Security Architect

Job Identification

We are looking for a Security Architect to be a part of our Digital Technology, Information Security team located in Group Office, Istanbul.

What We Expect

Responsible for understanding, documenting, solving and guiding application layer architecture (User-Interface, Backend, APIs, CI/CD, Application Infrastructure, Technical Frameworks, Platforms, etc.) and application component dependencies from a security perspective.

Understanding the business needs to ensure compliance with appropriate security strategies across different IT disciplines.

• Understand application requirements using a variety of methods such as interviews, self-assessments, document analysis, workshops, and workflow analysis to define in a deep level.
• Participate in technology discussions with architecture and product teams to perform security architecture design reviews of applications and communicate the necessity of security requirements.
• Review application designs to ensure security objectives are implemented successfully.
• Understand CI/CD processes to integrate security processes in a successful way.
• Analyze and document technical security requirements and designs for new and existing applications.
• Provide and lead developers in secure application design and patterns, remediation methods and recommendations for secure implementations.
• Define security best practices and standards and ensure development teams understand and receive secure development trainings.
• Identify and evaluate risks, issues, dependencies, and constraints associated with the application, escalating where appropriate.
• Translate and advise on security risks which may have a business impact.
• Propose new technologies that will be needed as a result of the findings and requirements.
• Monitor technologies in accordance with the defined policies, standards, and procedures of the organization, as well as with the industry’s best practices and vendor guidelines.
• Prepare presentations and technical documents as well as necessary training to ensure that philosophy is widely known within CCI while maximizing the benefits.
• Follow developments in technology and security threats closely, conduct research on emerging products, services, protocols, and standards, interact with vendors, outsourcers, and contractors to obtain new services and products.

Qualifications

• Bachelor’s degree in computer science or in “STEM” Majors (Science, Technology, Engineering and Math), a similar technical field of study

• 5+ years of experience in Information Security, Cyber Security and related technologies.
• Knowledge and experience in security architecture, risk assessment techniques, information security frameworks and standards like ISO/IEC 27001.
• Experience in application architecture design processes and infrastructure security.
• Experience breaking down complex systems and applications to find Security flaws and gaps.
• Solid understanding of secure network and system design.
• Knowledge in designing and developing application authentication and authorization systems.
• Knowledge and Experience in Software Development Life Cycle (SDLC) processes.
• Understanding of the OWASP Top 10 application security risks.
• Ability to communicate complicated technical issues and the risks.
• Experience with administration of related security tools (Vulnerability Scanners, WAF, SAST/DAST, etc.)
• OSWP, GWAPT, eWPTX and related certificates are a big plus.
• Risk frameworks and management knowledge is a plus.
• Working in harmony with people and other resources to achieve specific results.
• Ability to participate through collaboration with effective stakeholder management while conveying the sound of stakeholders.
• Expert troubleshooting capabilities and solid problem-solving skills with a proactive approach.
• Enthusiastic about solving business challenges effectively, utilizing customer-centricity, design thinking and lean start up methodologies.
• Strong communication, documentation, presentation and writing skills with proficiency in Microsoft Office tools.
• Fluency in written and spoken English.