Project Assurance (Security Architect)

Roles & Responsibility

1. Cloud Security
   • Deep understanding of cloud platforms (AWS, Azure, GCP) and cloud security frameworks, such as the Cloud Security Alliance (CSA).
   • Experience with cloud-native security tools, including IAM, cloud workload protection (CWP), and security posture management.
2. Identity and Access Management (IAM)
   • Proficiency in IAM protocols (OAuth, SAML, LDAP, Kerberos) and experience with SSO, MFA, and PAM solutions.
   • Knowledge of leading IAM tools like Okta, Azure AD, CyberArk, and Ping Identity.
3. Network and Infrastructure Security
   • Strong knowledge of network security architectures, such as firewalls, VPNs, WAFs, IDS/IPS, and network segmentation.
   • Familiarity with Zero Trust principles and network micro-segmentation practices.
4. Application Security and DevSecOps
   • Hands-on experience with secure coding practices and SDLC integration for security.
   • Knowledge of security testing tools (e.g., Burp Suite, OWASP ZAP, Veracode) and experience with CI/CD pipeline security integration.
5. Data Protection and Encryption
   • Familiarity with data encryption standards (e.g., AES, RSA) and key management solutions (e.g., AWS KMS, Azure Key Vault).
   • Knowledge of data classification, tokenization, and data loss prevention (DLP) tools.
6. Risk Assessment and Compliance
   • Understanding of risk management frameworks (NIST, ISO 27001) and experience conducting security risk assessments.
   • Familiarity with compliance standards (e.g., GDPR, HIPAA, PCI-DSS) and relevant certification controls.
7. Threat Modeling and Incident Response
   • Experience with threat modeling techniques and tools (e.g., Microsoft Threat Modeling Tool).
   • Knowledge of incident response frameworks and processes, and experience collaborating with SOC and IR teams.
8. Automation and Scripting
   • Proficiency with scripting languages (e.g., Python, PowerShell) for security automation.
   • Familiarity with infrastructure as code (IaC) tools (e.g., Terraform, Ansible) for secure infrastructure automation.

Requirements

1. Security Architecture Development
   • Design and implement a scalable, resilient, and secure architecture for the organization.
   • Develop and maintain comprehensive security architecture documentation, reference models, and standards.
   • Assess and select security technologies and tools based on business and technical requirements.
2. Risk Management and Threat Modeling
   • Conduct regular risk assessments and threat modeling exercises to identify potential vulnerabilities and attack vectors.
   • Develop strategies to mitigate identified risks, aligning with business and regulatory requirements.
   • Work closely with stakeholders to integrate security within risk management frameworks and develop mitigative controls.
3. Cloud and Hybrid Security Strategy
   • Architect and implement secure cloud and hybrid environments, including IaaS, PaaS, and SaaS deployments.
   • Establish security baselines, standards, and policies for cloud-based resources, including workload protection, identity management, and encryption.
   • Ensure multi-cloud and hybrid environments adhere to best practices and organizational security policies.
4. Identity and Access Management (IAM)
   • Design and implement Identity and Access Management (IAM) solutions, including Single Sign-On (SSO), multi-factor authentication (MFA), and Privileged Access Management (PAM).
   • Develop policies and controls around access provisioning, entitlements, and lifecycle management.
5. Network Security and Zero Trust Architecture
   • Design and implement secure network architectures, ensuring effective segmentation, firewall policies, and secure network traffic monitoring.
   • Champion the adoption of Zero Trust principles, ensuring all network transactions are verified and limited to least privilege.
6. Secure Software Development Lifecycle (SDLC)
   • Collaborate with software development and DevOps teams to integrate security into the SDLC, applying secure coding practices and vulnerability scanning.
   • Define security requirements for DevSecOps, ensuring CI/CD pipelines are integrated with security tools for static, dynamic, and runtime application security testing.
7. Data Protection and Compliance
   • Develop and implement strategies for data protection, including data encryption, tokenization, data masking, and key management.
   • Ensure adherence to relevant regulatory and compliance standards, such as GDPR, HIPAA, PCI-DSS, and SOX.
   • Lead efforts to implement data classification and handling policies based on data sensitivity and compliance requirements.
8. Incident Response and Security Operations Support
   • Provide architectural guidance and oversight for incident response teams, assisting with security incident investigations and post-incident reviews.
   • Collaborate with the SOC (Security Operations Center) to design and implement effective detection and response capabilities.
9. Security Awareness and Training
   • Support the development of security awareness programs for employees, providing guidance on best practices, social engineering prevention, and emerging threats.
   • Engage with teams across the organization to build security awareness into daily practices.
10. Technology Evaluation and Vendor Management
    • Evaluate new security technologies, vendors, and solutions, assessing their alignment with organizational goals.
    • Build strong relationships with security vendors and service providers, managing vendor risks and overseeing service delivery.