Job
Description
Design and maintain the application, data and cybersecurity architecture to support security, scalability resilience, and risk management requirements of AIR Global’s data, applications, IT systems, on-premises and in cloud infrastructure. Review and support the security design for new IT projects, ensuring alignment with organizational security policies and standards. Collaborate with project teams to identify security requirements and integrate security controls into the project lifecycle. Design and implement secure architecture for Azure environments, leveraging Azure security services and best practices. Ensure compliance with Azure security standards and manage security configurations for Azure resources. Develop and enforce security measures for APIs, including authentication, authorization, and threat protection. Implement API security best practices and manage API gateways to ensure secure data exchange. On-Premises Network Security: Design secure network architectures for on-premises environments, including segmentation, firewalls, and intrusion detection systems. Architect and oversee the implementation of security measures for eCommerce platforms, particularly Magento, ensuring compliance with industry standards and best practices. Architect DevsecOPS, CI/CD pipeline. Design and support microservice architectures to enhance system scalability, flexibility, Security and maintainability. Collaborate with cross-functional teams IT and security team to understand technical, IT security and business requirements and translate them into well-architect solutions. Support risk assessments and develop mitigation strategies to ensure the security and integrity of data and IT systems. Stay updated with the latest trends and technologies in data management, security architecture, and eCommerce platforms. Provide technical leadership and guidance to development teams, ensuring best practices in coding, design, and architecture. Prepare detailed documentation of architectural designs, security protocols, and implementation plans. Participate in the evaluation and selection of new technologies and tools to enhance the organization's capabilities. Experience & Qualification: Minimum of 5-7 years of experience in solution architecture, with a focus on data management and cybersecurity. Demonstrated experience in architecture and design solutions using Azure Data Lake and other data analysis tools. Hands-on experience with security architecture for eCommerce platforms, particularly Magento. Experience in developing and implementing microservice architectures. Familiarity with cloud security, application, database and api architecture best practices. Computer Science or Relevant Degree Any of the three-certification listed below: Microsoft Certified: Cybersecurity Architect Expert Microsoft Certified: Azure Security Engineer Associate Trend Micro Certifications Microsoft Certified: Identity and Access Certified Data Management Professional (CDMP) AWS Certified Solutions Architect: Validates ex Skills and Competencies: Understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and compliance requirements (e.g., GDPR, HIPAA). Knowledge of designing secure networks, applications, and cloud Architecture, including understanding firewalls, VPNs, and micro service architecture. Understanding of IAM principles, including user provisioning, authentication, and authorization techniques. Familiarity with security tools, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection. Strong design knowledge and experience working with Trend Micro Vision One, XDR platform, email security, EDR, email security, PAM, IPS, WAF and DLP technologies. Strong design and supporft on experience working with Azure/AWS security controls such as Defender, Purview, IAM, Entra ID etc.. The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing Strong understanding of the changing threat landscape and how this may affect our systems The ability to challenge concerns and report through appropriate channels Self-drive, motivation and the ability to work independently to deliver expected outcomes Strong analytical and report writing skills API Security Understanding of API Protocols: Knowledge of REST, SOAP, and GraphQL. Authentication and Authorization: Familiarity with OAuth, JWT, and API keys. Threat Protection: Implementing rate limiting, IP whitelisting, and DDoS protection. Data Encryption: Ensuring data is encrypted in transit and at rest. API Gateway Management: Experience with tools like Azure API Management, Kong, or Apigee. Azure Architecture Azure Services: Proficiency with Azure services such as Azure Virtual Machines, Azure Kubernetes Service (AKS), Azure Functions, and Azure Storage. Networking: Understanding of Azure Virtual Networks, Subnets, and Network Security Groups. Security Best Practices: Implementing Azure Security Center recommendations and Azure Policy. Infrastructure as Code (IaC): Experience with ARM templates, Bicep, or Terraform for deploying Azure resources. Monitoring and Logging: Using Azure Monitor, Log Analytics, and Application Insights for tracking and diagnosing issues. Identity and Access Management (IAM) Azure Active Directory (AAD): Deep knowledge of AAD, including user and group management, conditional access policies, and identity protection. Role-Based Access Control (RBAC): Implementing and managing RBAC in Azure to control access to resources. Single Sign-On (SSO): Configuring SSO for applications using AAD. Multi-Factor Authentication (MFA): Enforcing MFA for enhanced security. Show more Show less
