Cybersecurity Architect

Overview

Cybersecurity Architect

Key Responsibilities

• Define
• security reference architecture and baseline controls
• for cloud, Kubernetes, applications, and data services.
• Lead
• security governance
• : design reviews, threat modeling, security exceptions, and risk acceptance processes.
• Define
• identity and access controls
• (Entra ID, RBAC, PIM/JIT, conditional access, service principals, secrets management).
• Design
• network security architecture
• (segmentation/trust zones, private endpoints, WAF, egress controls, firewall policies).
• Establish
• application security standards
• (OWASP, secure SDLC, SAST/DAST, dependency/SBOM, container image signing).
• Define
• data security controls
• (classification, encryption/CMK/HSM, DLP, key management, retention, secure deletion).
• Own
• security monitoring requirements and integrations
• : Defender for Cloud (CSPM/CWPP), Sentinel (SIEM), SOAR playbooks, alert tuning.
• Define
• vulnerability management and patching processes
• for OS/Kubernetes/runtime components, including SLA targets and reporting.
• Support
• incident response readiness
• : runbooks, tabletop exercises, forensic logging, evidence handling, and post-incident improvements.
• Provide
• assurance of vendor deliverables and go-live readiness
• (pen test coordination, remediation validation, compliance evidence packs).

Skills & Abilities

• Deep understanding of
• cloud security architecture, zero-trust networking, and Kubernetes/container security
• .
• Strong capability in
• IAM design and privileged access governance
• in regulated environments.
• Ability to translate
• risk and compliance requirements into practical technical controls and acceptance criteria
• .
• Experience implementing
• security monitoring, detection engineering, and incident response processes
• .
• Strong
• stakeholder influence
• and ability to enforce standards across multiple vendors and teams.

Education & Experience

• Bachelor’s degree in

Computer Science, Information Technology, Cybersecurity

• ; Master’s degree highly preferred.
• **8+ years**
• in cybersecurity architecture or security engineering roles in government, telco, finance, or critical infrastructure.
• Hands-on experience securing
• Azure and at least one other cloud
• (GCP/AWS), including hybrid connectivity and shared responsibility.
• Proven experience with

SIEM

Cspm/Cwpp

• (Defender for Cloud preferred).
• Experience with
• secure SDLC, vulnerability management, penetration testing coordination, and remediation programs
• .
• Relevant certifications preferred:
• CISSP/CCSP, CISM, Azure Security Engineer, CKA/CKS, ISO 27001 awareness
• .

Preferred Tools

• **Security posture & SIEM:**
• Microsoft Defender for Cloud, Microsoft Sentinel, SOAR playbooks
• **Container/Kubernetes security:**
• image scanning (Trivy/Anchore), policy-as-code (OPA/Gatekeeper), cosign/Sigstore, Kubernetes audit tools
• **Identity & secrets:**
• Azure Entra ID, PIM, Key Vault/KMS/HSM, PAM tooling

Soft Skills

• Risk-based
• decision-making
• and ability to articulate trade-offs clearly
• Strong facilitation of
• threat modeling and security design reviews
• Clear, structured
• documentation and compliance evidence mindset
• Calm, decisive leadership during
• incidents and high-pressure situations
• **Collaborative approach**
• that enables delivery while maintaining security standards