Director | Security Architect | Delhi | Enterprise Security

• Threat Modeling & Risk Assessment:
• Develop and implement threat models for both on-premises and cloud-based systems using STRIDE, DREAD, and PASTA methodologies.
• Perform detailed risk assessments to identify security weaknesses and recommend appropriate mitigation strategies, both for traditional IT systems and cloud infrastructure.
• Collaborate with development teams to integrate security best practices into cloud application architectures, ensuring security is built-in from the ground up.
• Regularly review and update security models to address evolving threats and cloud technology changes.
• Develop threat models for enterprise services, business-critical systems, and crisis systems to enhance Operational Resilience.
• Security Architecture & Best Practices:
• Review system designs, and architecture to identify security weaknesses and vulnerabilities.
• Collaborate with development teams to integrate security best practices throughout the Software Development Lifecycle (SDLC) particularly for cloud-based services and applications.
• Design and implement security controls to safeguard against identified risks.
• Provide recommendations for improving overall security posture by evaluating existing security measures and proposing new countermeasures.
• Stay current on cloud security trends, emerging threats, and attack vectors to ensure the organization’s cloud systems remain secure against evolving risks.
• Collaboration & Reporting:
• Partner with cross-functional teams to address security issues, implement action plans, and ensure alignment with industry standards such as NIST 800-53 and ISO 27002.
• Create comprehensive reports detailing identified risks, mitigation strategies, cloud specific controls, data flow diagram, trust zones, and improvement recommendations.
• Collaborate with stakeholders to develop and refine the enterprise security architecture and threat modeling strategies.
• Act as a subject matter expert on cloud security, guiding the organization’s cloud adoption strategy and ensuring secure design and implementation.
• Continuous Learning & Knowledge Sharing:
• Stay up-to-date on the latest cybersecurity trends, vulnerabilities, and attack vectors.
• Maintain proficiency in threat modeling tools (e.g., OWASP Threat Dragon, Microsoft Threat Modeling Tool) and ensure their effective use across the organization.
• Share knowledge and best practices with internal teams to strengthen the organization’s overall security posture.

Required Qualifications:

• Education:
• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
• Industry-recognized certifications such as CISSP, CCSP, ISO 27001, CISM, CEH, or related certifications are highly desirable.
• Experience:
• 8+ years of experience in information security, with a focus on security architecture, cloud security, threat modeling, and risk assessments.
• Proven experience working with threat modeling methodologies (e.g., STRIDE, DREAD, PASTA) and tools (e.g., OWASP Threat Dragon, Microsoft Threat Modeling Tool).
• Proven experience with cloud security platforms (AWS, Azure, GCP), including cloud security best practices, compliance, and vulnerability management.
• Experience in the automotive industry and understanding of related security and compliance frameworks is a plus.
• Understanding of the Software Development Lifecycle (SDLC) and its security integration.
• Understanding of cloud governance models, including roles and responsibilities of cloud service providers (CSPs) and customers (i.e., shared responsibility model).
• Technical Skills:
• Strong understanding of common security vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.
• Familiarity with security tools and technologies such as firewalls, intrusion detection/prevention systems, vulnerability scanners, and cloud security technologies.
• Deep understanding of enterprise architecture and its security implications.
• Knowledge of cloud platforms (AWS, Azure, GCP) and related cloud security controls is a plus.
• Proficiency in cyber resilience practices and the ability to align with authoritative frameworks like NIST SP 800-53, ISO 27002 etc.
• Soft Skills:
• Excellent communication skills, with the ability to convey complex technical concepts to non-technical stakeholders.
• Strong collaboration and teamwork abilities, particularly in a matrixed organizational structure.
• Analytical skills and attention to detail with the ability to prioritize tasks and manage multiple concurrent projects.