Cybersecurity Architect

We are seeking a Cybersecurity Architect to define and govern the end-to-end security architecture for platform capabilities and vendor-delivered solutions. The role ensures secure-by-design implementation across cloud-agnostic deployments.

You will establish security standards, reference architectures, and assurance processes covering identity, network segmentation, application security, data protection, and operational security monitoring . Working with stakeholders, vendors, and operations teams, the architect drives threat modeling, security controls validation, and compliance evidence readiness , including SIEM/SOAR integration, vulnerability management, and incident response procedures. The role ensures consistent security posture across multi-tenant environments and multiple cloud platforms.

Key Responsibilities

• Define security reference architecture and baseline controls for cloud, Kubernetes, applications, and data services.
• Lead security governance : design reviews, threat modeling, security exceptions, and risk acceptance processes.
• Define identity and access controls (Entra ID, RBAC, PIM/JIT, conditional access, service principals, secrets management).
• Design network security architecture (segmentation/trust zones, private endpoints, WAF, egress controls, firewall policies).
• Establish application security standards (OWASP, secure SDLC, SAST/DAST, dependency/SBOM, container image signing).
• Define data security controls (classification, encryption/CMK/HSM, DLP, key management, retention, secure deletion).
• Own security monitoring requirements and integrations : Defender for Cloud (CSPM/CWPP), Sentinel (SIEM), SOAR playbooks, alert tuning.
• Define vulnerability management and patching processes for OS/Kubernetes/runtime components, including SLA targets and reporting.
• Support incident response readiness : runbooks, tabletop exercises, forensic logging, evidence handling, and post-incident improvements.
• Provide assurance of vendor deliverables and go-live readiness (pen test coordination, remediation validation, compliance evidence packs).

Skills & Abilities

• Deep understanding of cloud security architecture, zero-trust networking, and Kubernetes/container security .
• Strong capability in IAM design and privileged access governance in regulated environments.
• Ability to translate risk and compliance requirements into practical technical controls and acceptance criteria .
• Experience implementing security monitoring, detection engineering, and incident response processes .
• Strong stakeholder influence and ability to enforce standards across multiple vendors and teams.

Education & Experience

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity ; Master’s degree highly preferred.
• 8+ years in cybersecurity architecture or security engineering roles in government, telco, finance, or critical infrastructure.
• Hands-on experience securing Azure and at least one other cloud (GCP/AWS), including hybrid connectivity and shared responsibility.
• Proven experience with SIEM (Microsoft Sentinel preferred) and CSPM/CWPP (Defender for Cloud preferred).
• Experience with secure SDLC, vulnerability management, penetration testing coordination, and remediation programs .
• Relevant certifications preferred: CISSP/CCSP, CISM, Azure Security Engineer, CKA/CKS, ISO 27001 awareness .

Preferred Tools

• Security posture & SIEM: Microsoft Defender for Cloud, Microsoft Sentinel, SOAR playbooks
• Container/Kubernetes security: image scanning (Trivy/Anchore), policy-as-code (OPA/Gatekeeper), cosign/Sigstore, Kubernetes audit tools
• Identity & secrets: Azure Entra ID, PIM, Key Vault/KMS/HSM, PAM tooling

Soft Skills

• Risk-based decision-making and ability to articulate trade-offs clearly
• Strong facilitation of threat modeling and security design reviews
• Clear, structured documentation and compliance evidence mindset
• Calm, decisive leadership during incidents and high-pressure situations
• Collaborative approach that enables delivery while maintaining security standards