•We are looking for an Infrastructure & Identity Security Architect to define and drive our enterprise security architecture across cloud, infrastructure, networks, endpoints, and identity platforms. You will establish zero-trust security standards, develop reference architectures, and partner with engineering teams to build secure and scalable technology solutions.
+ ' ' + Zero-trust architecture design experience across identity, device, network, and workload pillarsCloud security architecture experience across AWS and AzureNetwork security architecture: segmentation, secure connectivity, zero-trust network access, and firewall/WAF design patternsEndpoint security architecture: device hardening baselines, device management, EDR architecture, and device-trust/posture designExperience in enterprise IAM/IDM depth: SSO, IdP, federation, and PAMIdentity and authorization protocols
•OAuth2/OIDC, SAML, SCIM, and consent/delegation modelsFamiliarity with digital identity and trust services (SİMA digital signature/identity) and KYC-driven identity assurance in financial servicesWorking understanding of Kubernetes cluster infrastructure (networking, node pools, control-plane connectivity) sufficient to set platform-network and connectivity standardsWorking knowledge of logging, monitoring, detection, and incident-response requirements for infrastructure and identity security controls. + ' ' + Opportunity to learn through workingFamiliarity with a real banking environmentGaining practical knowledge and experienceDevelopment of communication and customer service skillsImproving teamwork abilitiesSupport from a professional mentorChance to build a future career at Bir Ecosysem + ' ' + Own the enterprise zero-trust target-state architecture (NIST SP 800-207) across identity, device, network, and workload pillars, setting the standards other teams executeDefine the cloud and platform security reference architecture and standards across AWS, Azure, on-prem, and Kubernetes environments, including landing zones, account and posture baselines, SCPs/Azure Policy, secrets management, key management, certificate lifecycle, workload identity, and service-to-service authentication security guardrails that engineering teams implement.
Define the network security architecture and reference patterns: segmentation, secure connectivity, zero-trust network access, and Firewall, WAF standardsDefine the endpoint security reference architecture
Uyğunluğunuzu görün
Daxil olun və CV-nizi yükləyin, AI bu elana uyğunluğunuzu analiz edib məsləhət versin.
•device hardening baselines, EDR architecture standards, and device-trust and posture patterns feeding zero-trust access decisionsDefine the on-prem and bare-metal infrastructure security architecture — including the on-prem AI infrastructure hosting clusters and LLM serving environments — partnering with on-prem engineering teams on target-state designOwn the enterprise identity security architecture design — including IDM, SSO, IdP lifecycle, federation, PAM, FIDO2-based authentication, and access design for platform users and administrative access — and define the identity security requirements engineering teams implement.Provide architecture-stage design review and sign-off for infrastructure and identity changes, and recommend infrastructure, network, endpoint, and identity solutions and replacements through the Architecture CoEDefine logging, monitoring, and detection architecture requirements for infrastructure and identity platforms, ensuring security-relevant events from cloud, network, endpoint, IAM, PAM, Kubernetes, and administrative activities are available for central monitoring and incident response.Kapital Bank iş mühiti, əlavə fürsətlər və digər vakansiyaları görüntüləmək üçün Kapital Bank Life səhifəsinə keçid edin. Vakansiyalardan daha tez xəbərdar olmaq üçün Telegram kanalımıza abunə olun!