Senior IT Infrastructure Architect

Job Title: Senior IT Infrastructure Architect

Location: Bangalore, India / Chennai, India / Hanoi, Vietnam

Responsibilities

1. Security Architecture Design & Planning

Lead the design and planning of overall security architecture for large-scale enterprise IT infrastructure, covering clients, servers, network environments, and hybrid/multi-cloud platforms.

Embed data confidentiality as a core design principle across all architectural decisions, ensuring effective protection of data throughout its full lifecycle (storage, processing, transmission) against unauthorized access and leakage.

Design and implement a defense-in-depth system, building logical and physical security barriers through network segmentation (e.g., DMZ), perimeter protection, and micro-segmentation.

2. Confidentiality Technology Implementation

Lead the selection and deployment of data encryption solutions, including encryption of data at rest (e.g., disk encryption, transparent database encryption) and data in transit (e.g., TLS/SSL, IPsec VPN).

Design and optimize identity and access management (IAM) frameworks, enforcing least privilege and zero-trust architecture to ensure only authorized users and devices can access specific resources.

Plan and build key management systems to ensure the lifecycle security of encryption keys.

Evaluate and introduce technologies such as Data Loss Prevention (DLP) and Information Rights Management (IRM) to strengthen control over sensitive data.

3. Security Compliance & Risk Management

Ensure that infrastructure architecture complies with domestic and international laws, regulations, and industry standards regarding data confidentiality (e.g., Cybersecurity Law, Data Security Law, Personal Information Protection Law, Classified Protection 2.0, GDPR).

Lead security risk assessments at the infrastructure level, identify potential confidentiality threats and vulnerabilities, and develop effective mitigation and remediation plans.

Coordinate with security teams on security audits, penetration testing, and compliance inspections, and drive resolution of identified issues.

4. Technical Leadership & Team Collaboration

Act as a subject matter expert in infrastructure security, providing security architecture consulting and technical support to development, operations, and business units, integrating security requirements into the SDLC and Infrastructure as Code (IaC) processes.

Guide and review technical solutions for infrastructure-related projects to ensure they meet established security and confidentiality standards.

Track cutting-edge security technologies and threat landscapes, especially novel attack methods targeting data confidentiality, and propose innovative technical solutions.

Requirements

1. Education & Experience

Bachelor's degree or higher in Computer Science, Information Security, Network Engineering, or a related field.

8+ years of experience in IT infrastructure architecture or information security, with at least 3 years focused on security architecture design for large-scale enterprises (e.g., finance, high-tech manufacturing, internet).

Fluent in local language(s) and English.

2. Core Technical Competencies

Infrastructure Architecture: Proficient in server (x86/ARM), storage (SAN/NAS/distributed storage), networking (TCP/IP, BGP, SD-WAN), virtualization (VMware/KVM), and cloud computing (AWS/Azure/Alibaba Cloud, etc.). Proven experience in designing and implementing complex infrastructure architectures from scratch.

Data Confidentiality: Deep understanding and hands-on experience in data confidentiality protection technologies, including but not limited to:

Mastery of encryption algorithms (e.g., AES, RSA, ECC) and their use cases.

Familiarity with deployment and tuning of mainstream encryption products, DLP solutions, and key management platforms.

Expertise in IAM technologies, with experience implementing zero-trust architecture or micro-segmentation solutions.

Network Security: Solid grasp of firewall, WAF, IDS/IPS principles and configuration, with ability to design secure network topologies and access control policies.

3. Soft Skills & Certifications

Excellent technical documentation skills, with ability to independently produce high-quality architecture design documents, technical specifications, and implementation plans.

Strong cross-departmental communication, coordination, and driving skills, with ability to effectively influence technical teams and business stakeholders.

Strong logical analysis, problem decomposition, and complex technical troubleshooting abilities.

Holding CISSP, CCSP, CISM, or equivalent security certification is preferred.

Proficiency in Chinese is a plus.