Security Architect

Role Overview

We are seeking an experienced Security Architect to work on a large-scale, multi-year transport technology transformation project. As the Security Architect, you will play a critical role in defining and driving the technical security vision, ensuring solutions align with enterprise architecture principles, best practices, and regulatory compliance standards.

You will collaborate with architects, IT stakeholders, suppliers, and business teams to ensure secure, scalable, and efficient solution delivery across a modern infrastructure leveraging AWS, IoT, and Operational Technology (OT) platforms. Your responsibilities will include oversight of cloud, network, and application security, as well as supporting secure integration across complex multi-vendor environments.

Key Responsibilities

• Design and review enterprise security architecture across a large-scale ICT project.
• Embed "security by design" principles in all solutions from inception.
• Lead secure implementation efforts across cloud infrastructure, OT, and network environments.
• Provide security oversight and validation for services including AWS, Lambda functions, API Gateways, Firewalls, and Web Application Firewalls (WAFs).
• Monitor and analyse system activity using Fortinet, Prometheus, Grafana, and Zabbix.
• Ensure compliance with key frameworks: PCI DSS, NIST CSF, ISO/IEC 27001, GDPR, and NIS2.
• Provide IAM guidance leveraging AWS IAM, Entra ID, and third-party identity solutions.
• Develop, document, and maintain security policies and procedures.
• Engage with suppliers to drive accountability and ensure the quality of design and implementation artifacts.
• Participate in design authorities and architecture review boards.

Technical Skills and Tools

• Cloud Security (AWS): GuardDuty, CloudWatch, Lambda, IAM
• Network Security: VPNs, segmentation, firewalls, remote access, Wi-Fi and cellular networks
• Monitoring & Observability: Zabbix, Prometheus, Grafana
• Application & API Security: API Gateway, secure deployment for IoT
• Kubernetes Security: Secure design and deployment practices
• Identity & Access Management: AWS IAM, Entra ID, third-party IAM solutions
• IoT & Asset Management: Knowledge of secure IoT environments and lifecycle

Candidate Profile

The ideal candidate will demonstrate:

• Strong verbal and written English communication skills.
• Leadership capability and the ability to drive security strategy across teams and vendors.
• Proven experience holding suppliers accountable for delivery and design quality.
• High proficiency in writing and reviewing architecture documentation (HLDs/LLDs).
• Strong collaboration skills with the ability to influence cross-functional stakeholders.
• Demonstrated success in delivering cloud-based security improvements.
• High-pressure performance and independent initiative.
• Mentorship skills and a supportive attitude toward junior team members.
• A balance of strategic thinking with attention to detail.
• Nice to have: Experience with the Fortinet security stack (FortiGate, FortiManager, FortiAnalyzer).

Compliance and Framework Experience

• PCI DSS v4.0.1
• NIST Cybersecurity Framework
• ISO/IEC 27001:2022
• GDPR
• NIS2 Directive

Recommended Certifications

Highly Recommended:

• CISSP - Certified Information Systems Security Professional
• CCSP - Certified Cloud Security Professional
• AWS Certified Security - Specialty
• ISO/IEC 27001 Lead Implementer or Auditor
• PCIP - PCI Professional