Security Architect

Role Summary Work with us to build modern Insurtech AI underpinned solutions we are a growing team of hands on architects striving to build high quality solutions for our internal and external customers The Security Architect designs and implements security architectures across the Xceedance insurance ecosystem establishing security standards conducting threat modeling and ensuring systems are designed with security-first principles including Zero Trust defense in depth and compliance with regulatory requirements in the insurance industry Key Responsibilities Security Architecture Design - Designs comprehensive security architectures for cloud-native hybrid and on-premises environments spanning applications infrastructure networks and data platforms using Microsoft Azure as primary platform Develops reference architectures and security blueprints for common patterns including microservices APIs data lakes and AI ML workloads Conducts threat modeling exercises using STRIDE PASTA and LINDDUN frameworks to identify security risks during design phase Performs security architecture reviews and assessments of existing systems applications and infrastructure components ensuring alignment with enterprise security standards and regulatory requirements Zero Trust Identity Security - Designs and implements Zero Trust security architectures based on never trust always verify principles including micro-segmentation least privilege access and continuous verification Architects enterprise identity and access management IAM solutions using Azure Active Directory Entra ID SSO federation and privileged access management PAM Designs authentication and authorization frameworks supporting SAML OAuth 2 0 OpenID Connect and modern authentication protocols Implements multi-factor authentication MFA risk-based conditional access policies and passwordless authentication strategies Designs role-based access control RBAC and attribute-based access control ABAC models aligned with least privilege principles Cloud Security Architecture - Architects security controls and guardrails for Azure AWS and GCP covering compute storage networking and platform services Designs cloud-native security patterns including service mesh security container security Kubernetes RBAC pod security policies and serverless security Implements network security groups NSGs web application firewalls WAF DDoS protection and cloud access security brokers CASB Designs secure landing zones hub-and-spoke network topologies and network segmentation strategies for multi-tenant environments Establishes cloud security posture management CSPM and cloud workload protection platforms CWPP ensuring continuous compliance Application Security - Integrates security into software development lifecycle SDLC embedding security practices in CI CD pipelines through DevSecOps and shift-left security Defines secure coding standards based on OWASP Top 10 SANS Top 25 and industry best practices Designs security testing strategies incorporating static application security testing SAST dynamic application security testing DAST software composition analysis SCA and interactive application security testing IAST Architects secrets management solutions using Azure Key Vault HashiCorp Vault or AWS Secrets Manager protecting API keys certificates and credentials Designs API security frameworks including API gateways rate limiting input validation and API threat protection Security Operations Monitoring - Designs security monitoring and incident detection architectures using SIEM platforms including Microsoft Sentinel Splunk IBM QRadar or Elastic Security Architects security orchestration automation and response SOAR platforms automating incident response workflows and playbooks Designs logging and log aggregation strategies ensuring comprehensive visibility across applications infrastructure and cloud platforms Implements threat intelligence platforms integrating threat feeds to enable proactive threat detection and hunting Designs incident response architectures including forensic capabilities evidence collection and chain of custody procedures Compliance Risk Governance - Ensures security architectures comply with regulatory requirements including GDPR HIPAA PCI-DSS SOC 2 ISO 27001 NIST frameworks and insurance-specific regulations Solvency II state insurance regulations Conducts security risk assessments developing risk mitigation strategies aligned with business objectives and risk appetite Designs security governance frameworks including security policies standards procedures and guidelines Establishes security metrics and KPIs measuring effectiveness of security controls and demonstrating continuous improvement Collaborates with compliance legal and audit teams ensuring security architectures meet regulatory and contractual obligations Data Protection Encryption - Designs data protection architectures including encryption at rest encryption in transit and data loss prevention DLP strategies Architects key management systems and certificate management solutions ensuring proper key lifecycle management Designs data classification frameworks implementing data sovereignty requirements for multi-region deployments Implements privacy-by-design principles and privacy-enhancing technologies PETs protecting sensitive and personally identifiable information PII critical in insurance operations Network Security - Designs network security architectures implementing network segmentation DMZs and secure connectivity patterns Architects firewall strategies intrusion detection prevention systems IDS IPS and network access control NAC solutions Designs secure remote access including VPN zero trust network access ZTNA and software-defined perimeter SDP approaches Implements DDoS mitigation strategies and content delivery network CDN security Collaboration Leadership - Works with enterprise architects solutions architects DevOps engineers developers and business stakeholders to embed security into all initiatives Mentors security engineers and development teams on security best practices and secure design patterns Leads security architecture reviews design discussions and technical working groups Communicates complex security concepts and risks to executive leadership and non-technical stakeholders Stays current with emerging threats vulnerabilities attack vectors and evolving security technologies through continuous learning and industry engagement Required Skills Security Frameworks Standards - NIST Cybersecurity Framework ISO 27001 27002 CIS Controls OWASP Top 10 SANS Top 25 Zero Trust Architecture NIST SP 800-207 PCI-DSS HIPAA GDPR and insurance regulatory frameworks Identity Access Management - Azure Active Directory Entra ID SSO implementations SAML OAuth 2 0 OpenID Connect multi-factor authentication MFA privileged access management PAM RBAC ABAC models identity governance and passwordless authentication Cloud Security - Azure Security Center Microsoft Defender for Cloud AWS Security Hub Google Security Command Center CASB solutions network security groups web application firewalls container security Kubernetes security and cloud-native security tools Application Security - Secure SDLC practices threat modeling STRIDE PASTA LINDDUN SAST tools SonarQube Checkmarx Fortify DAST tools OWASP ZAP Burp Suite SCA tools Snyk WhiteSource secrets management Azure Key Vault HashiCorp Vault and API security Security Operations - SIEM platforms Microsoft Sentinel Splunk IBM QRadar Elastic Security SOAR platforms EDR XDR solutions threat intelligence platforms log analysis incident response frameworks and forensic tools Network Security - Firewall technologies next-gen firewalls Azure Firewall IDS IPS systems network segmentation VPN technologies ZTNA solutions DDoS mitigation and secure network design Encryption Data Protection - Encryption protocols TLS SSL IPSec key management systems certificate authorities data loss prevention DLP data classification tokenization and data masking techniques Required Experience Eight or more years in cybersecurity security engineering or security architecture roles with three years designing enterprise security architectures Proven experience architecting security solutions on Microsoft Azure with deep understanding of cloud security principles and patterns Track record conducting threat modeling exercises performing security architecture reviews and achieving compliance certifications SOC 2 ISO 27001 PCI-DSS Experience in insurance or financial services environments with understanding of regulatory requirements and sensitive data protection Evidence of implementing Zero Trust architectures designing identity and access management solutions and establishing security governance frameworks Experience leading security incident response conducting vulnerability assessments and implementing security monitoring solutions Required Certifications CISSP Certified Information Systems Security Professional CISM Certified Information Security Manager CCSP Certified Cloud Security Professional Microsoft Certified Security Operations Analyst Associate or Azure Security Engineer Associate Valuable additions CEH Certified Ethical Hacker SANS GIAC certifications GIAC Security Essentials GCIH GPEN OSCP Offensive Security Certified Professional CISA Certified Information Systems Auditor Key Competencies Insurance Domain Security - Understanding insurance data sensitivity PII claim data financial information regulatory requirements state insurance regulations Solvency II GDPR CCPA industry-specific threats and common insurance platform security considerations Technical Leadership - Leading security architecture reviews establishing security standards mentoring security engineers and developers communicating risks to executive leadership and balancing security with business enablement Risk Management - Conducting security risk assessments developing risk treatment plans communicating security risks in business terms and aligning security investments with risk appetite and business objectives Innovation Continuous Learning - Staying current with threat landscape emerging attack vectors new security technologies zero trust maturity and evolving regulatory requirements driving continuous improvement of security posture