Security Architect

**Job no**: 573662
**Work type**: Full time
**Location**: India
**Categories**: Information Technology
**Office Location**: Noida

The **Security Architect **is an experienced, senior manager-level role within an organization’s cybersecurity team.

This role is crucial in supporting the CIA triad, and most importantly—the security of an organization’s assets. And it takes a diligent, multi-faceted approach paired with a deep knowledge of IT / Infosec.

This role has to provide oversight of security architecture, security principles, defense-in-depth, least privileges, zero trust, SoDs, RBAC, and security by design approaches.

**Key Responsibilities**:

- Develop and implement cybersecurity strategies, policies, and procedures to safeguard the organization's digital assets.
- Conduct technical reviews and risk assessments to identify gaps, loopholes, and weaknesses in the systems and further plan for mitigation as per best practices.
- You have to assess, plan, and build reliable, powerful, and flexible security architectures for IT and Infosec initiatives.
- You have to Identify missing cybersecurity and cyber-resilience capabilities in alignment with changing business needs, threat landscape and technical requirements.
- You have to evaluate, design, deploy, and update security controls with industry-emerging technologies.
- You have to build reliable, powerful, flexible, and scalable security architectures that adapt to evolving threat landscapes and technological changes.
- You have to prepare the cost estimates, solution comparatives, value propositions, and other potential integration concerns for all cybersecurity measures.
- Define and manage architecture artifacts including reference architecture documents, blueprints, HLDs/ LLDs, Data flow, and technical / non-technical security requirements aligned to the corresponding strategic roadmap.
- You have to quickly respond to any security-related issues (e.g., data breaches, major cyber incidents, phishing scams, etc.) and give a thorough post-event study once the situation has been resolved (referring to Cyber Kill Chain methodologies).
- Collaborate with cross-functional teams to integrate security into the organization's systems and processes.
- Manage relationships with external/ internal stakeholders and businesspersons.
- Stay abreast of emerging cybersecurity threats, vulnerabilities, and technologies through ongoing research and professional development.

***Key Requirements**:

- Bachelor’s degree in computer science, Information Security, or related field; advanced degree or relevant certifications (e.g., CISSP, CEH, MAD, TOGAF, SABSA, CRTSA) preferred.
- Proficiency in cybersecurity technologies and controls, including but not limited to Network Security, Endpoint Security, Data Security, Application Security, Identity & Access Management, Supply Chain Security, and VAPT.
- In-depth understanding of threat modelling and threat-attack methodologies (STRIDE/ DREAD/ OWASP, etc.) for complex systems and threat-attack methodologies
- Strong understanding of conducting cybersecurity posture assessments, risk assessments, technology reviews, and security audits based on industry standards and frameworks (e.g., NIST, CIS, ISO, etc.) and well-versed in writing reports.
- Knowledge of business continuity, disaster recovery continuity of operations plans, and enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures).
- Excellent communication and interpersonal skills, with the ability to convey cybersecurity risks and recommendations to technical and non-technical stakeholders.
- Strong analytical and problem-solving skills, with the ability to assess and prioritize cybersecurity risks.
- Leadership abilities, with the capacity to lead and motivate a technical team of cybersecurity professionals.

***Key Knowledge and Experience**:

- Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- Regulatory requirements and compliance standards relevant to cybersecurity.
- Incident response and handling procedures.
- Risk management methodologies.
- Emerging cybersecurity threats, vulnerabilities, and best practices.
- Security awareness training and education programs

**Years of Experience**:

- 10+ years of overall experience in cybersecurity roles, with a demonstrated track record of leading cybersecurity initiatives in complex environments.
- At least 5+ years of relevant experience in holding security architect roles and responsibilities.

As the **Security Architect**, you’ll play a pivotal role in designing security controls and protecting our organization from cyber threats. You will contribute to the organization’s overa