Network Security Architect

Document gathering and review (Arc. Handbook, application design, business requirements, applicable IMF policies, guidelines, etc.)

Architecture review and consulting preparation (e.g., questionnaire, review feedback, etc.)

Architecture information gathering meetings / workshop

Develop agreed deliverables and ongoing design/remediation consulting

Architecture handbook update (Security section)

Support project team in alignment of AppSec or other security requirements scoping, planning, delivery review and expected closure.

Review AppSec reports (TM/AR/SAST/DAST/PT) and provide remediation consulting as required

Ensure security observations from AppSec are remediated before go-live or there are approved acceptances for the same

Work with required Domain Architects or Solution Architects to ensure findings remediation through proposed solutions

Review IT controls implementation as was applicable and develop deliverables or provide remediation consulting as required

Align with FSA for all Global Application

Align with project and compliance/security services teams as needed to support security requirements

-------------Required Skills-----------

University working and thinking level, degree in business/technical/scientific area or comparable education/experience

Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred

13+ years’ work experience, Min 7 years within Information Security architecture and management. 5+ years as an IT security expert

Expert knowledge of enterprise IT infrastructure technology, systems, vulnerability management, and change management processes, especially in large scale implementations

Familiarity with frameworks such as ISO 2700x, CobiT, NIST, ISF, or SOX

Knowledge of OWASP, Secure SDLC best practices, CI/CD pipelines, encryption, identity and access management, data integrity, PKI and other related secure software design best practices

Hands-on Experience in implementing RBAC in multi tenant cloud environment to protect enterprise data

Experience working with multi-factor authentication, single sign-on, identity management or related technologies

Keeps pace with industry developments to provide best solutions for the business

Strong experience in requirement and BEF specific technologies including security controls, architecture and practices.

Working knowledge of IT Project Management and PMO methodologies

Excellent written and verbal communication skills as well as business acumen and a commercial outlook

Key Activities and Responsibilities - Threat Modeling

AppSec SME would have 7 to 10 years of Application Security Assessment Background 

BS/BE/BTECH or MCA and will Conduct quality review of the completed security assessments and provide guidance to Security Analysts as required.

Expert in conducting application security assessments including vulnerability assessment, Penetration Testing, Server Configuration Reviews, Business Impact Analysis, DAST/SAST, Threat Modeling, API Security, Mobile Security, Thick Client Apps Security,

Knowledge in DevSecOps.

Possess certifications like CEH, CHFI, CISM, CISSP, OSCP, OSCE etc will have added advantages

Knowledge on Threat modelling tools like Threatmodeler, IriusRisk etc. 

Knowledge on different security frameworks/standards like NIST,OWASP,HIPPA,PCI DSS etc