Senior Cyber Security Architect

Key Responsibilities:

• Lead the design and implementation of security architectures for enterprise applications, platforms, and APIs.
• Develop and maintain security standards, guidelines, and best practices for application development and integration.
• Conduct security risk assessments and threat modeling for new and existing enterprise applications and platforms.
• Collaborate with development teams to ensure security is integrated throughout the software development lifecycle (SDLC).
• Design and oversee the implementation of authentication, authorization, and access control mechanisms for APIs and platforms.
• Evaluate and recommend security tools and technologies for application and API security.
• Develop and maintain security documentation, including architecture diagrams, policies, and procedures.
• Provide expert guidance on secure coding practices and application security testing methodologies.
• Stay current with emerging threats, vulnerabilities, and security technologies in the application and API security space.
• Participate in incident response planning and execution related to application security incidents.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field. Master's degree preferred.
• 8 years of experience in IT security, with at least 5 years specializing in application security architecture.
• Deep understanding of enterprise application architectures, microservices, and API security principles.
• Strong knowledge of OWASP Top 10, SANS Top 25, and other industry-standard security frameworks.
• Expertise in secure software development practices and secure SDLC methodologies.
• Proficiency in cloud security architectures (AWS, Azure, Google Cloud Platform) and container security.
• Experience with identity and access management (IAM) solutions and federated authentication protocols.
• Familiarity with DevSecOps practices and tools.
• Strong understanding of cryptography and key management systems.
• Experience with security information and event management (SIEM) systems and log analysis.
• Knowledge of relevant compliance standards (e.g., PCI DSS, HIPAA, SOC 2, ISO 27001).

Additional Qualifications (Nice to Have):

• Relevant security certifications such as CISSP, CSSLP, CCSP, or SABSA.
• Experience with threat modeling methodologies (e.g., STRIDE, DREAD).
• Familiarity with application security testing tools (SAST, DAST, IAST).
• Understanding of network security principles and architectures.
• Experience with secure API gateway solutions and API management platforms.
• Knowledge of serverless architectures and their security implications.
• Familiarity with blockchain technology and associated security considerations.

Soft Skills:

• Excellent communication skills, with the ability to explain complex security concepts to both technical and non-technical audiences.
• Strong analytical and problem-solving skills.
• Ability to work collaboratively in cross-functional teams.
• Leadership experience in driving security initiatives across an organization.
• Adaptability and willingness to learn new technologies and security approaches.

This role offers an exciting opportunity to shape the security posture of our enterprise applications and platforms. The successful candidate will play a crucial role in ensuring the confidentiality, integrity, and availability of our systems and data.