Architecture & Design: Proven ability to design and document secure architectures for applications, infrastructure, networks, and cloud (AWS/Azure/GCP), using frameworks such as SABSA, TOGAF, or NIST
Security Standards & Compliance: Strong knowledge of security frameworks and regulations (e.g., ISO 27001, NIST CSF/800-53, CIS Controls, PCI DSS, SOC 2, GDPR as applicable) and ability to translate them into technical controls
Technical Expertise: Deep understanding of identity and access management, network security, endpoint security, encryption, key management, SIEM, zero trust, and secure configuration baselines
Secure SDLC & DevSecOps: Experience integrating security into CI/CD pipelines, code review practices, threat modeling, and working closely with development and platform teams to embed security by design
Risk & Threat Modeling: Ability to perform threat modeling (e.g., STRIDE), security risk assessments, and propose pragmatic risk treatment options aligned with business objectives
Cloud Security: Hands-on experience with cloud-native security controls and tools (IAM, security groups, WAF, KMS, logging/monitoring) and designing secure cloud landing zones and patterns
Certifications (Required): One or more core security certifications such as CISSP, CISM, or equivalent
Certifications (Preferred): Architecture-/cloud-focused certifications such as CCSP, AWS Certified Security – Specialty, Azure Security Engineer Associate, SABSA, or TOGAF
Stakeholder & Communication Skills: Strong ability to communicate complex security concepts to technical and non-technical stakeholders, influence design decisions, and produce clear architecture diagrams and documentation
