Security Architect

Role: Security Architect – Insurtech / Insurance

Role Summary

Insurtech and AI‑driven solutions

Key Responsibilities

Security Architecture & Design

• Design end‑to‑end security architectures for

  cloud‑native, hybrid, and on‑prem

  environments (apps, infra, networks, data).
• Use

  Microsoft Azure

  as primary platform; define

  reference architectures and security blueprints

  for microservices, APIs, data platforms, and AI/ML workloads.
• Conduct

  threat modeling

  (STRIDE/PASTA/LINDDUN) and perform security architecture reviews of existing systems to align with enterprise standards and regulations.

Zero Trust & Identity Security

• Design and implement

  Zero Trust

  architectures (micro‑segmentation, least privilege, continuous verification).
• Architect

  IAM solutions

  using Azure AD/Entra ID, SSO, federation, PAM, MFA, and passwordless strategies.
• Define

  authentication/authorization frameworks

  using SAML, OAuth 2.0, OpenID Connect, RBAC and ABAC models.

Cloud & Application Security

• Architect security controls and guardrails on

  Azure, AWS, GCP

  : NSGs, WAF, DDoS protection, CASB, container/Kubernetes security, secure landing zones and segmentation.
• Embed security into

  SDLC/DevSecOps

  , including secure coding standards (OWASP Top 10, SANS Top 25), and SAST/DAST/SCA/IAST integration in CI/CD.
• Design

  API and secrets management

  with tools like Azure Key Vault / HashiCorp Vault and API gateway security patterns.

Security Operations & Monitoring

• Design monitoring and detection architectures using

  SIEM

  (Microsoft Sentinel, Splunk, QRadar, Elastic) and

  SOAR

  platforms.
• Define logging, threat intelligence integration, and

  incident response architectures

  including forensics and evidence handling.

Compliance, Risk & Governance

• Ensure architectures comply with

  GDPR, HIPAA, PCI‑DSS, SOC 2, ISO 27001, NIST

  and insurance‑specific regulations (e.g., Solvency II, state insurance rules).
• Conduct security risk assessments, define mitigation strategies, and contribute to

  security governance frameworks

  , policies, and KPIs.

Data & Network Security

• Design

  data protection

  (encryption at rest/in transit, DLP, KMS, certificate management, data classification, privacy‑by‑design).
• Architect

  network security

  : segmentation, DMZs, IDS/IPS, NAC, secure remote access (VPN, ZTNA, SDP), and DDoS/CDN security.

Collaboration & Leadership

• Partner with enterprise/solution architects, DevOps, engineering and business teams to

  embed security

  in all initiatives.
• Mentor security and development teams on secure design and best practices.
• Communicate complex security topics to

  executives and non‑technical stakeholders

  and stay current with emerging threats and technologies.

Required Skills

• Strong knowledge of

  security frameworks & standards

  : NIST CSF, ISO 27001/27002, CIS Controls, OWASP Top 10, SANS Top 25, Zero Trust (NIST SP 800‑207), PCI‑DSS, HIPAA, GDPR.

• IAM & Zero Trust:

  Azure AD/Entra ID, SSO, SAML, OAuth 2.0, OpenID Connect, MFA, PAM, RBAC/ABAC, identity governance.

• Cloud security:

  Azure Security Center / Defender for Cloud, AWS Security Hub, GCP security tools, NSGs, WAF, CASB, container & Kubernetes security.

• Application security:

  Secure SDLC, threat modeling, SAST/DAST/SCA tools, secrets management, API security.

• Security operations:

  SIEM/SOAR, EDR/XDR, incident response and forensics.

• Encryption & data protection:

  TLS/SSL, key management, DLP, tokenization, masking.

Required Experience

• 8+ years

  in cybersecurity/security engineering/security architecture, including

  3+ years

  designing enterprise security architectures.
• Proven experience architecting security solutions on

  Microsoft Azure

  and other major clouds.
• Experience in

  insurance or financial services

  , with understanding of regulatory and sensitive data protection needs.
• Hands‑on experience with

  Zero Trust

  , IAM designs, governance frameworks, vulnerability management, and security monitoring solutions.

Certifications (Preferred)

• Core:

  CISSP, CISM, CCSP, Azure Security Engineer / Security Operations Analyst

  .
• Plus (nice to have):

  CEH, GIAC (GSEC/GCIH/GPEN), OSCP, CISA

  .

Key Competencies

• Insurance domain security

  awareness (PII, claims, financial data, regulatory obligations).

• Technical leadership:

  driving standards, mentoring, influencing cross‑functional teams.

• Risk management:

  explaining security risks in business terms and aligning controls with business objectives and risk appetite.