Overview
The Security Architect is responsible for defining, governing, and evolving the organization’s security architecture strategy to ensure secure, resilient, and compliant ICT systems. This role leads the integration of security-by-design principles into the full lifecycle of ICT solutions.
Key Responsibilities
- Translate security requirements into scalable architecture patterns aligned with NIST CSF, ISO 27001, CIS Controls v8, and Zero Trust.
- Lead the development of security architecture blueprints for cloud-native and hybrid environments.
- Drive architectural governance and participate in design review boards.
- Review and approve solution architectures, technical designs, and integration patterns from a security perspective.
- Define security reference architectures and reusable security components.
- Collaborate with teams to embed security into platform and application designs.
- Ensure consistent application of security principles across the organization.
- Continuously evolve the security architecture based on threat intelligence, emerging risks, and changes in business or technology strategy.
- Partner with teams to drive a unified DevSecOps culture and implement governance frameworks.
- Contribute to policies and standards development, security assessments, and audit readiness.
- Own and enhance the Secure Software Development Lifecycle.
- Perform and lead secure design reviews, threat modeling, and code security assessments.
- Drive developer enablement through playbooks, training materials, and workshops.
- Design and implement secure CI/CD pipelines with integrated tools.
- Automate security gates in build/test/deploy stages across multi-cloud environments.
- Enforce security guardrails using policy-as-code.
- Define and implement cloud-native security controls on-prem and on-public-cloud.
- Secure container workloads and container scanning tools.
- Implement workload identity, least privilege, and multi-cluster runtime protections.
- Secure REST and GraphQL APIs.
- Build controls around third-party libraries, packages, and image repositories.
- Drive adoption of secure artifact signing and provenance validation in the CI/CD process.
- Perform any other duties as required by the supervisor.
Required Experience
- At least 5 years of experience in a large and complex IT enterprise environment.
- Proven hands-on multi-year experience in security roles, with at least 3+ years as a Security Architect.
- Proven experience implementing DevSecOps practices in enterprise-level CI/CD pipelines.
Qualifications
- University degree (3 to 4 years) in computer science, information security, or related field, or specialized higher education establishment.
- One or more of the following industry certifications: SABSA, CISSP, CISM, CRISC, ISO 27001 Lead Implementer, CSSLP, GSSCS, DevSecOps Practitioner, CCSP, CKS, GCSA, API Security Engineer, OpenSSF, SANS GSSCS.
