Cybersecurity Solution Architect

Design and maintain the application, data and cybersecurity architecture to support security, scalability resilience, and risk management requirements of AIR Global’s data, applications, IT systems, on-premises and in cloud infrastructure.

• Review and support the security design for new IT projects, ensuring alignment with organizational security policies and standards.
• Collaborate with project teams to identify security requirements and integrate security controls into the project lifecycle.
• Design and implement secure architecture for Azure environments, leveraging Azure security services and best practices.
• Ensure compliance with Azure security standards and manage security configurations for Azure resources.
• Develop and enforce security measures for APIs, including authentication, authorization, and threat protection.
• Implement API security best practices and manage API gateways to ensure secure data exchange.
• On-Premises Network Security:
• Design secure network architectures for on-premises environments, including segmentation, firewalls, and intrusion detection systems.
• Architect and oversee the implementation of security measures for eCommerce platforms, particularly Magento, ensuring compliance with industry standards and best practices.
• Architect DevsecOPS, CI/CD pipeline.
• Design and support microservice architectures to enhance system scalability, flexibility, Security and maintainability.
• Collaborate with cross-functional teams IT and security team to understand technical, IT security and business requirements and translate them into well-architect solutions.
• Support risk assessments and develop mitigation strategies to ensure the security and integrity of data and IT systems.
• Stay updated with the latest trends and technologies in data management, security architecture, and eCommerce platforms.
• Provide technical leadership and guidance to development teams, ensuring best practices in coding, design, and architecture.
• Prepare detailed documentation of architectural designs, security protocols, and implementation plans.
• Participate in the evaluation and selection of new technologies and tools to enhance the organization's capabilities.

Experience & Qualification:

• Minimum of 5-7 years of experience in solution architecture, with a focus on data management and cybersecurity.
• Demonstrated experience in architecture and design solutions using Azure Data Lake and other data analysis tools.
• Hands-on experience with security architecture for eCommerce platforms, particularly Magento.
• Experience in developing and implementing microservice architectures.
• Familiarity with cloud security, application, database and api architecture best practices.
• Computer Science or Relevant Degree

Any of the three-certification listed below:

• Microsoft Certified: Cybersecurity Architect Expert
• Microsoft Certified: Azure Security Engineer Associate
• Trend Micro Certifications
• Microsoft Certified: Identity and Access
• Certified Data Management Professional (CDMP)
• AWS Certified Solutions Architect: Validates ex

Skills and Competencies:

• Understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and compliance requirements (e.g., GDPR, HIPAA).
• Knowledge of designing secure networks, applications, and cloud Architecture, including understanding firewalls, VPNs, and micro service architecture.
• Understanding of IAM principles, including user provisioning, authentication, and authorization techniques.
• Familiarity with security tools, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection.
• Strong design knowledge and experience working with Trend Micro Vision One, XDR platform, email security, EDR, email security, PAM, IPS, WAF and DLP technologies.
• Strong design and supporft on experience working with Azure/AWS security controls such as Defender, Purview, IAM, Entra ID etc..
• The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing
• Strong understanding of the changing threat landscape and how this may affect our systems
• The ability to challenge concerns and report through appropriate channels
• Self-drive, motivation and the ability to work independently to deliver expected outcomes
• Strong analytical and report writing skills

API Security

• Understanding of API Protocols: Knowledge of REST, SOAP, and GraphQL.
• Authentication and Authorization: Familiarity with OAuth, JWT, and API keys.
• Threat Protection: Implementing rate limiting, IP whitelisting, and DDoS protection.
• Data Encryption: Ensuring data is encrypted in transit and at rest.
• API Gateway Management: Experience with tools like Azure API Management, Kong, or Apigee.

Azure Architecture

• Azure Services: Proficiency with Azure services such as Azure Virtual Machines, Azure Kubernetes Service (AKS), Azure Functions, and Azure Storage.
• Networking: Understanding of Azure Virtual Networks, Subnets, and Network Security Groups.
• Security Best Practices: Implementing Azure Security Center recommendations and Azure Policy.
• Infrastructure as Code (IaC): Experience with ARM templates, Bicep, or Terraform for deploying Azure resources.
• Monitoring and Logging: Using Azure Monitor, Log Analytics, and Application Insights for tracking and diagnosing issues.

Identity and Access Management (IAM)

• Azure Active Directory (AAD): Deep knowledge of AAD, including user and group management, conditional access policies, and identity protection.
• Role-Based Access Control (RBAC): Implementing and managing RBAC in Azure to control access to resources.
• Single Sign-On (SSO): Configuring SSO for applications using AAD.
• Multi-Factor Authentication (MFA): Enforcing MFA for enhanced security.