Lead / Sr. Application Security Architect

Education:

Role Overview

Security Architecture is part of Jio's Information Security Team. Primary responsibility of this team is to design & architect secure solutions and to identity threats in early design/architect phases of product development cycle. Drive secure by design initiatives in the organization & mentor delivery teams with right security direction & controls to protect customer data.

Responsibilities

• Design security architecture and data protection controls for on-premises IT applications.
• Design security architecture and data protection controls for applications deployed in AWS/GCP/Azure/OpenStack cloud.
• Design security measures for applications deployed on containers and application built using Free and Open Source Systems.
• Design and review identity and access management system.
• Develop and enforce security policies and procedures related to network security architecture.
• Assess applications against the security architecture guidelines and best practices.
• Research and evaluate new security products.
• Assist in building security-monitoring capability for applications deployed in AWS/GCP/Azure/OpenStack cloud.
• Research on current threat landscape and identify associated security issues for the organization.
• Person should be knowing scripting like SHELL / PYTHON / PERL / TCL

Skills & Experience:

Min. 12 Years of domain experience in Application Security

• Good understanding of security architecture principles such as network segmentation, authentication, authorization, encryption, audit & logging.
• Experience in security design and deployment experience for GCP/AWS/GCP/Azure cloud environments.
• AWS/GCP - Security Groups, AWS/GCP WAF, Inspector, cloud watch, Shield, Cloud Config, Key management, IAM etc.
• Experience in Network Security such as network IPS, proxy firewalls, XDR, end point protection, sand boxing etc.
• Experience in Application Security such as code reviews, code audit, penetration testing, kube bench, OWASP Top ten exposure etc.
• Azure NSG, WAF, Azure API management, Azure security center, Storage security, IAM, etc.
• Experience and understanding of various authentication and authorization mechanism such as SAML/OpenID/OAuth and using various Identity and Access management platform
• Knowledge of industry best practices, methodologies, tools, etc. in the field of cybersecurity.