Responsible for embedding security requirements and objectives into architecture lifecycle and where applicable, DevOps as per business requirements, reviewing security in technical architectures for applications, network integrations and products to ensure they meet security standards and creating security-embedded reference architectures that can be leveraged by technology functions across the firm to rapidly develop secure solutions in a multi-cloud environment
Act as a subject matter expert in areas pertaining to DevSecOps, applications, network technologies and cloud security across (but not limited to) cloud platforms such as Azure &AWS. Provide security recommendations and SME guidance to application development, technology and business teams for their design & development initiatives
Develop and maintain security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
Liaise with developers to assess security for cloud applications through architecture reviews and code scans to determine confidentiality, integrity, or availability of the software
Coordinate with DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices as necessary
Support implementation of cloud security services, including identity and access management, API security, detective controls, infrastructure security and data protection
Analyzing requirements for cloud security tools and technology and support selection and implementation of appropriate tools
Requirements :
Atleast 8 years of experience in IT and Information Security with atleast 3 years of secure design and architecture in cloud and areas such as network and application security
Bachelor’s or master’s degree in Information Technology, Computer Science, or a related work experience, or equivalent
Previous security experience in a consultancy role collaborating with internal Technology, Project and Business teams
Ability to lead security architecture discussions and articulate security recommendations with Project, Business and Technology teams in forums such as architecture review and like
Ability to build, maintain and present roadmaps for Cloud security involving Cloud security tooling and concepts to Leadership and Business teams
Experience interpreting business, technology, and threat drivers, and develop practical security roadmaps to deal with these drivers and providing guidance on building secure solutions
Understanding of information security standards/practices (e.g., CSA CCM, ISO, PCI DSS, NIST CSF, NIST 800:53 etc.), and aspects related to data security protection
Deep knowledge of cloud security posture management (such as PRISMA), cloud workload protection, Infrastructure as Code, secure logging, identity & access mechanisms, secure code management, data security in cloud, secure cloud configurations, security automation, SAST & DAST, Secure Code review analysis, API security and serverless functions security, embedding security in CI/CD pipelines for Cloud environments such as Azure, AWS and GCP
Applied knowledge of methodologies to conduct threat-modeling exercises on new applications and services
Some out of hours support maybe required
The ideal candidate will maintain one or more of the following certifications
CISSP
ISSAP
Microsoft Azure Security Technologies Certification