Security Architect

Introduction

We are looking for 10+ years experienced candidates for this role.

Job Description

The Security Architect is responsible for defining and governing the security architecture for mission-critical, on-premises enterprise platforms running across multiple data centres and a dedicated disaster recovery site. This role designs and reviews security controls across applications, integrations, data, infrastructure, and identities to ensure confidentiality, integrity, and availability. The Security Architect works closely with application, integration, infrastructure, network, and DevOps teams to embed security into the modernization of legacy systems into microservices and containerized workloads, while meeting strict regulatory, audit, and compliance requirements.

Responsibilities include:

• Define the overall security architecture and reference patterns for applications, APIs, integrations, and data flows across multiple on-premises environments and data centres.
• Establish and maintain security standards for identity and access management (for example, SSO, MFA, RBAC), network security (segmentation, firewalls, VPNs), and endpoint protection in alignment with enterprise policies.
• Work closely with Application, Integration, and API teams to ensure secure design of microservices, web applications, mobile/MDT clients, and external-facing APIs (including authentication, authorization, input validation, and secure session handling).
• Collaborate with Infrastructure and Network teams to ensure secure configurations of servers, containers, Kubernetes/OpenShift clusters, databases, load balancers, and WAFs in on-prem data centres and DR sites.
• Define and review security controls for integrations with external systems (for example, government systems, third-party services), including secure connectivity, data protection in transit and at rest, and endpoint hardening.
• Oversee the implementation of logging, monitoring, and alerting for security events, working with SIEM/SOC teams to ensure effective detection, correlation, and response to threats.
• Drive secure SDLC and DevSecOps practices by embedding security requirements, threat modelling, and security testing (SAST, DAST, dependency and container scanning) into development and CI/CD pipelines.
• Conduct architecture and design reviews for new solutions and change requests, identifying risks and recommending mitigations to ensure compliance with security and regulatory requirements.
• Define and maintain security baselines, hardening guides, and configuration benchmarks for platforms, middleware, and databases used in the environment.

Certifications :

• Security certifications such as CISSP, CISM, or SABSA that demonstrate strong security architecture or governance knowledge.
• Technical security certifications such as Certified Cloud Security Professional (CCSP), GIAC (for example, GCSA, GWEB), or vendor-specific security certifications.
• Any formal training or certification in secure software development, DevSecOps, or application security testing.

Primary Skills :

Technical Skills

• Strong understanding of security architecture principles for enterprise applications, APIs, microservices, and integrations in on-premises and hybrid environments.
• Hands-on knowledge of identity and access management concepts and technologies, such as Active Directory/LDAP, SSO, MFA, RBAC, OAuth2, OpenID Connect, and JWT-based authentication.
• Good understanding of application security fundamentals, including OWASP Top 10, secure coding practices, input validation, output encoding, and secure session/token management.
• Experience working with network security controls, including firewalls, VPNs, reverse proxies, WAFs, network zoning, and secure remote access patterns.
• Familiarity with securing containerized workloads and orchestration platforms (for example, Docker and Kubernetes/OpenShift), including image scanning, runtime security, and secure configuration of clusters.
• Knowledge of database and data security, including encryption at rest and in transit, database hardening, least privilege, and secure access patterns for Oracle and other relational databases.
• Experience with security logging and monitoring, SIEM platforms, and integration of application and infrastructure logs into centralized monitoring for security analytics.

Experience and Soft Skills

• 10+ years of experience in information security, application security, or infrastructure security, with at least 3 4 years in a security architect or equivalent role.
• Proven experience designing or reviewing security architectures for large-scale, mission-critical systems with strict uptime, performance, and compliance requirements.
• Experience working in multi-datacentre and DR-enabled environments, including understanding of security implications of failover, replication, and high availability.
• Strong ability to collaborate with cross-functional teams (application, infrastructure, DevOps, network, operations) and influence secure design decisions.
• Excellent written and verbal communication skills, with the ability to clearly articulate risks, options, and recommendations to both technical and non-technical stakeholders.

Responsibilities

• Lead or contribute to threat modelling exercises and risk assessments for key applications, integrations, and infrastructure components, and ensure that findings are translated into actionable controls.
• Define and review policies for secure access to environments (for example, privileged access, just-in-time access, break-glass accounts) in collaboration with Infrastructure and Operations teams.
• Support incident response and forensic analysis activities by ensuring appropriate logging, evidence collection, and coordination with SOC or security operations teams.
• Contribute to business continuity and disaster recovery planning from a security perspective, ensuring that DR strategies maintain required security controls and data protection.
• Provide security guidance and coaching to architects, developers, DevOps engineers, and operations teams, promoting a security-by-design and security-by-default culture.

Technical Skills

• Experience integrating security tools and scanners into CI/CD pipelines (for example, SAST, DAST, dependency scanning, container image scanning) and interpreting results for remediation.
• Familiarity with secrets management tools and practices (for example, secure storage of keys, certificates, tokens, and passwords; rotation and lifecycle management).
• Knowledge of endpoint and server hardening practices and baseline frameworks (for example, CIS benchmarks or equivalent).
• Working knowledge of encryption technologies (for example, TLS, certificates, key management) and their application to APIs, services, and data stores.

Experience

• Prior involvement in modernization projects where legacy applications and integrations was migrated to more modern architectures while maintaining or improving security posture.
• Experience in environments subject to regulatory, audit, or compliance requirements (for example, ISO 27001, SOC 2, PCI DSS, or similar), with familiarity in preparing or supporting audits.

Secondary Skills :

Technical Skills and Experience

• Exposure to zero-trust architecture concepts and their practical application in on-prem or hybrid environments.
• Experience with policy-as-code and security-as-code approaches (for example, using tools such as Open Policy Agent) for enforcing security controls consistently.
• Familiarity with SRE and observability concepts (for example, SLIs/SLOs, error budgets) and how security ties into reliability and operational dashboards.
• Experience with data classification, data loss prevention (DLP), and privacy-by-design principles.

Job Details

Role:

Security Architect

Location :

Trivandrum/Kochi/Chennai

Employment Type :

Permanent

Close Date :

Interested candidates may forward their detailed resumes to along with their notice period, current and expected CTC details. This is to notify jobseekers that some fraudsters are promising jobs with Reflections Info Systems for a fee. Please note that no payment is ever sought for jobs in Reflections. We contact our candidates only through our official website or LinkedIn and all employment related mails are sent through the official HR email id. Please contact for any clarification/ alerts on this subject.