Cyber Security Architect

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field.
• 7+ years of experience in cybersecurity, with 3+ years in a security architecture or engineering leadership role.
• Demonstrated experience across key security domains, especially with DevSecOps and cloud security.
• Strong knowledge of security architecture frameworks (e.g., SABSA, NIST, Zero Trust).
• Practical experience with DevSecOps tools: SAST/DAST, container security (Kubernetes, Docker), IaC scanning, CI/CD security integration.
• Expertise in modern security platforms and controls: IAM, EDR/XDR, SIEM, CASB, DLP, cloud-native security tools.
• Effective communication skills with both technical and business stakeholders.

Nice To Haves

• CISSP, SABSA, CISM, AWS/Azure Security certifications, GIAC (GCSA, GCPN, GDSA), TOGAF, or equivalent.

Responsibilities

• Develop and maintain enterprise security architecture and blueprints aligned with business goals, risk appetite, and regulatory requirements.
• Lead security design reviews and provide guidance on secure system and solution architectures.
• Design and govern IAM solutions including SSO, MFA, identity federation, PAM, and RBAC across hybrid environments.
• Ensure secure integration of IAM with on-prem, cloud, and SaaS platforms.
• Define and implement security controls for IaaS, PaaS, and SaaS models across AWS, Azure, and/or GCP.
• Lead cloud security assessments, enforce policies through CSPM, CWPP, and CASB tools.
• Architect enterprise data protection strategies including encryption, DLP, masking, and secure data flows.
• Ensure security designs comply with data privacy regulations such as GDPR, HIPAA, and CCPA.
• Design secure network architecture including segmentation, firewalls, micro-segmentation, VPN, and Zero Trust principles.
• Oversee infrastructure security across hybrid and distributed networks.
• Drive application security architecture and governance across internal and third-party applications.
• Oversee the integration of SAST, DAST, RASP, and threat modeling into the software development lifecycle.
• Lead the implementation of DevSecOps practices to embed security in CI/CD pipelines.
• Develop and enforce security automation, secure code practices, and IaC security (Terraform, Helm, Ansible, etc.).
• Collaborate with development and platform engineering teams to build security as code and shift-left strategies.
• Define endpoint protection architecture using EDR/XDR solutions and mobile threat defense.
• Design advanced email protection measures including phishing prevention, SPF/DKIM/DMARC, and secure email gateways.
• Architect and manage end-to-end vulnerability management lifecycle, including scanning, assessment, remediation, and reporting.
• Collaborate with SOC and threat intelligence teams to proactively address emerging threats and exposures.