Enterprise Security Architect (Information Security Specialist)

1.

Design and maintain enterprise security architecture based on industry frameworks (SABSA, TOGAF, NIST, Zero Trust).

2.

Develop and document security models, including conceptual, logical, and physical architecture diagrams.

3.

Define security requirements for new systems, applications, cloud services, and data flows.

4.

Perform threat modeling and risk assessments for projects and solutions.

5.

Evaluate security technologies (IAM, DLP, EDR, SIEM, WAF, CASB, SWG, ZTNA) and recommend suitable solutions.

6.

Design secure network architectures, including segmentation, DMZ, micro-segmentation, and secure communication channels.

7.

Architect cloud security controls across IaaS, PaaS, SaaS using Azure, AWS, OCI best practices.

8.

Develop data protection strategies, including encryption, key management, tokenization, and data classification.

9.

Review solution designs and HLD/LLD to ensure compliance with security standards and frameworks.

10.

Lead security architecture reviews for new projects, integrations, and major system upgrades.

11.

Define identity and access management strategies, including RBAC/ABAC, MFA, and privileged access models.

12.

Collaborate with SOC, GRC, DevOps, and Network teams to align technology, monitoring, and governance.

13.

Develop reference architectures and security blueprints for repeatable implementation.

14.

Assess third-party vendors and technologies for security risks and architecture compliance.

15.

Implement Defense-in-Depth strategies across network, application, data, identity, and endpoint layers to ensure layered security controls.

16.

Define and enforce Least Privilege principles across all systems, applications, and identities, ensuring minimum required access is granted.

17.

Design and manage enterprise access control models, including RBAC, ABAC, and policy-based access controls aligned with organizational requirements.

18.

Develop secure identity models, ensuring strong authentication, authorization, and policy enforcement using MFA, PAM, and centralized IAM.

19.

CISSP, with CCSP or CCSK is mandatory requirements, and more than 7 years of work experience in the relevant security domain.