Qureos

FIND_THE_RIGHTJOB.

companyLogo
Tata Digital

Lead Architect - Network Security

JOB_REQUIREMENTS

Hires in

Not specified

Employment Type

Not specified

Company Location

Not specified

Salary

Not specified

About Us: Tata Digital is a future-ready company that focuses on creating consumer-centric, high-engagement digital products. By creating a holistic presence across various touchpoints, we aim to be the trusted partner of every consumer and delight them by powering a rewarding life. The company's debut offering, Tata Neu, provides an integrated rewards experience across various consumer categories like groceries, fashion and electronics, travel and hospitality, health and fitness, and financial services on a single platform. Founded in 2019, Tata Digital Private Limited is a wholly owned subsidiary of Tata Sons Private Limited.

Our Culture: We cultivate a culture of innovation, inclusion for all employees and respect their individual strengths, views, and experiences. We thrive on the diversity of our talent in all forms and see it as a strength in building high performance teams across brands. As we rewrite commerce in India, change is the only constant in our day to day lives.

Role Overview: The Cloud and Network Security Architect is responsible for designing and reviewing secure architecture across multicloud (AWS, Azure, GCP) and enterprise networks, enabling secure, scalable, and compliant infrastructure for applications and services. This includes network segmentation, perimeter security (WAF, DDoS, Bot Management), Network Reviews, CSPM/CNAPP deployment, and security hardening of cloud-native and hybrid workloads.

Key Responsibilities:
Cloud Security Architecture (Multicloud)
  • Design and implement secure landing zones in AWS, Azure, and GCP, including account structure, VPC/VNet, IAM, and governance.
  • Define and enforce guardrails via Service Control Policies, Azure Policies, and Organization-level controls.
  • Implement, configure and manage CSPM and CNAPP tools (e.g., Wiz, Prisma Cloud, Orca) to monitor misconfigurations, vulnerabilities, and exposure.
  • Architect secure use of PaaS services, Kubernetes clusters (EKS, AKS, GKE), serverless, and containerized workloads.
  • Embed security architecture into DevOps pipelines and Infrastructure as Code (IaC) using Terraform or CloudFormation.

Network Security Architecture & Segmentation
  • Design secure network segmentation models (north-south, east-west) across cloud and hybrid networks.
  • Architect and maintain DMZs, internal service zones, bastion networks, and shared services VPCs/VNets.
  • Define micro segmentation policies using NSGs, Security Groups, and firewall rules.
  • Integrate Zero Trust Network Access (ZTNA) principles across user and service connectivity paths.

Perimeter & Edge Security
  • Architect and implementation of Web Application Firewalls (WAFs) across platforms (Akamai, Cloudflare, AWS WAF, Azure WAF).
  • Manage and configure policies of WAF, Bot Manager, DDoS protection
  • Integrate Bot Manager policies to protect APIs and customer-facing portals from automated abuse.
  • Define public/private endpoint strategy for critical services, APIs, and admin interfaces.

Security Hardening & Configuration Management
  • Define and enforce cloud service hardening baselines using CIS Benchmarks or custom policies.
  • Harden cloud-native network services (e.g., VPC peering, Private Link, Transit Gateway, Azure VNet Peering).
  • Review and optimize NSGs, Security Groups, firewall configurations, and VPC routing for least privilege.
  • Ensure encryption at rest/in transit, disable insecure protocols, and enforce TLS version control.

Cloud Identity & Access Management (IAM)
  • Architect federated access (SSO, SAML/OIDC) for cloud platforms using Identity Providers (Azure AD, Okta, etc.).
  • Design and enforce least privilege roles, permission boundaries, and JIT access controls.
  • Monitor and remediate privilege escalations, excessive permissions, and service account risks.

Security Monitoring & Compliance Enablement
  • Define architecture to support SIEM integration from cloud logs
  • Enable audit logging and threat detection integrations across CNAPP, WAF, DDoS, and network logs.
  • Support evidence generation for PCI DSS, RBI, and ISO 27001 audits and assessments.

Qualifications:
  • 8-10 years of hands-on experience in cloud and network security engineering or architecture
  • Strong understanding of OSI model, routing, VPNs, firewall technologies, WAF, DDoS, Bot Manager solution
  • Strong knowledge of cloud-native network security controls.
  • Hands-on experience in architecting secure, scalable, and compliant cloud infrastructure.
  • CISSP or GIAC GSEC/GXPN (plus, not mandatory)

Similar jobs

Kiara Global Services logo
L2 (SD-WAN Operations & Maintenance)

Kiara Global Services

India

5 days ago

SAP logo
Azure Security Architect - Cloud Security

SAP

India

5 days ago

Grant Thornton logo
Asst. Manager Application & Product Security (DevSecOps & AI Security)

Grant Thornton

India

5 days ago

Grant Thornton logo
Asst. Manager - Network Security - CrowdStrike Falcon EDR & Server Security Specialist

Grant Thornton

India

5 days ago

Microland logo
Associate Technical Architect - Network & Security (NS2)

Microland

India

5 days ago

Nagarro logo
Associate Staff Engineer (Devops)

Nagarro

India

5 days ago

Honeywell logo
Advanced Cyber Sec Archt/Engr

Honeywell

India

5 days ago

© 2025 Qureos. All rights reserved.

Term of usePrivacy policy