Security Architect

Job Description

Location: Dubai (Onsite)

About PureCS:

PureCS is the technology and digital services arm of PureHealth, focused on building scalable, secure, and intelligent platforms across healthcare. We work on complex data, AI, and platform problems at enterprise scale, enabling better outcomes through trusted and governed data products.

Job Summary

The ideal candidate combines deep technical expertise with architectural thinking, ensuring systems are secure, resilient, and compliant with cybersecurity standards and regulatory requirements.

Key Responsibilities

• Develop security policies, procedures, and technical controls for AI systems and emerging technologies.
• Conduct AI security assessments and threat modeling; define and recommend mitigation strategies.
• Collaborate closely with AI and software engineering teams to integrate security across the AI lifecycle.
• Stay current with AI security threats, attack techniques, and industry trends.

• Define, document, and maintain enterprise security architecture standards and roadmaps aligned with business objectives.
• Perform architecture lifecycle activities including threat modeling, solution design reviews, and security assessments.
• Evaluate, design, and recommend security controls and solutions for cloud, hybrid, and emerging technologies.

• Apply and enforce secure-by-design principles (Zero Trust, least privilege, defense-in-depth).
• Assess and ensure alignment with cybersecurity frameworks and regulations (NIST CSF, CIS Controls, MITRE ATT&CK, local and sector regulations).
• Develop cybersecurity guidelines, baseline requirements, and actionable implementation of roadmaps.
• Assist Senior Architects in designing, developing, and maturing a scalable security architecture program aligned with the enterprise security strategy.

• Embed security requirements, architecture patterns, and assessment checkpoints into SDLC and DevSecOps processes.
• Conduct product deployment, configuration, and security posture assessments across environments.
• Provide hands-on guidance and training on secure coding and secure development practices.

• Perform security gap analyses, risk assessments, and control effectiveness evaluations across enterprise and AI platforms.
• Assess and advise on identity, access management, and privilege controls as part of enterprise security architecture.
• Document identified and residual risks, define remediation plans, and continuously communicate risk posture to stakeholders.
• Contribute to RFPs, tenders, product evaluations, and security requirements for definition.
• Perform third-party and vendor security assessments and assurance activities.

• Plan and execute security awareness initiatives, including phishing simulations and targeted technical training programs.

• Prepare executive-level summaries on security posture, key security issues, and remediation progress.
• Track and validate the closure of identified security issues to ensure effective and timely risk reduction.

• Collaborate with internal teams, including Enterprise IT, application and infrastructure, to support daily security operations and architecture assessments.

Qualifications & Skills

• Bachelor's degree in computer science, Cybersecurity, or a related field.
• Desirable: CISSP, CISM, or equivalent certifications.
• Architecture-focused certifications (at least one required): CISSP-ISSAP, GDSA, SC-100, SABSA, TOGAF.
• AI security certifications (good to have): AAISM, AIGP.

• 4–7 years of experience in cybersecurity architecture, enterprise security, or AI/security assessments.
• Hands-on experience securing cloud (Azure, AWS, GCP), hybrid environments, VMware, OpenShift, enterprise applications, and network infrastructure.

• Strong knowledge of threat modeling methodologies (STRIDE, MAESTRO, MITRE ATT&CK), penetration testing concepts, and secure architecture principles.
• Proven experience developing security architectures, roadmaps, blueprints, and reference frameworks.
• Familiarity with compliance frameworks such as NIST CSF, CIS Controls, and sector-specific regulations (e.g., health).

• Strong stakeholder engagement and advisory skills.
• Ability to clearly articulate complex security risks to both technical and executive audiences.