We are seeking a Cybersecurity Architect to define and govern the end-to-end security architecture for platform capabilities and vendor-delivered solutions. The role ensures secure-by-design implementation across cloud-agnostic deployments.

You will establish security standards, reference architectures, and assurance processes covering identity, network segmentation, application security, data protection, and operational security monitoring. Working with stakeholders, vendors, and operations teams, the architect drives threat modeling, security controls validation, and compliance evidence readiness, including SIEM/SOAR integration, vulnerability management, and incident response procedures. The role ensures consistent security posture across multi-tenant environments and multiple cloud platforms.

Key Responsibilities

• Define security reference architecture and baseline controls for cloud, Kubernetes, applications, and data services.
• Lead security governance: design reviews, threat modeling, security exceptions, and risk acceptance processes.
• Define identity and access controls (Entra ID, RBAC, PIM/JIT, conditional access, service principals, secrets management).
• Design network security architecture (segmentation/trust zones, private endpoints, WAF, egress controls, firewall policies).
• Establish application security standards (OWASP, secure SDLC, SAST/DAST, dependency/SBOM, container image signing).
• Define data security controls (classification, encryption/CMK/HSM, DLP, key management, retention, secure deletion).
• Own security monitoring requirements and integrations: Defender for Cloud (CSPM/CWPP), Sentinel (SIEM), SOAR playbooks, alert tuning.
• Define vulnerability management and patching processes for OS/Kubernetes/runtime components, including SLA targets and reporting.
• Support incident response readiness: runbooks, tabletop exercises, forensic logging, evidence handling, and post-incident improvements.
• Provide assurance of vendor deliverables and go-live readiness (pen test coordination, remediation validation, compliance evidence packs).

Skills & Abilities

• Deep understanding of cloud security architecture, zero-trust networking, and Kubernetes/container security.
• Strong capability in IAM design and privileged access governance in regulated environments.
• Ability to translate risk and compliance requirements into practical technical controls and acceptance criteria.
• Experience implementing security monitoring, detection engineering, and incident response processes.
• Strong stakeholder influence and ability to enforce standards across multiple vendors and teams.

Education & Experience

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity; Master’s degree highly preferred.
• 8+ years in cybersecurity architecture or security engineering roles in government, telco, finance, or critical infrastructure.
• Hands-on experience securing Azure and at least one other cloud (GCP/AWS), including hybrid connectivity and shared responsibility.
• Proven experience with SIEM (Microsoft Sentinel preferred) and CSPM/CWPP (Defender for Cloud preferred).
• Experience with secure SDLC, vulnerability management, penetration testing coordination, and remediation programs.
• Relevant certifications preferred: CISSP/CCSP, CISM, Azure Security Engineer, CKA/CKS, ISO 27001 awareness.

Preferred Tools

• Security posture & SIEM: Microsoft Defender for Cloud, Microsoft Sentinel, SOAR playbooks
• Container/Kubernetes security: image scanning (Trivy/Anchore), policy-as-code (OPA/Gatekeeper), cosign/Sigstore, Kubernetes audit tools
• Identity & secrets: Azure Entra ID, PIM, Key Vault/KMS/HSM, PAM tooling

Soft Skills

• Risk-based decision-making and ability to articulate trade-offs clearly
• Strong facilitation of threat modeling and security design reviews
• Clear, structured documentation and compliance evidence mindset
• Calm, decisive leadership during incidents and high-pressure situations
• Collaborative approach that enables delivery while maintaining security standards