Cybersecurity Architect

We are seeking a Cybersecurity Architect to define and govern the end-to-end security architecture for platform capabilities and vendor-delivered solutions. The role ensures secure-by-design implementation across cloud-agnostic deployments.

You will establish security standards, reference architectures, and assurance processes covering identity, network segmentation, application security, data protection, and operational security monitoring
. Working with stakeholders, vendors, and operations teams, the architect drives threat modeling, security controls validation, and compliance evidence readiness
, including SIEM/SOAR integration, vulnerability management, and incident response procedures. The role ensures consistent security posture across multi-tenant environments and multiple cloud platforms.

• Define security reference architecture and baseline controls for cloud, Kubernetes, applications, and data services.
• Lead security governance
  : design reviews, threat modeling, security exceptions, and risk acceptance processes.
• Define identity and access controls (Entra , RBAC, PIM/JIT, conditional access, service principals, secrets management).
• Design network security architecture (segmentation/trust zones, private endpoints, WAF, egress controls, firewall policies).
• Establish application security standards (OWASP, secure SDLC, SAST/DAST, dependency/SBOM, container image signing).
• Own security monitoring requirements and integrations
  :
  Defender for Cloud (CSPM/CWPP), Sentinel (SIEM), SOAR playbooks, alert tuning.
• Define vulnerability management and patching processes for OS/Kubernetes/runtime components, including SLA targets and reporting.
• Support incident response readiness
  : runbooks, tabletop exercises, forensic logging, evidence handling, and post-incident improvements.
• Provide assurance of vendor deliverables and go-live readiness (pen test coordination, remediation validation, compliance evidence packs).

• Deep understanding of cloud security architecture, zero-trust networking, and Kubernetes/container security
  .
• Strong capability in IAM design and privileged access governance in regulated environments.
• Ability to translate risk and compliance requirements into practical technical controls and acceptance criteria
  .
• Experience implementing security monitoring, detection engineering, and incident response processes
  .
• Strong stakeholder influence and ability to enforce standards across multiple vendors and teams.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity
  ;
  Master’s degree highly preferred.
• 8+ years in cybersecurity architecture or security engineering roles in government, telco, finance, or critical infrastructure.
• Hands‑on experience securing Azure and at least one other cloud (GCP/AWS), including hybrid connectivity and shared responsibility.
• Proven experience with SIEM (Microsoft Sentinel preferred) and CSPM/CWPP (Defender for Cloud preferred).
• Experience with secure SDLC, vulnerability management, penetration testing coordination, and remediation programs
  .
• Relevant certifications preferred:
  CISSP/CCSP, CISM, Azure Security Engineer, CKA/CKS, ISO 27001 awareness
  .

• Security posture & SIEM: Microsoft Defender for Cloud, Microsoft Sentinel, SOAR playbooks
• Container/Kubernetes security: image scanning (Trivy/Anchore), policy-as-code (OPA/Gatekeeper), cosign/Sigstore, Kubernetes audit tools

• Risk‑based decision‑making and ability to articulate trade‑offs clearly
• Strong facilitation of threat modeling and security design reviews
• Clear, structured documentation and compliance evidence mindset
• Calm, decisive leadership during incidents and high‑pressure situations
• Collaborative approach that enables delivery while maintaining security standards