Cloud Application Security Architect

Key Responsibilities Include:

• Security Architecture Design: Architect and develop security frameworks for cloud and hybrid environments, including AWS, Azure, and physical data centers. Design cloud-native solutions with appropriate security controls based on business needs.
• Leadership & Representation: Act as the ambassador and senior technical representative of Enterprise Security within cross-functional teams to ensure secure implementation of cloud-based applications.
• Collaboration & Integration: Work with Engineering, Infrastructure, and Application Development teams to recommend, select, and integrate secure technology solutions into Zycus environments.
• Standardization & Governance: Develop and maintain cloud and application security standards in collaboration with key stakeholders.
• Knowledge Sharing & Mentorship: Lead technical forums, mentor junior team members, and drive security awareness through formal and informal training initiatives.
• Customer & Sales Support:

• Respond to RFPs (Request for Proposals), security questionnaires, and due diligence documents to address customer-specific cloud and application security concerns.
• Attend customer meetings and calls to represent Zycus’s security posture and address technical security queries related to the cloud, application, infrastructure, and compliance frameworks.

• Technology Strategy: Contribute to the development of long-term cloud security technology roadmaps in collaboration with service and business teams.

• 12–18 years of overall experience, with 6–8 years in Security Architecture or Engineering roles.
• Strong background in Cloud platforms (AWS preferred; Azure a plus).
• Experience with security assessment tools and methodologies including VAPT, Web Application Scanners (e.g., Veracode, IBM AppScan), Network Scanners (e.g., QualysGuard, Nessus).
• Familiarity with SIEM (QRadar), DLP (Digital Guardian), CASBs, firewalls (e.g., Palo Alto), sniffers (e.g., Wireshark), and other security tools.
• Hands-on experience with secure software development practices, threat modeling, IAM, cryptography, and certificate management.
• Knowledge of authentication mechanisms like OAuth, OpenID, SAML, etc.
• Strong understanding of compliance frameworks such as SSAE 16 SOC1, SOC2, and PCI-DSS.
• Proven experience in responding to customer security requirements and effectively communicating technical concepts to non-technical stakeholders.
• Ability to work independently and collaborate in cross-functional teams.

Preferred Qualifications:

• Excellent Java EE development experience; knowledge of middleware and integration platforms (e.g., ESB).
• Familiarity with mobile platform architectures (iOS, Android) and their integration with cloud services.
• Deep understanding of SSL/TLS protocols and certificate-based authentication.
• Security certifications related to cloud and application security (e.g., CCSP, AWS Security Specialty, CISSP).
• Experience representing technical perspectives during customer audits, pre-sales calls, and vendor evaluations.