Security Architect

We're looking for a strategic thinker and hands-on leader to drive the security vision for our Security DataFabric and Exposure Management products. In this key role, you'll be at the forefront of designing, building, and owning the security architecture that powers our next-generation platforms across multiple cloud environments. You’ll work side by side with Engineering, Product, and DevOps teams to weave security into every stage of the software development lifecycle (SDLC) — from idea to deployment and beyond.
You’ll play a critical role in ensuring our infrastructure not only meets, but exceeds, industry standards and regulatory requirements, all while enabling innovation at speed.

**Key accountabilities**

**Security Architecture Design & Strategy**:

- Lead the design and implementation of secure, scalable security architectures for our products and infrastructure, on AWS and Azure.
- Develop and maintain cloud security blueprints, reference architectures and security patterns.
- Collaborate with engineering, product and DevOps teams to create secure-by-design solutions for existing and new products.
- Define and promote security best practices for our product and cloud deployments, including secure configuration, network segmentation, identity and access management (IAM), data protection and logging/monitoring.
- Evaluate and suggest new security technologies and solutions to improve our cloud security posture.
- Identify gaps and find ways to address them.

**Security Integration & SDLC**:

- Collaborate closely with product management, engineering and DevOps teams to integrate security into every phase of the SDLC (Secure-by-Design and Shift-Left principles).
- Perform threat modelling and security architecture reviews for critical systems.
- Define and enforce security requirements and best practices throughout the software development lifecycle (SDLC).
- Drive the implementation of DevSecOps practices, including automated security testing, secrets management and infrastructure as code (IaC) security scanning.

**Risk Management & Compliance**:

- Identify, assess and prioritize security risks related to cloud deployments and product features.
- Develop and implement strategies and controls to reduce risks.
- Ensure compliance with relevant industry standards and regulations (ISO27001:2022, SOC2, CSTAR, and GDPR).
- Maintain and enhance the organization's compliance frameworks and security posture in accordance with standards like ISO27001:2022, SOC2, and CSTAR.
- Participate in security audits and provide evidence of controls.
- Engage with customers to communicate our alignment with best practices and identify gaps.
- Collaborate with client delivery teams on security assessments and compliance requirements.

**Incident Response**:

- Support the development and refinement of incident response plans tailored for cloud environments.
- Own security incidents and collaborate with IT and DevOps teams to respond and close such incidents.
- Contribute to product security policies, standards, and incident response procedures.

**Security Awareness & Training**:

- Champion security awareness across the organization, providing training and guidance to engineering and product teams on security best practices.
- Serve as a security SME for internal teams and external stakeholders.
- Mentor junior security professionals and contribute to the growth of our security team.
- Mentor engineers on secure coding and architecture principles.

**Vendor Management**
- Identify vendors to drive Pen Test/Security Audits.

Work with management to secure the necessary budget.**Skills and Experience**
- Deep knowledge of OWASP Top 10, secure coding practices, threat modelling (STRIDE, PASTA, etc.).
- Good understanding of securing UI/API/data on cloud platforms (AWS / Azure)
- Preferred qualifications include:

- Relevant certifications such as CISSP, CCSP, CCSK, AWS Certified Security and Azure security engineer certifications.
- Exposure to privacy, compliance (e.g., GDPR, SOC2), and secure data architecture
- Good knowledge of ISO27001:2022, SOC2 and CSTAR
- Understandin of offensive security.

**Education**
- Bachelor’s/ Master’s Degree in Computer Science Engineering
- Certifications such as CISSP, GSEC, CEH or CISM desired