Security Architect

Job Title: Security Architect

Experience: 8+ Years

About the Role

We are seeking an experienced Security Architect to lead and design the end-to-end security architecture of a hybrid VDI platform across cloud (AWS/Azure/GCP) and on-premises environments. This role focuses on building secure, scalable, and compliant infrastructure by implementing robust security frameworks, threat modelling, IAM controls, and governance practices.

Key Responsibilities

Security Architecture & Design

• Define and own security architecture for hybrid VDI environments (cloud + on-prem)
• Design zero-trust architecture, micro-segmentation, and least-privilege access models
• Establish security standards, policies, and governance frameworks
• Create reference architectures and enforce security guardrails

Infrastructure as Code (IaaC) Security

• Review Terraform code for vulnerabilities and misconfigurations
• Define secure IaaC standards and module baselines
• Integrate tools like tfsec, Checkov, Terrascan, and Snyk IaC into CI/CD pipelines
• Implement policy-as-code using OPA or Sentinel
• Collaborate with DevOps teams for remediation and secure deployments

Threat Modelling & Risk Management

• Perform threat modelling and vulnerability assessments
• Maintain risk registers and drive mitigation strategies
• Ensure timely resolution of security issues

Cloud & On-Prem Security

• Design secure cloud architecture (IAM, VPC, security groups)
• Implement secrets management and key management (Vault, KMS, HSM)
• Architect secure connectivity (VPN, SD-WAN, Direct Connect, ExpressRoute)
• Define on-prem network security (firewalls, DMZ, VLANs, IDS/IPS)

Identity & Access Management (IAM)

• Design SSO, MFA, and PAM solutions
• Integrate with AD, LDAP, SAML/OIDC identity providers
• Define access policies for administrators and users

Compliance & Governance

• Lead ISO certifications (27001, 27017, 27018, 27701, 20000, 22301)
• Align security controls with CIS, NIST, and SOC 2
• Drive audits, assessments, and certification renewals

Required Skills & Qualifications

• 8+ years in cybersecurity, including 3+ years as Security Architect
• Strong experience in hybrid cloud and on-prem security
• Hands-on expertise in Terraform and IaaC security
• Experience with security tools (tfsec, Checkov, Terrascan, Snyk IaC)
• Knowledge of policy-as-code (OPA/Sentinel)
• Expertise in VDI security (VMware Horizon, Citrix, RDP)
• Strong understanding of zero-trust and network security
• Proficiency in IAM (AD, LDAP, SAML, OIDC, MFA, PAM)
• Experience with ISO security frameworks and certification processes
• Bachelors or Masters degree in relevant field

Preferred Certifications

• CISSP
• CISM
• ISO 27001 Lead Implementer/Auditor
• CEH
• AZ-500 / SC-100 / AZ-305

Preferred Skills

• Experience with SD-WAN and hybrid connectivity solutions
• Familiarity with SIEM/SOAR tools (Splunk, Sentinel, Qualys)
• Exposure to DevSecOps and CI/CD security practices
• Knowledge of Kubernetes/container security
• Experience with secrets management tools (Vault, AWS Secrets Manager, Azure Key Vault)