Senior IT Security Architect

📋 Description

• • Join Shift Technology, the leading AI platform for the insurance industry, as a Senior IT Security Architect and play a pivotal role in shaping the security posture of our cutting-edge Azure-based SaaS platform.
• • Reporting directly to the CISO, you will be a senior, influential member of the Information Security team, responsible for the end-to-end security architecture.
• • Your primary focus will be on the design, creation, adoption, and governance of security architecture best practices across the entire organization, ensuring robust protection for our platform and sensitive customer data.
• • You will serve as the go-to subject matter expert for both cloud infrastructure security and application security, collaborating closely with engineering teams to seamlessly embed security throughout the entire software development lifecycle (SDLC).
• • Your expertise will be crucial in designing secure, scalable, and resilient solutions for our single- and multi-tenant offerings, safeguarding our platform and our customers' valuable information.
• • *Cloud Security Architecture:**
• • Design, implement, and maintain the security reference architecture for our Azure-native, Windows, and Kubernetes-based SaaS products, ensuring alignment with industry best practices and organizational security goals.
• • Act as the primary security consultant and trusted advisor for product and engineering teams, providing authoritative guidance and strategic direction on secure design patterns for Azure infrastructure and services.
• • Conduct thorough reviews and provide formal approval for architectural designs of new services, ensuring they rigorously adhere to established security principles such as Zero Trust and defense-in-depth, and meet all relevant compliance requirements.
• • Define, document, and enforce stringent security standards for Azure networking, encompassing VNet segmentation, advanced firewalling configurations, and secure private connectivity solutions.
• • *Product & Application Security:**
• • Lead proactive threat modeling exercises, utilizing methodologies like STRIDE, in close collaboration with development teams for all new products and features, to identify potential risks and implement effective mitigation strategies early in the SDLC.
• • Develop, refine, and maintain comprehensive secure coding standards, and provide expert technical guidance on the prioritization and remediation of vulnerabilities identified by SAST, DAST, and SCA tools.
• • Architect robust security solutions for the SaaS application layer, with a strong emphasis on ensuring secure tenant isolation, effective customer data segregation, secure API design, and implementing sophisticated authentication and authorization patterns.
• • *Data Security:**
• • Design and enforce comprehensive security patterns and controls for protecting sensitive data at rest and in transit across all Azure data platforms, including but not limited to Azure SQL, Cosmos DB, and Databricks.
• • Collaborate closely with the Data Access Governance function to translate high-level data classification policies into tangible, enforceable technical access controls, ensuring data is accessed only by authorized personnel.
• • Architect and implement secure solutions for secrets management, encryption, and key management, with a primary focus on leveraging Azure Key Vault for robust protection.
• • Design and architect a highly secure data access solution utilizing Azure Virtual Desktop (VDI), integrating Data Loss Prevention (DLP) controls and other advanced data protection mechanisms to proactively prevent data exfiltration and unauthorized access.
• • *Security Engineering & Operations Enablement:**
• • Develop and implement security-as-code and Infrastructure as Code (IaC) solutions to establish automated security guardrails, enforce compliance, and proactively detect and remediate insecure configurations.
• • Serve as a senior technical escalation point for the Security Operations team, providing expert guidance and support during complex cloud security investigations and incident response activities.
• • Continuously evaluate, prototype, and recommend innovative new cloud security technologies and services to mature and enhance the overall security program and capabilities.
• • Champion a security-first mindset across engineering and product teams, fostering a culture of shared responsibility for security.