Cybersecurity Design/Reviewer Architect

About The Position

Requirements

• 4+ years’ experience in one or more technical roles (focusing on application security and cloud security).
• Prior experience in performing Threat Modeling, Secure Design Reviews or Secure Architecture Reviews.
• Degree in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security.
• Practical knowledge of the most common cybersecurity vulnerabilities - e.g., OWASP Top 10 and cloud security gaps.
• Strong experience with AWS security services and best practices (e.g., IAM, Security Groups, KMS, CloudTrail, GuardDuty, Inspector).
• Knowledge of authentication and authorization protocols, including OAuth, OIDC, and SAML.
• Knowledge of secure coding practices.
• Familiarity with Security standards such as OWASP Testing Guide, OWASP ASVS, NIST, and SANS Top 20.
• Knowledge of common security controls and how they apply to different architectures and systems, including but not limited to authentication, monitoring, input validation, and secure configuration.
• Experienced in application vulnerability assessment and penetration testing. Proficient with security tools such as scanners, debuggers, and HTTP proxies.
• Familiarity with modern and common web stack technologies (e.g., HTTP/2, HTML5, REST, etc.) and platforms (e.g., Spring Boot, React, NodeJS, Python, MS SQL, PostgreSQL, MongoDB, etc.).
• Knowledge of core cryptography (encoding, encryption, hashing, protocols) and their use and vulnerabilities in applications, such as TLS and algorithm-specific attacks.
• Strong English communication skills, both written and verbal, to effectively convey risks to technical and management stakeholders.
• Demonstrated ability to keep up-to-date with evolving security threats, vulnerabilities, and mitigation strategies through continuous learning and professional development.

Nice To Haves

• Understanding of network security vulnerabilities and associated risks.
• Proficient in operating system hardening and security protection
• Ability to conduct risk assessments for emerging technologies such as AI/ML.
• Experience in doing architecture review of Mobile applications.
• Understanding Kubernetes security principles and practices.
• Proficiency in cybersecurity principles and practices related to Azure and GCP.
• Experience with securing trading and payments platforms, including knowledge of relevant compliance requirements (e.g., PCI DSS).
• Knowledge of data Protection Strategies (data encryption at rest/in transit, access control policies, data masking, tokenization, data loss prevention, regular backups, etc.)
• Experience with infrastructure-as-code tools such as Terraform, CloudFormation or AWS CDK.
• Experience in crafting custom proof-of-concept application exploits using testing tools/frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc.
• Certifications and training in related areas (e.g., AWS Certified Security - Specialty, GCP Cloud Security Engineer, Azure Security Engineer Associate).

Responsibilities

• Conduct cybersecurity design reviews, including those for AI and machine learning solutions, challenging and validating architectures prepared by development teams to ensure robust security practices are embedded from the start.
• Serve as a cybersecurity advisor, providing expert guidance and best practices to teams on secure design and implementation strategies, with a particular emphasis on web applications and AWS infrastructure.
• Drive organizational change by creating, documenting, and promoting effective security patterns, and actively supporting developers in applying them within their projects.
• Conduct Read-out Calls with the business to articulate risk and recommend a mitigation strategy.
• Analyse reports and findings from penetration tests and code reviews, guiding development teams in the effective resolution of identified security issues.
• Mentor and support junior team members, fostering their growth and development within the cybersecurity discipline.