Principal Security Architect (GIT)

Lead the design of security architectures and standards across applications, infrastructure, cloud, and data. Act as technical lead in projects to ensure secure-by-design outcomes and oversee implementation quality. Partner closely with SOC and GRC to embed architecture controls, reduce systemic risk, and ensure alignment with NIST CSF 2.0 and Malaysian regulatory standards (NACSA, MCMC, Cyber Security Act 2024).

• Enterprise Architecture & Strategy
  • Define enterprise security architecture patterns (network, identity, application, cloud, data).
  • Develop reference designs for core controls: SIEM/SOAR, CNAPP, DLP/CASB, PAM, zero trust, endpoint security, API security.
  • Maintain security standards and design baselines mapped to NIST CSF 2.0 and internal policies.
• Project Engagement
  • Translate business and regulatory requirements (PDPA, NACSA/MCMC) into technical guardrails.
  • Review solution designs and conduct technical risk assessments.
  • Provide hands-on guidance during build—e.g., IaC guardrails, identity design, secret management, workload hardening.
• Chair/participate in Security Design Reviews and drive remediation plans.
• Create and maintain Design Decision Records and reusable patterns.
• Sign off on security non-functionals for new solutions to ensure consistency and compliance.
• Technology Lifecycle Management
  • Lead the 12–36 month security capability roadmap, including evaluating emerging technologies and running PoCs to validate solutions.
  • Set configuration baselines, tagging standards, and onboarding patterns for new apps/services.
• Cross-Functional Collaboration
  • Work with SOC for use case design, log onboarding and detection coverage.
  • Work with GRC for control testing and exception management.
  • Advise DevOps/Cloud teams on CI/CD security, SAST/DAST/IAST, SBOM, supply-chain risk.
• Strategic Thinking & Problem Solving: Demonstrated ability to align security architecture with long-term business goals while providing practical solutions to complex technical challenges.
• Stakeholder Management & Communication: Excellent interpersonal skills with the ability to communicate technical security concepts to both technical and non-technical audiences, including senior leadership.
• Technical Leadership & Influence: Proven track record of leading cross-functional teams and driving consensus on security standards and design decisions without direct formal authority.
• Continuous Learning & Agility: A proactive mindset regarding the evolving threat landscape, with a commitment to staying current on emerging security technologies, frameworks, and regulatory requirements.
• Attention to Detail & Analytical Rigor: A methodical approach to conducting risk assessments and reviewing solution designs to ensure no security gaps are overlooked.

• Experience: 12+ years in security engineering/architecture; led security design for complex systems, multi-cloud or cloud migrations.
• Technical Depth:
  • Identity & Access: Entra ID, MFA/SSO, Conditional Access, PAM.
  • Cloud security (Azure/AWS): Micro-segmentation, Landing Zones, CNAPP, KMS, secrets, workload identity.
  • App/API security: OAuth/OIDC, mTLS, WAF, rate limiting, SDLC integration.
  • Data protection: DLP/CASB, classification, encryption-at-rest/in-transit, key management.
  • Infra: Endpoint hardening, EDR, vulnerability management, patch orchestration.
• Methodologies:Threat Modeling, STRIDE, attack trees, reference architecture, Zero Trust Architecture, MITRE ATT&CK and D3FEND.
• Certifications: CISSP or CISM with ISO 27001 and TOGAF
  • Specialized: CCSP, Azure Security Architect (AZ-305/SC-100), AWS Security Speciality, CSSLP, SABSA, Google Professional Cloud Security Engineer, CCNP, Zscaler, GIAC GDSA/GCSA

• Comprehensive medical coverage for you and your immediate family, including outpatient care, hospitalisation, dental and optical benefits.
• Wellness support with an annual spending account for health-related needs, alternative treatments, or even paid-up premiums for personal insurance.
• Employee assistance during life’s big moments, from celebrations to times of bereavement.
• Learning & growth opportunities through dedicated time for learning, access to LinkedIn Learning and rewards for upskilling.
• Cash rewards for recognised certifications and full reimbursement for up to two approved professional memberships each year.

*Only shortlisted candidates will be notified.