Security Architect

Job description:

• Education: A bachelor's or master's degree in Computer Science, Cybersecurity, Information Technology, or a related field is typically required for a Security Architect role. Some companies may prefer candidates with additional certifications in cybersecurity, such as Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH).
• Threat Modeling and Security by Design: Strong expertise in threat modeling and designing secure systems from the ground up (Security by Design) is essential for this role. Candidates should be able to identify potential security threats and vulnerabilities in applications and infrastructure and architect solutions to mitigate those risks.
• Privacy by Design: Knowledge of Privacy by Design principles is important for ensuring that data privacy is incorporated into the architecture of systems and applications.
• Secure Code Reviews: Significant experience in conducting secure code reviews to identify and remediate security flaws in code. This includes reviewing code written in Java, Spring, ReactJS, and other relevant programming languages.
• VAPT (Vulnerability Assessment and Penetration Testing): Experience in coordinating and analyzing vulnerability assessment and penetration testing activities to identify and address security weaknesses in systems.
• SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing): Proficiency in using SAST and DAST tools and methodologies to assess the security of applications and APIs.
• Java, Spring, ReactJS, and AWS: Strong technical background and hands-on experience in Java, Spring, ReactJS, and AWS technologies is preferred, as these are common technologies used in modern software development and cloud environments.
• Security Frameworks and Standards: Familiarity with security frameworks and standards, such as NIST Cybersecurity Framework, ISO 27001, OWASP Top Ten, and CIS Controls, is important for aligning security practices with industry best practices.
• Cloud Security: Knowledge of cloud security principles and best practices, specifically within AWS environments, is important for designing secure and compliant cloud-based solutions.
• Communication and Leadership: Excellent communication skills to collaborate with cross-functional teams, stakeholders, and executive management. Security Architects are often involved in making critical security decisions and must effectively convey the importance of security measures to different audiences.
• Experience: Typically, candidates for a Security Architect role are expected to have 10 to 15 years of experience in the field of cybersecurity, with a significant portion of that time spent in security architecture and design.