Security Architect

Required Skills

• Security Frameworks & Standards - NIST Cybersecurity Framework, ISO 27001/27002, CIS Controls, OWASP Top 10, SANS Top 25, Zero Trust Architecture (NIST SP 800-207), PCI-DSS, HIPAA, GDPR, and insurance regulatory frameworks.

• Identity & Access Management - Azure Active Directory/Entra ID, SSO implementations, SAML/OAuth 2.0/OpenID Connect, multi-factor authentication (MFA), privileged access management (PAM), RBAC/ABAC models, identity governance, and passwordless authentication.

• Cloud Security - Azure Security Center, Microsoft Defender for Cloud, AWS Security Hub, Google Security Command Center, CASB solutions, network security groups, web application firewalls, container security, Kubernetes security, and cloud-native security tools.

• Application Security - Secure SDLC practices, threat modeling (STRIDE, PASTA, LINDDUN), SAST tools (SonarQube, Checkmarx, Fortify), DAST tools (OWASP ZAP, Burp Suite), SCA tools (Snyk, WhiteSource), secrets management (Azure Key Vault, HashiCorp Vault), and API security.

• Security Operations - SIEM platforms (Microsoft Sentinel, Splunk, IBM QRadar, Elastic Security), SOAR platforms, EDR/XDR solutions, threat intelligence platforms, log analysis, incident response frameworks, and forensic tools.

• Network Security - Firewall technologies (next-gen firewalls, Azure Firewall), IDS/IPS systems, network segmentation, VPN technologies, ZTNA solutions, DDoS mitigation, and secure network design.
• Encryption & Data Protection - Encryption protocols (TLS/SSL, IPSec), key management systems, certificate authorities, data loss prevention (DLP), data classification, tokenization, and data masking techniques.

Required Experience

• Eight or more years in cybersecurity, security engineering, or security architecture roles with three years designing enterprise security architectures.
• Proven experience architecting security solutions on Microsoft Azure with deep understanding of cloud security principles and patterns.
• Track record conducting threat modeling exercises, performing security architecture reviews, and achieving compliance certifications (SOC 2, ISO 27001, PCI-DSS).
• Experience in insurance or financial services environments with understanding of regulatory requirements and sensitive data protection.
• Evidence of implementing Zero Trust architectures, designing identity and access management solutions, and establishing security governance frameworks.
• Experience leading security incident response, conducting vulnerability assessments, and implementing security monitoring solutions.

Required Certifications

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CCSP (Certified Cloud Security Professional)
• Microsoft Certified: Security Operations Analyst Associate or Azure Security Engineer Associate.
• Valuable additions: CEH (Certified Ethical Hacker)
• SANS GIAC certifications (GIAC Security Essentials, GCIH, GPEN)
• OSCP (Offensive Security Certified Professional)
• CISA (Certified Information Systems Auditor).

Key Competencies

• Insurance Domain Security - Understanding insurance data sensitivity (PII, claim data, financial information), regulatory requirements (state insurance regulations, Solvency II, GDPR, CCPA), industry-specific threats, and common insurance platform security considerations.

• Technical Leadership - Leading security architecture reviews, establishing security standards, mentoring security engineers and developers, communicating risks to executive leadership, and balancing security with business enablement.

• Risk Management - Conducting security risk assessments, developing risk treatment plans, communicating security risks in business terms, and aligning security investments with risk appetite and business objectives.

• Innovation & Continuous Learning - Staying current with threat landscape, emerging attack vectors, new security technologies, zero trust maturity, and evolving regulatory requirements driving continuous improvement of security posture.