Job Title: Security Architect
Experience: 8+ Years
About the Role
We are seeking an experienced Security Architect to lead and design the end-to-end security architecture of a hybrid VDI platform across cloud (AWS/Azure/GCP) and on-premises environments. This role focuses on building secure, scalable, and compliant infrastructure by implementing robust security frameworks, threat modelling, IAM controls, and governance practices.
Key Responsibilities
Security Architecture & Design
- Define and own security architecture for hybrid VDI environments (cloud + on-prem)
- Design zero-trust architecture, micro-segmentation, and least-privilege access models
- Establish security standards, policies, and governance frameworks
- Create reference architectures and enforce security guardrails
Infrastructure as Code (IaaC) Security
- Review Terraform code for vulnerabilities and misconfigurations
- Define secure IaaC standards and module baselines
- Integrate tools like tfsec, Checkov, Terrascan, and Snyk IaC into CI/CD pipelines
- Implement policy-as-code using OPA or Sentinel
- Collaborate with DevOps teams for remediation and secure deployments
Threat Modelling & Risk Management
- Perform threat modelling and vulnerability assessments
- Maintain risk registers and drive mitigation strategies
- Ensure timely resolution of security issues
Cloud & On-Prem Security
- Design secure cloud architecture (IAM, VPC, security groups)
- Implement secrets management and key management (Vault, KMS, HSM)
- Architect secure connectivity (VPN, SD-WAN, Direct Connect, ExpressRoute)
- Define on-prem network security (firewalls, DMZ, VLANs, IDS/IPS)
Identity & Access Management (IAM)
- Design SSO, MFA, and PAM solutions
- Integrate with AD, LDAP, SAML/OIDC identity providers
- Define access policies for administrators and users
Compliance & Governance
- Lead ISO certifications (27001, 27017, 27018, 27701, 20000, 22301)
- Align security controls with CIS, NIST, and SOC 2
- Drive audits, assessments, and certification renewals
Required Skills & Qualifications
- 8+ years in cybersecurity, including 3+ years as Security Architect
- Strong experience in hybrid cloud and on-prem security
- Hands-on expertise in Terraform and IaaC security
- Experience with security tools (tfsec, Checkov, Terrascan, Snyk IaC)
- Knowledge of policy-as-code (OPA/Sentinel)
- Expertise in VDI security (VMware Horizon, Citrix, RDP)
- Strong understanding of zero-trust and network security
- Proficiency in IAM (AD, LDAP, SAML, OIDC, MFA, PAM)
- Experience with ISO security frameworks and certification processes
- Bachelor's or Master's degree in relevant field
Preferred Certifications
- CISSP
- CISM
- ISO 27001 Lead Implementer/Auditor
- CEH
- AZ-500 / SC-100 / AZ-305
Preferred Skills
- Experience with SD-WAN and hybrid connectivity solutions
- Familiarity with SIEM/SOAR tools (Splunk, Sentinel, Qualys)
- Exposure to DevSecOps and CI/CD security practices
- Knowledge of Kubernetes/container security
- Experience with secrets management tools (Vault, AWS Secrets Manager, Azure Key Vault)
