Security Architect

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education

Summary: As a Security Architect, a typical day involves designing and establishing a comprehensive cloud security framework that aligns with organizational objectives and performance standards. This role includes creating detailed documentation for the deployment of cloud security controls and overseeing the smooth transition of these controls into managed cloud security operations. The position requires continuous collaboration with various teams to ensure that the security architecture supports business needs while maintaining operational efficiency and resilience in a cloud environment.

Roles & Responsibilities:

• Develop and maintain incident response plans, playbooks, escalation paths, and communication templates.
• Work with internal and external resources to ensure proper logging, alerting, forensic collection, and response capabilities are in place.
• Participate in tabletop exercises, purple team activities, incident simulations, and lessons-learned reviews.
• Help define severity classifications, response SLAs, escalation criteria, and evidence-handling procedures.
• Maintain readiness for common incident types, including phishing, business email compromise, malware, ransomware, credential compromise, insider threat, data exposure, cloud compromise, and unauthorized access.
• Lead technical investigations into suspected or confirmed security alerts and incidents.
• Correlate activity across endpoint, identity, cloud, network, email, and application logs.
• Perform timeline analysis, scope assessment, root-cause analysis, and impact determination.
• Identify indicators of compromise, attacker tactics, persistence mechanisms, lateral movement, privilege escalation, and data access patterns.
• Use threat intelligence and MITRE ATT&CK mapping to contextualize attacker behavior.
• Determine whether an alert represents benign activity, policy violation, misconfiguration, attempted compromise, or confirmed compromise
• Coordinate and perform where appropriate containment actions such as host isolation, account disablement, token revocation, firewall blocks, email quarantine, access removal, and cloud control changes.
• Work with system owners and IT teams to remove persistence, remediate exploited weaknesses, and restore secure operations.