Associate Architect - Enterprise Security

Lets talk about the Team

Resmeds Enterprise Security Service team plays a pivotal role in enabling secure innovation across our connected health ecosystem. We partner with engineering, product, architecture and operations teams to embed security into every stage of the development lifecycle balancing protection with performance, compliance and user experience.

Let’s talk about the Role:

Associate Architect, Enterprise Security

Let’s talk about responsibilities:

• Design and assess secure architectures across IaaS, PaaS, and SaaS platforms in public, private, and hybrid cloud environments.
• Collaborate with development, cloud, and enterprise architecture teams to embed security into infrastructure and application design.
• Lead threat modeling and architecture reviews for high-impact systems, including APIs, web applications, and microservices.
• Define and promote secure development patterns, including application-layer protections (e.g., WAF, API gateways, secure SDLC, IaC scanning).
• Contribute to the implementation of zero trust principles across network, identity, and application layers.
• Develop and assess security controls leveraging technologies such as firewalls, ZTNA, SWG, segmentation, IDS/IPS, DNS security, and encryption.
• Support continuous cloud security posture management using CWPP, CSPM, and other cloud-native security tools.
• Drive the creation of standards and policies aligned with frameworks such as NIST, CIS, CSA CCM, and ISO 27001.
• Stay current on emerging threats, cloud vulnerabilities, AI/ML risks, and evolving regulations relevant to digital health and patient data.
• Mentor junior team members and support cross-functional knowledge-sharing.

Let’s talk about you:

• 8+ years of experience in cybersecurity, cloud security, or DevSecOps roles, including architectural leadership.
• Strong understanding of secure infrastructure and application design in cloud-native environments (AWS, Azure, GCP).
• Experience with web application firewalls (WAFs), API security (OAuth, JWT) and secure SDLC practices.
• Hands-on experience with technologies like Kubernetes, Terraform, Kafka, and scripting (Python, JavaScript).
• Familiarity with cloud security frameworks and controls: NIST, CIS Benchmarks, CSA-CCM, ISO 27017.
• Understanding of regulatory requirements such as HIPAA, GDPR, PCI DSS, and CCPA.
• Strong communication and collaboration skills, with the ability to influence both technical and business stakeholders.