Lead Information Security Architect

Company Overview

About The Role

• Proactively Anticipate Threats - Conduct proactive threat hunting and analysis using threat intelligence, tactics, techniques and procedures (TTPs) as per MITRE ATT&CK framework. Also if needed collaborate with Threat Intel teams to emulate MITRE ATT&CK and threat actor behaviors relevant to the organization /business environment.
• Proactively validate Defenses and Technical Security Controls with Adversary-Informed Testing - Lead and execute Breach and Attack Simulations (BAS) end to end using industry-leading BAS platforms such as SafeBreach, Mandiant Security Validation , AttackIQ, Picus Security, or custom-built scripts to test control efficacy.
• Map defenses and detections to MITRE ATT&CK to uncover blind spots and improve control resiliency.
• Integrate BAS outcomes with EDR, SIEM, SOAR, Identity, Cloud layers and security telemetry to validate detection capabilities and security stack effectiveness.
• Analyze BAS results to identify control gaps and ensure timely mitigation or remediation via required tools.
• Proactive Remediation via Engineering and Hardening - Further, recommend control enhancements and help harden detection rules, prevention policies, response playbooks, and security configurations.
• Work Cross functionally and collaborate with teams including SOC, Identity & Access Management, Detection Engineering, Security Architecture, Infrastructure, and Application teams to validate technical controls and enhance detection and response capabilities against simulated threats and draft playbooks.
• Automate false positive reduction in BAS Tool and evolve detection logic based on real-world threat trends.
• Provide strategic input in secure architecture controls validation, completeness and incident response planning across cloud, on-prem, and hybrid infrastructure.
• Lead implementation and optimization of tools across endpoint, network, identity, and cloud security domains basis BAS or purple teaming outcomes.
• Drive BAS results remediation end to end for identified detection, prevention, and response control gaps.
• Proactive Security Metrics, Reporting & Communication- Define and track metrics/KPIs (for e.g. - % MITRE ATT&CK techniques validated, detection coverage improvements before and after, control drift remediation rate etc.) and prepare reports to track—attack surface coverage, control completeness, effectiveness, and detection gaps closed.
• Stay current with emerging threats, vulnerabilities, and industry trends.
  

Required Skills & Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 8+ years of professional experience in cybersecurity, with a focus on:
• MITRE ATT&CK Framework and TTPs
• Security Operations Center (SOC)
• Threat Intelligence, Detection Engineering
• Breach and Attack Simulation (BAS) tools, Purple Teaming
• Endpoint Detection and Response (EDR)
• Security Information and Event Management (SIEM), SOAR
• Vulnerability Management
• Identity and Access Management (IAM)
• Information Security Architecture
• Experience with threat hunting, log analysis, alert tuning, and BAS tools.
• In depth knowledge of attack lifecycle, MITRE ATT&CK, cyber kill chain, and modern threat actors.
• Deep understanding of enterprise security architecture, including cloud (AWS/Azure/GCP) and hybrid environments.
• Proficiency with tools like Splunk, Sentinel, CrowdStrike, EDR/XDR platforms, Network NDR , Firewall , WAF and security APIs.
• Excellent verbal and written communication skills, stakeholder management skills with the ability to convey complex technical concepts to diverse audiences across.
• Share knowledge, mentor others, and help drive a culture of curiosity, technical depth, and continuous improvement.
• Strong scripting skills in Python, PowerShell, or Bash and Exposure to Agile, CI/CD, or IaC pipelines are a plus.
  

Preferred Certifications (Not Mandatory)

• CISSP (Certified Information Systems Security Professional)
• OSCP/OSCE/Red/Purple Team certifications
• GIAC, CCSP, or other relevant cybersecurity certifications
• Vendor-specific: Mandiant (MSV) Certified Professional, SafeBreach Certified, MITRE ATT&CK Defender credentials.
  

Why This Role Is Different – What You’ll Gain

• Global Impact: Your work will directly harden defenses across a complex, distributed enterprise.
• Innovation Playground: You’ll work with bleeding-edge BAS tools, detection frameworks, and automation platforms.
• Strategic Visibility: Your threat findings will shape executive decision-making and security investment.
• Trusted Seat at the Table: Be part of a high-credibility security team that advises architecture, engineering, and leadership.