Information Security Architect

Hi all ,

we are hiring for the role of Information Security Architect

EXP : 6 -9 years

Location : Bengaluru

Role type : Hybrid

Emp type : C2H ( 1 - YEAR EXTENDABLE )

Description:
Information Security ArchitectLocation: Bangalore, IndiaExperience: Minimum 6 years in information/product security

Role Overview
Were seeking a senior Information Security Architect to design and implement security strategies throughout the full product lifecycle. This role will lead threat modelling, secure CI/CD initiatives, and act as a champion for product security within our engineering ecosystem.

Key Responsibilities
• Lead security architecture design across our product portfolio, spanning cloud-native and on-premise deployments.• Conduct threat modeling using SD Elements, STRIDE, PASTA, or similar frameworks to identify and remediate design-level risks.• Integrate security across DevSecOps processes, including CI/CD automation, SAST/DAST, container scanning, infrastructure-as-code security, and secrets management.• Define and enforce security patterns, controls, and reference architectures across product teams.• Perform secure design reviews, architecture risk assessments, and propose mitigation plans.• Review designs, code, third-party libraries, and cloud configurations for compliance with secure architecture principles.• Collaborate with product, engineering, QA, and DevOps to embed security early in development cycles.• Provide subject matter expertise, guidance, and training on security best practices.• Stay abreast of emerging threats, vulnerabilities, and tooling for product security.• Partner with governance, risk, and compliance teams to support audits and ensure alignment with security standards like ISO27001, NIST, and OWASP.

Must-Have Qualifications
• Minimum 6 years experience in information security architecture, product security, or related roles.• Hands-on experience with product security, including vulnerability analysis, design reviews, and architecture hardening.• Proven track record securing CI/CD pipelines, including tooling for SAST/DAST, container scanning, and secrets detection.• Demonstrated experience with threat modeling (especially using SD Elements) and security frameworks (STRIDE, PASTA).• CISSP certification is mandatory.• Strong collaboration across cross-functional teams (Dev, Ops, QA).• Excellent communication skills, with ability to translate technical risks to business stakeholders.

Nice-to-Have Skills
• Cloud security architecture (AWS, Azure, GCP).• Familiarity with SD Elements security risk management platform.• Experience with secure infrastructure-as-code (Terraform, CloudFormation).• Exposure to agile DevSecOps practices and tooling integrations.• Additional certifications: CCSP, CSA CCSK, CISM, etc.Enable Skills-Based Hiring No

Interested candidates send your cv to : akram.m@acesoftlabs.com