP/Azure) environments. - Experience with container security for ECS/EKS (image scanning, runtime protection, IAM roles for tasks). - Knowledge of SIEM platforms like Sumo Logic, Splunk, or Datadog. - Experience with AWS Macie, Detective, and advanced data governance solutions. - Exposure to zero-trust security, identity federation, and SSO (Azure AD/Okta). - Familiarity with incident response processes and playbook automation (SOAR). - Experience designing isolation, or exfiltration-prevention controls. - Additional security certifications (CISSP, CISM, CCSP, AWS Security Specialty) - Understanding of SOC processes, including Tier-1/2/3 triage, playbook execution, case management, ticketing systems, and threat intelligence enrichment. - Hands-on knowledge of security incident management, including detection, investigation, containment, eradication, recovery, and post-incident reviews.