Network Security Architect

Role Overview

We are looking for a forward-thinking Senior Manager – Network Security Architect to own the strategic design, evaluation, and defense of our bank enterprise network. The role blends network security engineering with offensive security insight and regulatory alignment. An ideal technologist who thrives on solving security challenges at scale, this role shapes the backbone of our cyber defense posture on premises and in the cloud.

Key Responsibilities

Network & Cloud Security Architecture

• Design and maintain secure enterprise network blueprints that integrate on-prem, hybrid, and cloud environments.
• Develop Azure Landing Zone aligned security patterns and contribute to cloud onboarding frameworks.
• Lead evaluation and adoption of security technologies (SASE, SDP, NGFW, micro-segmentation) via structured PoCs.

Network Access Control (NAC) Deployment

• Lead in-depth NAC solution deployment including policy enforcement, posture checks, and device profiling.
• Design NAC architecture for on-prem and guest access across distributed branches and data centers.
• Collaborate with network and endpoint teams to ensure seamless NAC integration and operational tuning.

Architecture Review

• Conduct security architecture reviews for new IT and business initiatives, ensuring alignment with security policies.
• Perform threat modeling and impact assessments for infrastructure and application changes.
• Validate secure design principles across data flows, integrations, and network zones.

Vulnerability Assessment / Penetration Testing (VA/PT)

• Coordinate and manage VA/PT exercises across infrastructure, applications, and APIs.
• Review findings, validate risk severity, and work with control owners to track timely closures.
• Embed VA/PT results in risk dashboards and compliance metrics for internal and regulatory visibility.

Application & API Security

• Work with AppSec teams to review web/mobile application security, secure coding practices, and threat models.
• Oversee security testing and architecture validation of APIs, including authentication, encryption, and rate limiting.
• Ensure secure SDLC principles and coordinate remediation for high-risk flaws (e.g., OWASP Top 10, API Top 10).

Threat Exposure Management

• Orchestrate Red Team Assessments, simulate real-world attacker behavior to uncover blind spots.
• Operationalize Breach and Attack Simulation (BAS) tools to assess and improve control effectiveness.
• Continuous Automated Red Teaming (CART) as part of the threat validation cycle.
• Integrate red team learnings into SOC use cases and IR playbooks.

Identity & Access Hardening

• Detect and mitigate Active Directory abuse techniques.
• Work along with IAM, SOC, and SIEM teams to build and tune detection logic for identity-layer threats.

Compliance & Governance

• Map architecture and control decisions to RBI, SEBI, CERT-In, and IRDAI regulatory mandates.
• Collaborate with teams to support audits, gap closure, and compliance reporting.

Risk Reporting & Communication

• Build and present CISO dashboard views on threat exposure, security metrics, and risk exceptions.

Cross-Functional Coordination

• Collaborate across AppSec, SOC, IT infra, DevOps, and third-party vendors to align on security posture.

Required Skills & Experience

• Strong expertise in enterprise network security design (firewalls, proxies, segmentation, SDN).
• Good working knowledge of Azure Landing Zone, NSGs, and cloud-native security controls.
• Practical experience with red teaming, MITRE ATT&CK, and BAS platforms.
• Exposure to CART tools or frameworks and security validation automation.
• Hands-on knowledge of Active Directory attack paths and hardening strategies.
• Familiarity with regulatory compliance (RBI Master Directions, SEBI, IRDAI Cybersecurity Framework, ISO 27001).
• Skilled in CISO-level presentations, risk dashboards, and board-oriented storytelling.

Preferred Certifications

• CISSP, CCSP, or CISA (any one required)
• TOGAF (for architecture alignment)

Soft Skills

• Strategic thinker with strong execution focus
• Clear communicator with ability to simplify technical concepts
• Ownership mindset and proactive problem-solving
• Comfortable in regulatory discussions and audit scenarios