Enterprise Security Architect

As an Enterprise Security Architect at Mahindra & Mahindra Ltd within the Mahindra Digital Engine business unit, you will play a pivotal role in shaping and enforcing the security framework that protects our enterprise technology landscape. Your core mission is to embed security as a fundamental aspect of every system and service, ensuring robust protection aligned with evolving compliance mandates and emerging threats. By transforming abstract regulatory requirements and organizational risk directives into clear, actionable technical solutions, you will help safeguard the confidentiality, integrity, and availability of critical business assets throughout their lifecycle, from initial design through deployment and ongoing operations. This role demands a visionary approach to security architecture, combining thought leadership with practical implementation across cloud, hybrid, and on-premises environments.

In this role, you will collaborate closely with cross-functional teams, including engineering, operations, and governance, to integrate security principles seamlessly into the software development lifecycle and infrastructure provisioning processes. Additionally, you will serve as a trusted advisor and technical authority on security matters, guiding teams to make informed decisions that balance risk management with business agility. Your expertise will directly contribute to sustaining and advancing Mahindra & Mahindra Ltd's commitment to secure innovation and digital transformation on a global scale.

1. Security Architecture & Strategy

• Develop and maintain enterprise security architecture for AWS, GCP, and hybrid environments using IaC tools (Terraform, CloudFormation).
• Drive Zero-Trust adoption through micro-segmentation, identity-centric access, and end-to-end encryption.
• Design PKI infrastructures and secrets management systems (HashiCorp Vault, AWS Secrets Manager) for secure key lifecycle management.
• Establish container security frameworks (Kubernetes, Docker) with pod security policies, runtime threat detection (Falco), and supply chain integrity tools (Harbor, Clair).
• Define API security best practices integrating OAuth 2.0, JWT validation, and rate limiting via platforms like Apigee, Kong, Envoy.

2. DevSecOps & Automation

• Integrate security toolchains into CI/CD pipelines (Jenkins, GitLab CI, GitHub Actions) for continuous compliance.
• Implement SAST (Checkmarx, Fortify, SonarQube), DAST/IAST (Burp Suite), and automate SCA (Black Duck, Snyk, Mend).
• Develop "policy as code" frameworks (OPA) and automated workflows for vulnerability remediation.

3. Cloud & Data Security

• Design cloud security governance using CSPM tools (AWS Security Hub, GCP SCC, Prisma Cloud).
• Implement encryption for data-at-rest (KMS, HSM, TDE) and data-in-transit (TLS 1.2+), plus dynamic masking/tokenization.
• Architect secure cloud networks with VPC segmentation, WAF rule management, and services like AWS Transit Gateway.

4. Identity & Access Management (IAM)

• Architect IAM and CIAM solutions with SSO, MFA, adaptive authentication.
• Enforce PAM for critical infrastructure and RBAC/ABAC for least privilege access.

5. Threat Modeling & Risk Analysis

• Conduct threat modeling (STRIDE, PASTA) and architecture risk assessments for high-risk projects.
• Define technical security requirements and compensating controls based on threat analysis.

6. Technical Governance & Leadership

• Lead security governance via Architecture Review Board, enforce standards and reusable patterns, guide secure coding practices, oversee advanced security deployments, and act as senior escalation point for complex incidents.

• Experience: A minimum of 15 years of comprehensive experience in information security, with at least 5 years dedicated to hands-on security architecture roles involving complex enterprise environments.
• Cloud Expertise: Demonstrated expert-level proficiency in securing solutions on major cloud platforms such as AWS, Google Cloud Platform (GCP), or Azure, including deep familiarity with their native security services like IAM, Key Management Services (KMS), and security monitoring tools.
• Container Security: Solid, practical experience in securing containerized environments and Kubernetes clusters, inclusive of implementing CIS benchmarks, establishing network policies, and managing service mesh security with tools such as Istio or Linkerd.
• DevSecOps Integration: Proven track record of architecting and embedding security tools within continuous integration and deployment pipelines, effectively utilizing Static, Dynamic, and Software Composition Analysis testing tools.
• Infrastructure-as-Code & Scripting: Advanced skills in infrastructure automation using Terraform preferred, alongside scripting competencies in languages such as Python, Go, or Shell, to support security automation and orchestration.
• Security Domains: In-depth knowledge spanning network security architectures, cryptographic principles, and web application security vulnerabilities, especially familiarity with OWASP Top 10 risks and mitigations.
• Threat Modeling: Practical experience applying structured threat modeling techniques and utilizing associated tools to proactively identify and mitigate security threats within system designs.

• Experience operating within highly regulated sectors such as Banking, Financial Services, Insurance (BFSI), or Healthcare, with strong familiarity navigating compliance frameworks including NIST Cybersecurity Framework, PCI-DSS, HIPAA, SOC 2, and GDPR.
• Relevant security certifications such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), or certifications from SANS GIAC are highly valued. Additionally, specialized cloud security certifications like AWS Security Specialty or Google Professional Cloud Security Engineer are advantageous.
• Hands-on knowledge securing data platforms such as Data Lakes, Snowflake, or BigQuery, including implementing security controls for artificial intelligence and machine learning workloads, such as protection of training data and securing inference endpoints.
• Competency with service mesh frameworks including Istio or Linkerd, particularly managing and enforcing their security policies and controls to safeguard application communication.

• Architectural Mindset: Possess the ability to conceptualize and design security frameworks at a high level, recognizing recurring patterns and scalable solutions rather than isolated fixes.
• Technical Fluency: Maintain an expert-level understanding of security technologies and frameworks, enabling in-depth discussions and effective collaboration with engineering teams on technical implementation details.
• Influence and Leadership: Demonstrate strong interpersonal skills to build consensus and influence stakeholders across technical and business units without relying on direct authority, fostering a culture of security awareness and shared responsibility.
• Pragmatic Approach to Risk Management: Apply balanced judgment in aligning security objectives with business priorities, evaluating risks realistically while accounting for operational velocity and technical debt.
• Continuous Learner: Embrace a growth mindset to stay updated with the rapidly evolving threat landscape, emerging technologies, and best practices to continually enhance the enterprise security posture.