Security Architect

Role Summary

Work with us to build modern Insurtech AI underpinned solutions we are a growing team of hands on architects striving to build high quality solutions for our internal and external customers. The Security Architect designs and implements security architectures across the Xceedance insurance ecosystem establishing security standards conducting threat modeling and ensuring systems are designed with security-first principles including Zero Trust defense in depth and compliance with regulatory requirements in the insurance industry.

Key Responsibilities

Security Architecture & Design - Designs comprehensive security architectures for cloud-native hybrid and on-premises environments spanning applications infrastructure networks and data platforms using Microsoft Azure as primary platform. Develops reference architectures and security blueprints for common patterns including microservices APIs data lakes and AI/ML workloads. Conducts threat modeling exercises using STRIDE PASTA and LINDDUN frameworks to identify security risks during design phase. Performs security architecture reviews and assessments of existing systems applications and infrastructure components ensuring alignment with enterprise security standards and regulatory requirements.

Zero Trust & Identity Security - Designs and implements Zero Trust security architectures based on never trust always verify principles including micro-segmentation least privilege access and continuous verification. Architects enterprise identity and access management (IAM) solutions using Azure Active Directory/Entra ID SSO federation and privileged access management (PAM). Designs authentication and authorization frameworks supporting SAML OAuth 2.0 OpenID Connect and modern authentication protocols. Implements multi-factor authentication (MFA) risk-based conditional access policies and passwordless authentication strategies. Designs role-based access control (RBAC) and attribute-based access control (ABAC) models aligned with least privilege principles.

Cloud Security Architecture - Architects security controls and guardrails for Azure AWS and GCP covering compute storage networking and platform services. Designs cloud-native security patterns including service mesh security container security (Kubernetes RBAC pod security policies) and serverless security. Implements network security groups (NSGs) web application firewalls (WAF) DDoS protection and cloud access security brokers (CASB). Designs secure landing zones hub-and-spoke network topologies and network segmentation strategies for multi-tenant environments. Establishes cloud security posture management (CSPM) and cloud workload protection platforms (CWPP) ensuring continuous compliance.

Application Security - Integrates security into software development lifecycle (SDLC) embedding security practices in CI/CD pipelines through DevSecOps and shift-left security. Defines secure coding standards based on OWASP Top 10 SANS Top 25 and industry best practices. Designs security testing strategies incorporating static application security testing (SAST) dynamic application security testing (DAST) software composition analysis (SCA) and interactive application security testing (IAST). Architects secrets management solutions using Azure Key Vault HashiCorp Vault or AWS Secrets Manager protecting API keys certificates and credentials. Designs API security frameworks including API gateways rate limiting input validation and API threat protection.

Security Operations & Monitoring - Designs security monitoring and incident detection architectures using SIEM platforms including Microsoft Sentinel Splunk IBM QRadar or Elastic Security. Architects security orchestration automation and response (SOAR) platforms automating incident response workflows and playbooks. Designs logging and log aggregation strategies ensuring comprehensive visibility across applications infrastructure and cloud platforms. Implements threat intelligence platforms integrating threat feeds to enable proactive threat detection and hunting. Designs incident response architectures including forensic capabilities evidence collection and chain of custody procedures.

Compliance Risk & Governance - Ensures security architectures comply with regulatory requirements including GDPR HIPAA PCI-DSS SOC 2 ISO 27001 NIST frameworks and insurance-specific regulations (Solvency II state insurance regulations). Conducts security risk assessments developing risk mitigation strategies aligned with business objectives and risk appetite. Designs security governance frameworks including security policies standards procedures and guidelines. Establishes security metrics and KPIs measuring effectiveness of security controls and demonstrating continuous improvement. Collaborates with compliance legal and audit teams ensuring security architectures meet regulatory and contractual obligations.

Data Protection & Encryption - Designs data protection architectures including encryption at rest encryption in transit and data loss prevention (DLP) strategies. Architects key management systems and certificate management solutions ensuring proper key lifecycle management. Designs data classification frameworks implementing data sovereignty requirements for multi-region deployments. Implements privacy-by-design principles and privacy-enhancing technologies (PETs) protecting sensitive and personally identifiable information (PII) critical in insurance operations.

Network Security - Designs network security architectures implementing network segmentation DMZs and secure connectivity patterns. Architects firewall strategies intrusion detection/prevention systems (IDS/IPS) and network access control (NAC) solutions. Designs secure remote access including VPN zero trust network access (ZTNA) and software-defined perimeter (SDP) approaches. Implements DDoS mitigation strategies and content delivery network (CDN) security.

Collaboration & Leadership - Works with enterprise architects solutions architects DevOps engineers developers and business stakeholders to embed security into all initiatives. Mentors security engineers and development teams on security best practices and secure design patterns. Leads security architecture reviews design discussions and technical working groups. Communicates complex security concepts and risks to executive leadership and non-technical stakeholders. Stays current with emerging threats vulnerabilities attack vectors and evolving security technologies through continuous learning and industry engagement.

Required Skills

Security Frameworks & Standards - NIST Cybersecurity Framework ISO 27001/27002 CIS Controls OWASP Top 10 SANS Top 25 Zero Trust Architecture (NIST SP 800-207) PCI-DSS HIPAA GDPR and insurance regulatory frameworks.

Identity & Access Management - Azure Active Directory/Entra ID SSO implementations SAML/OAuth 2.0/OpenID Connect multi-factor authentication (MFA) privileged access management (PAM) RBAC/ABAC models identity governance and passwordless authentication.

Cloud Security - Azure Security Center Microsoft Defender for Cloud AWS Security Hub Google Security Command Center CASB solutions network security groups web application firewalls container security Kubernetes security and cloud-native security tools.

Application Security - Secure SDLC practices threat modeling (STRIDE PASTA LINDDUN) SAST tools (SonarQube Checkmarx Fortify) DAST tools (OWASP ZAP Burp Suite) SCA tools (Snyk WhiteSource) secrets management (Azure Key Vault HashiCorp Vault) and API security.

Security Operations - SIEM platforms (Microsoft Sentinel Splunk IBM QRadar Elastic Security) SOAR platforms EDR/XDR solutions threat intelligence platforms log analysis incident response frameworks and forensic tools.

Network Security - Firewall technologies (next-gen firewalls Azure Firewall) IDS/IPS systems network segmentation VPN technologies ZTNA solutions DDoS mitigation and secure network design.

Encryption & Data Protection - Encryption protocols (TLS/SSL IPSec) key management systems certificate authorities data loss prevention (DLP) data classification tokenization and data masking techniques.

Required Experience

Eight or more years in cybersecurity security engineering or security architecture roles with three years designing enterprise security architectures. Proven experience architecting security solutions on Microsoft Azure with deep understanding of cloud security principles and patterns. Track record conducting threat modeling exercises performing security architecture reviews and achieving compliance certifications (SOC 2 ISO 27001 PCI-DSS). Experience in insurance or financial services environments with understanding of regulatory requirements and sensitive data protection. Evidence of implementing Zero Trust architectures designing identity and access management solutions and establishing security governance frameworks. Experience leading security incident response conducting vulnerability assessments and implementing security monitoring solutions.

Required Certifications

CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CCSP (Certified Cloud Security Professional) Microsoft Certified: Security Operations Analyst Associate or Azure Security Engineer Associate. Valuable additions: CEH (Certified Ethical Hacker) SANS GIAC certifications (GIAC Security Essentials GCIH GPEN) OSCP (Offensive Security Certified Professional) CISA (Certified Information Systems Auditor).

Key Competencies

Insurance Domain Security - Understanding insurance data sensitivity (PII claim data financial information) regulatory requirements (state insurance regulations Solvency II GDPR CCPA) industry-specific threats and common insurance platform security considerations.

Technical Leadership - Leading security architecture reviews establishing security standards mentoring security engineers and developers communicating risks to executive leadership and balancing security with business enablement.

Risk Management - Conducting security risk assessments developing risk treatment plans communicating security risks in business terms and aligning security investments with risk appetite and business objectives.

Innovation & Continuous Learning - Staying current with threat landscape emerging attack vectors new security technologies zero trust maturity and evolving regulatory requirements driving continuous improvement of security posture.