Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformIoTKubernetesSDLCGCPGoogle CloudSSOAgileLeadershipMentoringCommunicationOWASPCloud SecurityZero Trust
About this role
Role Overview
- Define and institutionalize Secure SDLC framework across AVEVA solutions
- Embed security controls into design, development, testing, deployment, and maintenance.
- Establish and perform threat modeling, secure coding standards, and code review practices.
- Own security architecture for applications, APIs, cloud workloads, and supporting platforms.
- Establish & perform secure coding standards and developer enablement (secure coding playbooks, training, guardrails).
- Ensure vulnerability management and patch governance across product lifecycle.
- Develop reference architectures focused on cyber security for cloud, on-prem, IoT, and hybrid environments.
- Conduct architecture risk assessments and security design reviews.
- Lead Zero Trust, identity, encryption, and data protection strategies.
- Define security patterns aligned to industry standards (ISO 27001, NIST, IEC 62443, etc.).
- Conduct product risk assessments and cybersecurity impact analysis.
- Has knowledge of EU Cyber Resilience Act
- Ensure “secure-by-default” configuration in products with digital elements.
- Prepare for regulatory audits and compliance certifications.
- Conduct product risk assessments and cybersecurity impact analysis.
- Guide developers & tester for secure testing.
- Support creation of compliance artifacts (architecture documentation, risk assessments, security requirements, SBOM processes, vulnerability handling process)
Requirements
- 10-15 years in cybersecurity with strong experience in security architecture and application/product security.
- Proven experience building and running a Secure SDLC program in agile/DevOps environments.
- Strong expertise in Secure SDLC frameworks.
- Strong Hands-on knowledge of: Threat modeling (STRIDE, attack trees) security design reviews, secure coding practices SAST, DAST, SCA tools SBOM (CycloneDX, SPDX) Cloud security (AWS, Azure, GCP) OWASP Top 10, API security, authentication/authorization (OAuth2/OIDC, SSO, RBAC/ABAC) Container & Kubernetes security Vulnerability management lifecycle and tooling integration
- Working knowledge of EU Cyber Resilience Act (CRA) concepts and practical implementation needs: Knowledge of global cybersecurity regulations (NIS2, GDPR, etc.).
- Experience preparing technical documentation for regulatory audits.
- Strong communication: translate security risk into engineering actions and business impact.
- Ability to drive adoption without “blocking” delivery—pragmatic and risk-based.
- Leadership, mentoring, and cross-functional influence.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
- IoT
- Kubernetes
- SDLC
Benefits
- Gratuity
- Medical and accidental insurance
- very attractive leave entitlement
- emergency leave days
- childcare support
- maternity, paternity and adoption leaves
- education assistance program
- home office set up support (for hybrid roles)
- well-being support