Cloud Application Security Architect

Global Delivery
Pune

**Zycus **is looking out for a passionate
**Cloud Application Security Architect **with a experience
**of 12-18 years **in End to End Application security
**preferably from development back ground.
**JOB DESCRIPTION**:
**Expertise **'“ Collaborate with Product Managers, Platform Leads, and Information Security teams, to architect and design cloud security solutions. Knowledge of security services in cloud as well as on physical data center is essential

**Delivery **'“ Complete architecture assessments across projects, prove use of security solutions to support new distributed computing solutions that span private cloud and public cloud services.

**Security Technology Strategy**:

- Work with engineering, service and business teams to create technology roadmaps.

**RESPONSIBILITIES INCLUDE**:
Design and develop security architectures for cloud and cloud/hybrid based systems. Possess a firm understanding of the offerings within both Amazon Web Services (AWS) and the Microsoft Azure platforms and on physical data centers. Based on business requirements, design and implement cloud-native architectures and designs that will allow those requirements to be met with a mínimal degree of risk to company and with appropriate security controls present.

Represents Security Platform in development and implementation of the overall global enterprise cloud architecture. Acts as the ambassador and senior technical representative for Enterprise Security while engaging with other senior technical leaders throughout Zycus in design and implementation of cloud and cloud/hybrid based implementations and solutions.

Works with Engineering, Infrastructure Services, and Application Development organizations to choose appropriate technology solutions and facilitates complete integration into the Zycus environments.

Develops standards in partnership with Engineering, Infrastructure Services, and Application Development.

Leads training and technical forums, serves as both a formal and informal mentor, and executes other initiatives designed to share knowledge across Security Platforms and/or Technology teams. Identifies, recommends, coordinates, and/or conducts informal/formal training sessions to deliver timely knowledge to support teams regarding technologies, processes or tools.

Develops and executes strategies to increase Cloud Security knowledge throughout the enterprise, as well as developing and mentoring more-junior security analysts and engineers

**Required Qualifications**:
12 - 18 years related work experience

Out of which 6-8 years' experience with Security Architect and/or Engineering is requried for this role.

4-5 years' experience with Cloud platforms suchment and Penetration Testing (VAPT) and penetration testing (Ex: Core Impact, Back Track/Kali Linux, Meta sploit, NMap, Burp suite, SQL Map/Ninja and Beef).

Proven track record of using Web Application Scanner(Ex: Veracode, IBM App Scan and Acunetics) and Network Scanner(Ex: QualysGuard, Nessus, Openvas).

Expertise performing Data Loss Prevention DLP (EX: Digital Guardian), Security information and event management SIEM (QRadar) as Amazon Web Services (AWS).

Experience architecting solutions within Amazon Web Services (AWS) and, preferably, other cloud providers.

Experience providing high level Vulnerability Assess.

Hands on experience working with Firewalls (Ex: Palo Alto), Sniffers (Ex: Wireshark, Cain & Able and John the Ripper etc.)

Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development (Application Security), data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments.

Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc).

Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.

Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.

Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.

Experience with enterprise architecture and working as part of a cross-functional team to implement solutions.

Ability to work independently with mínimal direction; self-starter/self-motivated

Cloud / SaaS Security and Architecture related certifications.

Understanding of SSAE 16 SOC1, SOC2, PCIDSS etc.

**Preferred Qualifications**:
12 or more years of experience, preferred.

Nice to have - Architecture of mobile platform (iOS, Android) solutions, integrated with cloud-based services.

Detailed understanding of SSL/TLS protocols and certificate-based solutions.

excellent knowledge of JAVA