Design and maintain the application, data and cybersecurity architecture to support security, scalability resilience, and risk management requirements of AIR Global’s data, applications, IT systems, on-premises and in cloud infrastructure.
- Review and support the security design for new IT projects, ensuring alignment with organizational security policies and standards.
- Collaborate with project teams to identify security requirements and integrate security controls into the project lifecycle.
- Design and implement secure architecture for Azure environments, leveraging Azure security services and best practices.
- Ensure compliance with Azure security standards and manage security configurations for Azure resources.
- Develop and enforce security measures for APIs, including authentication, authorization, and threat protection.
- Implement API security best practices and manage API gateways to ensure secure data exchange.
- On-Premises Network Security:
- Design secure network architectures for on-premises environments, including segmentation, firewalls, and intrusion detection systems.
- Architect and oversee the implementation of security measures for eCommerce platforms, particularly Magento, ensuring compliance with industry standards and best practices.
- Architect DevsecOPS, CI/CD pipeline.
- Design and support microservice architectures to enhance system scalability, flexibility, Security and maintainability.
- Collaborate with cross-functional teams IT and security team to understand technical, IT security and business requirements and translate them into well-architect solutions.
- Support risk assessments and develop mitigation strategies to ensure the security and integrity of data and IT systems.
- Stay updated with the latest trends and technologies in data management, security architecture, and eCommerce platforms.
- Provide technical leadership and guidance to development teams, ensuring best practices in coding, design, and architecture.
- Prepare detailed documentation of architectural designs, security protocols, and implementation plans.
- Participate in the evaluation and selection of new technologies and tools to enhance the organization's capabilities.
Experience & Qualification:
- Minimum of 5-7 years of experience in solution architecture, with a focus on data management and cybersecurity.
- Demonstrated experience in architecture and design solutions using Azure Data Lake and other data analysis tools.
- Hands-on experience with security architecture for eCommerce platforms, particularly Magento.
- Experience in developing and implementing microservice architectures.
- Familiarity with cloud security, application, database and api architecture best practices.
- Computer Science or Relevant Degree
Any of the three-certification listed below:
- Microsoft Certified: Cybersecurity Architect Expert
- Microsoft Certified: Azure Security Engineer Associate
- Trend Micro Certifications
- Microsoft Certified: Identity and Access
- Certified Data Management Professional (CDMP)
- AWS Certified Solutions Architect: Validates ex
Skills and Competencies:
- Understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and compliance requirements (e.g., GDPR, HIPAA).
- Knowledge of designing secure networks, applications, and cloud Architecture, including understanding firewalls, VPNs, and micro service architecture.
- Understanding of IAM principles, including user provisioning, authentication, and authorization techniques.
- Familiarity with security tools, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection.
- Strong design knowledge and experience working with Trend Micro Vision One, XDR platform, email security, EDR, email security, PAM, IPS, WAF and DLP technologies.
- Strong design and supporft on experience working with Azure/AWS security controls such as Defender, Purview, IAM, Entra ID etc..
- The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing
- Strong understanding of the changing threat landscape and how this may affect our systems
- The ability to challenge concerns and report through appropriate channels
- Self-drive, motivation and the ability to work independently to deliver expected outcomes
- Strong analytical and report writing skills
API Security
- Understanding of API Protocols: Knowledge of REST, SOAP, and GraphQL.
- Authentication and Authorization: Familiarity with OAuth, JWT, and API keys.
- Threat Protection: Implementing rate limiting, IP whitelisting, and DDoS protection.
- Data Encryption: Ensuring data is encrypted in transit and at rest.
- API Gateway Management: Experience with tools like Azure API Management, Kong, or Apigee.
Azure Architecture
- Azure Services: Proficiency with Azure services such as Azure Virtual Machines, Azure Kubernetes Service (AKS), Azure Functions, and Azure Storage.
- Networking: Understanding of Azure Virtual Networks, Subnets, and Network Security Groups.
- Security Best Practices: Implementing Azure Security Center recommendations and Azure Policy.
- Infrastructure as Code (IaC): Experience with ARM templates, Bicep, or Terraform for deploying Azure resources.
- Monitoring and Logging: Using Azure Monitor, Log Analytics, and Application Insights for tracking and diagnosing issues.
Identity and Access Management (IAM)
- Azure Active Directory (AAD): Deep knowledge of AAD, including user and group management, conditional access policies, and identity protection.
- Role-Based Access Control (RBAC): Implementing and managing RBAC in Azure to control access to resources.
- Single Sign-On (SSO): Configuring SSO for applications using AAD.
- Multi-Factor Authentication (MFA): Enforcing MFA for enhanced security.
