Principal Architect – Application Security

Job Description

MAIN OBJECTIVE OF ROLE

To architect, design and communicate comprehensive security strategies, design of security solutions, to enable and guide the design and development of solutions that meet current and future business needs in alignment with corporate IT standards and security architecture guiding principles.

• Develops optimal, purpose-built IT Security solutions that align with customer requirements ensuring architecture is secure, robust, appropriate, high-quality and conform to corporate IT standards and roadmaps.
• Takes accountability for the end-to-end security architecture, including making decisions on architecture and technology.
• Develops security architecture standards, guardrails and best practices in the information, application, and technology domains and ensure awareness across IT teams.
• Conducts security architecture design reviews for applications, data and infrastructure (both cloud/on-premises) to identify gaps or discrepancies to ensure adherence to security architectural patterns and guidelines.
• Collaborates with developers and solution architects to design and implement secure application architectures, ensuring secure coding practices and implementing controls such as, including Identity and Access Management, authentication protocols, encryption, role-based access and Application Programming Interface (API) security mechanisms.
• Monitors emerging threats and trends continuously, proactively adapting security solutions to mitigate risks, and evaluate and select security technologies and tools, ensuring seamless integration and interoperability.
• Conducts deep dive security architecture reviews of vendor products as part of selection and other critical production applications, providing architecture recommendations for the short and long-term improvement of security controls.
• Conducts code analysis of large applications, manually and using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scanning solutions, and conducts manual vulnerability analysis
• Assists the Information Security (InfoSec) and Enterprise Security team in conducting regular security risk assessments to identify and evaluate potential security risks across the enterprise, contributing to data loss prevention strategies including analysis of application behavior and preventing accidental or malicious data leakage. .
• Develops logical infrastructure solutions in alignment with the security standards and works closely with infrastructure teams to ensure that the physical infrastructure designed meets security requirements.
• Owns, manages and maintains the security architecture roadmap and runways, overseeing the identification, prioritization, and development of technical enablers, technical debts, quality improvements, and application modernization activities of security.
• Drives security architecture decisions and be accountable for their implications regarding solution costs, delivery schedules, application complexity, technical debt and overall solution performance.
• Engages in end-to-end project lifecycle to manage security architecture, evaluate new systems, review proposed infrastructure changes, guide application security/coding best practices to develop and maintain security architecture guardrails, policies, and procedures.

• Bachelor&aposs Degree (3+ years)
• Degree in Information Technology, Computer Science, or related field
• Fluent in English
• Proven experience as a Security Solution Architect or similar experience as an Application/Product Security Engineer. Architect Background in integrating security testing into the Software Development Life Cycle (SDLC). Experience providing security knowhow to developers and working with them to build secure solutions. Experience in security architecture and design of large scale and mission critical business applications. Strong familiarity with common vulnerabilities and attack vectors. The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management. Airline experience and working in multi culture environment is preferred.
• Strong understanding of security technologies and solutions, including firewalls, intrusion detection/prevention systems, anti-malware, anti-ransomware, DDOS/WAF/Bot Management, DLP and data encryption solutions. Proficiency in security tools in software development (SAST, DAST, SCA, Container security, API Security testing) and infrastructure security tools (Nessus, Qualys, Azure, AWS), SIEM tools (Splunk, LogRhythm), SOAR and WAFs. Proficiency in auditing .Net, Java, Python or JavaScript languages/technologies Knowledge of web service technologies, load balancer services (i.e., Nginx, Cloudflare, F5, etc.) and RESTful APIs Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS etc.). Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments. Knowledge on Industry best practices and security standards like OWASP Top 10, SANS Top 25, GDPR, PCI DSS, NIST
• 10 - 12 years
• Preferred Certifications: CISSP, CCNP Security, CISA, CEH

• Customer Focus
• Team work
• Effective Communication
• Personal Accountability & Commitment to achieve
• Resilience and Flexibility (Can do attitude)
• Decision Making
• Strategic Thinking
• Business Acumen

Isr Requirements

Reads and complies with the ISR policies of the Company and diligently reports any weakness or incidents to the respective Line Manager or the Information Security team. Completes all required ISR awareness sessions and follows associated guidelines in the day-to-day business operations.