Urgent requirement of SM Security Architect with One of The Leading IT company for Pune Location

Job Overview

We are seeking an accomplished Security Architect with 10+ years of experience who brings a strong foundational security delivery and implementation background in AWS Cloud Architecture or in an Application Architecture, and has further developed deep expertise in cybersecurity as well. The role is focusing on low level design security architecture creation for customer requirements, RFP responses, and proposal defense. The candidate will be responsible for developing high-quality, differentiated, and compliant architecture solutions, tech stack selection, ensuring security is embedded into every proposal while aligning with business outcomes.

This is a solution Architect who will help the delivery team with low-level design and guiding for the right implementation of security during project execution. The primary responsibilities are to:

• Create Low Level Security solution architectures aligned to client requirements.
• Develop security solution sizing and costing models.
• Author compelling solution write-ups and technical documents for customer submission as per LLD
• Engage with clients.
• Define and validate the security posture for the application in AWS (confidentiality, integrity, availability).
• Ensure secure architecture & design decisions (IAM, network, data flows, encryption).
• Own/approve security controls in design and CI/CD pipelines.
• Ensure compliance with applicable standards/regs (PCI, GDPR, ISO27001, internal policies).
• Provide secure-deployment guidance, threat model, and acceptance criteria for release.

Key Responsibilities

1. Cloud & Application Security Expertise in below areas

• Define, design, and govern secure architecture for applications deployed on AWS (VPC, EKS, ECS, Lambda, RDS, etc.).
• Lead threat modeling, risk assessments, and security design reviews during application development and deployment.
• Ensure end-to-end security-by-design principles are applied across CI/CD, infra-as-code, and runtime environments.
• Establish and validate security controls aligned to AWS Well-Architected Framework (Security Pillar) and CIS benchmarks.
• Work with DevOps, Cloud, and App teams to embed DevSecOps practices — including automated scans (SAST, DAST, SCA, IaC).
• Design and enforce IAM and least-privilege access models for applications, APIs, and service accounts.
• Review and approve network security architecture (VPC, SG, NACL, WAF, Shield, API Gateway).
• Own data protection strategy including encryption (KMS), key rotation, tokenization, and secure secrets management.
• Ensure logging, monitoring, and incident response capabilities are built into delivery pipelines (CloudTrail, GuardDuty, Config, CloudWatch).
• Define and validate backup, disaster recovery, and key rotation processes to meet RTO/RPO and compliance targets.
• Collaborate with Compliance and Risk teams to meet regulatory obligations (e.g., GDPR, RBI, PCI DSS, ISO27001, SOC2).
• Drive security acceptance criteria for go-live and support handover to Security Operations / SOC teams.
• Participate in pen tests, red team exercises, and coordinate remediation of findings.

2. Technical Expectations

• Expertise in AWS native security services: IAM, KMS, CloudTrail, GuardDuty, Macie, WAF, Shield, Security Hub, Config.
• Strong knowledge of network isolation patterns — private/public subnetting, NAT, Transit Gateway, VPC peering, AWS PrivateLink.
• Experience with CI/CD security integration (GitHub Actions, Jenkins, GitLab CI, AWS CodePipeline) and security tooling (Trivy, Checkov, SonarQube, OWASP ZAP).
• Familiar with infrastructure-as-code scanning and policy enforcement (Terraform + OPA/Sentinel).
• Proven understanding of container and Kubernetes security (EKS, Pod IAM, security contexts, admission controllers).
• Proficient in data classification, encryption, and secrets management using AWS KMS, Secrets Manager, Parameter Store.
• Exposure to various security tool and  Familiarity with cryptography, VPNs, IDS/IPS, Firewall, WAF, NGFW, DDoS, PAM, IAM, SIEM/SOAR, endpoint protection, EDR, DLP, UBEA, DAM, Proxy, NAC, DNS security, Secure VPN,  antivirus, Active Directory, cybersecurity, SOC Framework, RBI guidelines, NIST, MEITY, DPDP guidelines
• Ability to perform security assessments and gap analysis for multi-account AWS organizations.
• Experience in designing DR/BCP architectures wrt security  and periodic validation.
• Provide advisory inputs to clients on emerging threats, best practices, and security strategy.
• Support practice development by creating reusable security patterns, templates, and accelerators.
• Stay abreast of industry trends, regulations, and security innovations to bring insights into proposals.

Qualifications & Skills

• Education:
  • B.Tech (mandatory) in Computer Science, Information Technology, or related discipline.
• Certifications (mandatory – at least one):
  • Cloud Architect Certifications: AWS Certified Solutions Architect – Professional,
  • Security Certifications: CISSP, CISM, CCSP, or equivalent industry-recognized certifications.
  • AWS Certified Security – Specialty (mandatory or preferred)
  • AWS Certified Solutions Architect – Professional (advantageous)
  • Hands-on experience in DevSecOps toolchain implementation
  • Exposure to hybrid/multi-cloud security design

• Security Overlay Expertise:
  • Proficiency in application security, cloud security, IAM, zero-trust, API security, and threat modelling.

Familiarity with cryptography, VPNs, IDS/IPS, Firewall, WAF, NGFW, DDoS, PAM, IAM, SIEM/SOAR, endpoint protection, EDR, DLP, UBEA, DAM, Proxy, NAC, DNS security, Secure VPN,  antivirus, Active Directory, cybersecurity, SOC Framework, RBI guidelines, NIST, MEITY, DPDP guidelines

Salary: Upto 30 LPA