Job Title:  T&T | Cyber - ES | Sr Analyst | Pen Test

Job Description: Information Security Architect

Location: Chennai

Job Type: Full time

We are seeking an Information Security Architect specializing in Threat Modeling and Security Architecture Reviews to assess application architectures, identify security weaknesses, and recommend mitigation strategies. This role requires a deep understanding of security threats, vulnerabilities, and mitigation strategies, along with the ability to collaborate with cross-functional teams to implement robust security measures and safeguard enterprise assets.

Key Responsibilities:

Security Architecture Review & Threat Modeling:

• Conduct security architecture reviews for applications, cloud environments, and IT systems to identify risks.
• Perform threat modeling (e.g., STRIDE, PASTA, MITRE ATT&CK, DREAD) to assess potential attack vectors and weaknesses.
• Analyze authentication, encryption, and access control mechanisms within application and system architectures.
• Review security controls against industry standards and organizational policies (e.g., NIST, ISO 27001, OWASP, CIS Controls, TISAX).
• Provide secure design recommendations to mitigate identified risks.

Application & Cloud Security Assessment:

• Assess web, mobile, and cloud-based applications for security risks and misconfigurations.
• Evaluate API security, microservices architectures, and containerized environments for vulnerabilities.
• Validate implementation of IAM, Zero Trust, network segmentation, and encryption standards.

Security Risk & Compliance Evaluation:

• Identify security gaps in applications and infrastructure and recommend compensating controls.
• Ensure compliance with GDPR, SOC 2, PCI-DSS, ISO 27001, TISAX, and other relevant security frameworks.

Collaboration & Reporting:

• Create comprehensive reports detailing identified risks, mitigation strategies, cloud specific controls, data flow diagram, trust zones, and improvement recommendations.
• Collaborate with stakeholders to develop and refine the enterprise security architecture and threat modeling strategies.

Qualifications & Experience:

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 3+ years of experience in security architecture review, threat modeling, and risk assessment.
• Strong expertise in threat modeling frameworks such as STRIDE, PASTA, MITRE ATT&CK, OWASP ASVS.
• Knowledge of cloud security (AWS, Azure, GCP), API security, and microservices architecture.
• Familiarity with IAM, Zero Trust, MFA, RBAC, PAM, and network security principles.
• Experience in secure SDLC, DevSecOps, and security assessment.
• Hands-on experience with security assessment tools (e.g., Microsoft Threat modeling, Microsoft Visio).
• Understanding of penetration testing methodologies, security misconfigurations, and application security risks.

Preferred Certifications:

• CISSP (Certified Information Systems Security Professional)
• CSSLP (Certified Secure Software Lifecycle Professional)
• CCSP (Certified Cloud Security Professional)
• AWS/Azure Security Certifications
• CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional)

Soft Skills:

• Strong ability to assess and prioritize technical risks.
• Expertise in application security with a focus on scalable and robust solutions.
• Proven experience in designing and securing complex network architectures.
• Excellent written and verbal communication skills for effective collaboration.
• In-depth knowledge of current and emerging security technologies, including business processes, data security, application security, and network/system infrastructure.