Role: Information Security Architect

Job Objective
Responsible to design, plan, implement, enriches the overall security posture for
a system or service, maintains security documentation and develops architecture
patterns and security approaches to new technologies.
To drive compliance goals with appropriate policies, process adherence,
and process improvisation to achieve operational objectives of incident
identification, assessment, quantification, reporting, communication, mitigation,
and monitoring security events.

 Experience: 9+ years

Key requirements -

 Design, build, implement and support enterprise-class security systems.

 Align organizational security strategy and infrastructure with overall business and
technology strategy.
 Plan, research and design robust security architectures for any IT project.
 Implement and operationalize RCSIRT, SOAR, SIEM, DLP, Network monitoring,
Forensic tools with at least 3 implementations experience on Azure Sentinel,
Splunk, Exabeam Fusion SIEM, Securonix next-generation-SIEM, XDR, CrowdStrike
Falcon, McAFee EDR, Mimecast, ProofPoint, Zscaler, McAFee, McAFee DLP,
ManageEngine Service Desk Plus & Data Security Plus, Qualys Guard, Qualys Web
Application Scanner, DeepSource, Microsoft Intune.
 Expert in Cloud Security Architecture & Implementation including vendors like
Azure, AWS, GCP, etc.,
 Should possess Integration experience with cross-platforms to improve the
overall orchestration of security tools.
 Well versed with well-known security frameworks such as ISO 27001:2013 / NIST
CSF / PCI DSS / ISO 22301 / STRIDE / MITRE / SSAE16 etc.
 Identify and communicate current and emerging security threats and design
security architecture elements to mitigate threats as they emerge.
 Implementation of security measures to meet business goals, customer needs
and regulatory requirements.
 Perform or supervise vulnerability testing, risk analyses and security assessments.
 Should be able to optimize security solutions including firewall, VPN, routers, IDS
scanning technologies and servers to meet compliance.
  work on projects with high strategic impact, setting a strategy that can be used in
the long term and across the breadth of the organization.
 Create solutions that balance business requirements with information and
cybersecurity requirements.
 Identify security design gaps in existing and proposed architectures and
recommend changes or enhancements
 Test security systems to ensure they behave as expected
 Define, Implement and maintain corporate security policies and procedures
 Train users in implementation or conversion of systems
 Respond immediately to security-related incidents and provide thorough
remedial solutions and analysis
 Regularly communicate vital information, security needs and priorities to higher
management.

Experience

 Utilizing emerging technologies to design and implement security solutions;

monitoring and improving those solutions while working with an information
security team.
 Consulting and engineering in the design and development of security best
practices; implementation of security measures to meet business goals, customer
needs and regulatory requirements.
 Well versed with well-known security frameworks such as ISO 27001:2013 / NIST
CSF / PCI DSS / ISO 22301 / STRIDE / MITRE etc.
 Information technology systems and processes, network infrastructure, data
architecture, data processes, and protocols.
 Security considerations of cloud computing, including data breaches, hacking,
account hijacking, malicious insiders, third parties, authentication, APTs, data loss
and DoS attacks.
 Information systems auditing, monitoring, controlling, and assessment process
o Incident response management.
o Risk assessment and management methodology.
 Identity and access management; tracking and creating/enforcing policies that
govern access sensitive technology resources and information assets.

Skills
 Strong security mindset.
  Strong hands-on experience of the security technologies such as SIEM, APT
threats, VA/PT, Malware analysis, Forensics, Incident response tools, DLP, NGAV,
EDR, CASB, PIM/PAM, Firewall, Proxy, Email security, Cloud Security, WAF etc.
 Developing and implementing enterprise SOC, Blue team and Read teams with
incident response, forensics, threat haunting strategy and solutions.
 Questions status quo and navigates through roadblocks.
 Security project management and planning.
 Defining problems, collecting, and analyzing data, establishing facts and drawing
valid conclusions.
 Using judgment and ingenuity in maintaining objectives and technical standards

Ability
 Self-motivating and able to work under own initiative.
 Professional with a strong work ethic.
 Able to thrive in a highly pressurized and changing environment.
 Diplomatic with the ability to interact successfully with all levels of the business.
 An ability to translate security requirements, risks and standards into easily
understood business concepts and vice versa.

Qualification
 B.E/B.Tech/M.Tech/MS in relevant field i.e. computer science, cyber security etc.
 Strong knowledge of incident management, problem management, and change
management best practices.
 Relevant industry certification such as CISA/CISM/CSA/CEH/ CISSP / SANS
GSOC /GIAC/GCFA etc. (at least two) is highly desirable.
 Superior communication skills and ability to brief senior government officials.
 Overall 9+ years of Information Security / Cybersecurity experience.
 Expertise with industry-standard frameworks (ISO, NIST, GDPR, PCI).

Location: Hyderabad/IN