Security Architect

Role summary

• 
  

  Define and maintain enterprise security architectures covering applications, infrastructure, networks, data platforms, and cloud services, with Microsoft Azure as the primary platform.

  
  


• 
  

  Embed security into transformation and AIdriven initiatives, ensuring solutions are securebydesign and compliant with insurance and financialservices regulations.

  
  

Key responsibilities

• 
  

  Security architecture & design: Create reference architectures and security blueprints for cloudnative, hybrid, and onprem environments, including microservices, APIs, data lakes, and AI/ML workloads; conduct architecture reviews and threat modeling using frameworks such as STRIDE, PASTA, and LINDDUN.

  
  


• 
  

  Zero Trust & identity: Design and implement Zero Trust architectures, enterprise IAM on Azure AD/Entra ID, and modern authentication/authorization using SAML, OAuth 2.0, OpenID Connect, MFA, conditional access, RBAC, and ABAC.

  
  


• 
  

  Cloud & application security: Establish security guardrails across Azure, AWS, and GCP; implement CSPM/CWPP, container and Kubernetes security, WAF, NSGs, and DDoS protection; integrate DevSecOps practices, secure coding standards, and SAST/DAST/SCA/IAST into CI/CD.

  
  


• 
  

  Security operations & monitoring: Design SIEM and SOAR architectures (e.g., Microsoft Sentinel, Splunk, QRadar, Elastic), logging strategies, threat intelligence integration, and incident response capabilities including forensics and evidence handling.

  
  


• 
  

  Compliance, risk & governance: Ensure alignment with frameworks such as NIST, ISO 27001, PCIDSS, SOC 2, GDPR, HIPAA, and insurancespecific regulations; perform risk assessments, define security policies and standards, and track security KPIs.

  
  


• 
  

  Data protection & network security: Architect encryption, DLP, key and certificate management, data classification, and privacybydesign; design secure network architectures with segmentation, DMZs, VPN/ZTNA/SDP, IDS/IPS, NAC, and CDN security.

  
  


• 
  

  Collaboration & leadership: Partner with enterprise and solution architects, DevOps, engineering, and business teams to embed security; mentor teams, lead design reviews and working groups, and present complex security topics to senior leadership.

  
  

Required skills

• 
  

  Deep knowledge of major security frameworks and standards (NIST CSF, ISO 27001/27002, CIS Controls, OWASP Top 10, SANS Top 25, Zero Trust Architecture, PCIDSS, HIPAA, GDPR, and insurance regulations).

  
  


• 
  

  Strong expertise in IAM, cloud security (Azure preferred, plus AWS/GCP), application security, security operations (SIEM/SOAR, EDR/XDR), network security, and encryption/data protection technologies.

  
  

Experience & certifications

• 
  

  8+ years in cybersecurity, security engineering, or security architecture, including 3+ years designing enterprisegrade security architectures, ideally in insurance or financial services.

  
  


• 
  

  Proven experience implementing Zero Trust, architecting on Microsoft Azure, conducting threat modeling and architecture reviews, and supporting compliance certifications such as SOC 2, ISO 27001, and PCIDSS.

  
  


• 
  

  Core certifications: CISSP, CISM, CCSP, and Microsoft security certifications (e.g., Security Operations Analyst Associate or Azure Security Engineer Associate); additional certifications such as CEH, GIAC, OSCP, and CISA are a strong plus.

  
  

Key competencies

• 
  

  Insurance domain security, including protection of PII, claims, and financial data, and understanding of Solvency II, state regulations, GDPR, and CCPA.

  
  


• 
  

  Technical leadership, riskbased decisionmaking, and a strong focus on innovation and continuous learning to keep pace with the evolving threat landscape and regulatory environment