Job Summary The Security Architect is responsible for designing and governing enterprise‑level security frameworks, with a particular focus on embedding security into the Software Development Lifecycle (SDLC). This role ensures that security principles, controls, and risk mitigation strategies are integrated across all phases of development, from requirements gathering to deployment and maintenance. The architect develops and maintains security reference architectures, establishes reusable design patterns, and acts as the final authority on high‑risk system designs. By collaborating with engineering, governance, and executive stakeholders, the Security Architect drives consistency in identity management, trust models, telemetry, and control integration, ensuring that security is a foundational element of the organization's technology strategy.
Key Responsibilities
- Develop and implement security frameworks within the SDLC to ensure secure design, coding, testing, and deployment practices.
- Create and maintain enterprise security reference architectures and reusable design patterns.
- Conduct threat modeling, risk assessments, and vulnerability analysis across applications and infrastructure.
- Collaborate with engineering teams to embed security controls into development pipelines.
- Provide expert guidance on identity and access management, encryption, and network/application security.
- Act as a subject matter expert for high‑risk system designs and architecture reviews.
- Partner with governance and compliance teams to align security practices with regulatory requirements.
- Deliver executive‑level reports and recommendations on security posture and risk mitigation strategies.
Qualification Requirements
Certifications: CISSP, CISM, CCSP, SABSA, or equivalent. Cloud security certifications (AWS, Azure, Google) are highly desirable.
Experience:
- 3-8 years of progressive experience in information security.
- Proven expertise in embedding security into SDLC frameworks.
- Hands‑on experience with secure coding practices, threat modeling, and vulnerability management.
- Strong background in identity and access management, encryption, and application/network security.
Skills:
- Ability to design and maintain enterprise security architectures.
- Excellent stakeholder management and communication skills.
- Strong analytical and problem‑solving abilities with a proactive approach to risk mitigation.