Job Description - Information Security Architect (MER0003BC9)
Job Role: Information Security Architect
Qualifications: A Bachelor's degree in Computer Science, Information Technology, Engineering, Information Security, Cybersecurity, or a related field is required. CISSP or CCSP or CSSLP certification is Mandatory. Experience: Minimum of 6-8 years of relevant work experience in cybersecurity architecture, engineering, application security, or a similar field. The candidate must possess the ability to perform threat modeling for applications. Responsibilities: Conduct threat modeling and architectural assessments of applications to encompass all aspects of information security, ensuring security by design. Document identified threats and provide corresponding mitigation strategies. Evaluate technologies and solutions to enhance security capabilities. Identify security gaps and communicate associated business risks to relevant stakeholders. Provide solutions aligned with business needs, considering security and compliance requirements. Verify the effectiveness of security controls in mitigating identified risks. Assist engineering projects throughout the Secure Software Development Life Cycle (SSDLC) and collaborate to effectively prioritize product security elements. Technical Skills: Strong knowledge of information security principles, security architectures, frameworks, standards, and emerging threats, with the ability to implement effective mitigation strategies. Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts. Familiarity with regulatory requirements and compliance standards (NIST, ISO 27001, GDPR, SOC2). Expertise in cloud computing and its associated best security practices, covering applications, infrastructure, storage, platforms, and data security. Hands-on experience in performing threat modeling for applications, identifying threats, and suggesting optimal mitigation strategies. Strong understanding of threat modeling methodologies (e.g., STRIDE, DREAD, PASTA). Proficiency in using threat modeling tools (e.g., Microsoft Threat Modeling Tool, Threat Modeler, OWASP Threat Dragon). In-depth knowledge of common security vulnerabilities (e.g., OWASP Top Ten, CVEs) and attack vectors. Must have experience in architecting and securing Cloud Computing Platforms such as Azure or AWS. Demonstrate a deep understanding of Google Cloud Platform (GCP) concepts and architectures, with a focus on how security controls are applied to cloud-based technologies. Excellent communication and interpersonal skills, with the ability to interact with stakeholders at all levels and explain complex security concepts in an easily understandable manner. Good understanding of relevant laws, regulations, and industry standards.
Organization Mercedes-Benz Research and Development India Private Limited
Primary Location India-Karnataka-Bangalore
Work Locations Brigade Tech Gardens, Katha No. 119, Kundalahalli Village, K.R. Puram Hobli, Ward No. 85, Bangalore 560037
#J-18808-Ljbffr