Security Architect

We are looking for a highly experienced Security Architect to take a key role in evaluating the threat profile of our applications and infrastructure, while designing robust solutions to manage and minimize the threat surface. The ideal candidate will have over 10 years of security consulting experience, with deep expertise in penetration testing, vulnerability testing, and code analysis. Familiarity with active threat modeling will be an added advantage in helping build our security strategies.

• Assess and analyze the threat landscape for applications, infrastructure, and operating systems.
• Design and implement security solutions to reduce the attack surface and safeguard against potential vulnerabilities.
• Perform detailed penetration testing and vulnerability assessments, particularly focused on operating systems and infrastructure components.
• Conduct code analysis to identify and mitigate security vulnerabilities at the application level.
• Develop security strategies, policies, and standards to enhance the overall security posture.
• Lead efforts in active threat modeling to anticipate future attack vectors and design proactive defenses.
• Collaborate with development, DevOps, and IT teams to ensure secure deployment processes and continuous improvement in security practices.
• Stay updated on the latest security threats, trends, and best practices, and apply this knowledge to ongoing security initiatives.

• 10 years of security consulting or equivalent experience.
• Strong hands-on experience in penetration testing and vulnerability assessments for operating systems and infrastructure components.
• Expertise in code analysis to detect vulnerabilities and ensure secure coding practices.
• Familiarity with active threat modeling techniques to enhance security defenses.
• Deep understanding of security frameworks, protocols, and encryption techniques.
• Excellent problem-solving and analytical skills, with a proactive mindset towards emerging threats.

• Certifications such as CISSP, CEH, OSCP, or equivalent.
• Experience with cloud security (Azure, AWS, GCP).
• Familiarity with DevSecOps principles and tools.
• Knowledge of security standards such as NIST, ISO 27001, and PCI-DSS.