Tata Elxsi is among the world’s leading providers of design and technology services across industries, including Automotive, Broadcast, Communications, and Healthcare. Tata Elxsi is helping customers reimagine their products and services through design thinking and the application of digital technologies such as IoT (Internet of Things), Cloud, Mobility, Virtual Reality, and Artificial Intelligence.

We are seeking a skilled Cloud Security Architect with 9+ years of experience in AWS and Azure Cloud.

Key Responsibilities:

• Understand the customer security policy, standards and regulatory requirements to design and implement the security tools or solutions
• Develop security criteria, procedures, and policies based on Standards, Regulations and best practices
• Collaborating with cross-functional teams to define cloud security framework and architecture, ensuring it meets the business requirements 
• Integrate security into the development lifecycle of software (SDLC)
• Provide guidance on systems hardening for cyber resilience
• Regularly evaluate new security solutions and products
• Conduct risk assessments and develop risk mitigation strategies
• Ensure that cloud-based solutions are secure and compliant with industry standards
• Security is integrated into every aspect of the architecture, including identity and access management (IAM), encryption, network security, and compliance controls.
• Design and implement security measures such as encryption, network segmentation, multi-factor authentication (MFA), Firewall, intrusion detection/prevention systems, SIEM, WAF, DDOS Protection.
• Deploy security monitoring and logging tools to detect and respond to security incidents, ensuring rapid threat identification and mitigation.
• Perform regular security assessments and audits of the cloud infrastructure, applications, and configurations to identify vulnerabilities and areas for improvement.
• Design disaster recovery (DR) and business continuity (BC) plans to mitigate the impact of outages, data loss, and other disruptions to business operations.
• Support team to implement the Backup and retention in line customer requirements
• Conduct regular DR and BC tests and simulations to validate recovery procedures, identify weaknesses, and refine response plans.
• Participating in architectural discussions and decision-making processes to ensure alignment with business goals and best practices.
• Documenting architectural designs, configurations, and implementation guidelines for reference and knowledge sharing.
• Providing mentorship and guidance to junior team members on cloud security architecture principles, best practices, and technologies.
• Participate in agile ceremonies such as daily stand-ups, sprint planning, and retrospectives to provide updates on security related tasks and initiatives.
• Contributing to developing and maintaining cloud governance frameworks, policies, and procedures.
• Collaborating with procurement and finance teams to optimize cloud spending and manage budgets effectively.
• Conduct comprehensive vulnerability assessments and penetration tests on networks, systems, and applications.
• Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff
• Utilize various open-source and commercial tools for vulnerability scanning and penetration testing (e.g., Nessus, Metasploit, Burp Suite).
• Stay up to date with the latest security threats, vulnerabilities, and attack techniques to proactively identify potential risks and provide recommendations for mitigation.
• Implement the Container Image scanning tools and collaborate with team to remediate security risk and vulnerabilities.
• Implement Static Application Security Testing (SAST) to analyse source code for security vulnerabilities.
• Making improvement proposals and defining action plans to optimize security capabilities in DevOps environments to ensure software security.
• Collaboration with Internal and external stakeholders in adopting security requirements in cloud environments.
• Security assessments in container environments (Docker, Kubernetes) and Security implementation in IaC (Infrastructure as Code).
• Analysis of evidence in assessing the cybersecurity maturity based on the DevSecOps software development
• Provide recommendations and guidance on secure coding practices to software development teams.
• Perform security configuration reviews and hardening of systems.
• Perform the Threat modelling for applications.
• Managing the PKI and SSL CA in Cloud Environment

Skills Required:

• Experience architecting Amazon Web Services (AWS) and Microsoft Azure solutions
• Experience evaluating, designing, implementing, optimizing, and documenting a comprehensive and extensive array of security technologies and processes
• Knowledge of enterprise application software (architecture, development, support, and troubleshooting)
• Experience performing threat modeling and design reviews to evaluate the introduction of new technologies’ security implications and requirements
• Capacity to work in a team environment; excellent interpersonal and communication skills
• Knowledge of security frameworks, standards and regulations such as ISO 27001, NIST, SOC2, GDPR, DPDPA
• Familiarity with cloud platforms and services such as AWS, Azure, or Google Cloud. 
• Ability to conduct risk assessments and develop risk mitigation strategies. -
• Excellent problem-solving and analytical skills
• Good understanding of application frameworks, security design patterns and principles
• Hands-on experience in AWS native security solutions such as AWS IAM, AWS GuardDuty, AWS Inspect, AWS Network Firewall, AWS WAF, AWS ALB, NLB, API Gateway, VPC, Secret Manager, KMS, ACM, AWS Private CA
• Hands-on experience in Azure native security solutions such as Azure Security Center, Azure Sentinel, Azure VM, Azure App Gateway, WAF, Azure Firewall
• Proficiency with security testing tools such as Nessus, Burp Suite, MobSF, SonarQube, Nmap, Metasploit, etc.
• Excellent understanding of web application architecture and Secure Software development life cycle (SSDLC)
• Knowledge of common vulnerabilities and exposures (CVEs).
• Hands-on experience in MITRE ATT&ACK and Cyber Kill Chain methodologies
• Experience with network security, data hiding, and encryption techniques.
• Expertise in scripting languages like Python, Bash, or PowerShell.
• Strong understanding of IT security standards and frameworks (e.g., OWASP, NIST, SANS Top 25, ISO 27001).
• Document findings, methodologies, and recommendations in clear and concise reports.
• Should have knowledge, thorough understanding on various Threat Modelling frameworks and Risk Rating Standards such as STRIDE, CVSS etc
• Experience and knowledge of devsecops, integrations and onboarding of applications and tools into the CI/CD pipeline.
• Strong knowledge on Infrastructure as Code (IaC).
• Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications, and networks
• Strong experience in operating system and application security hardening and best practices
• Experience conducting assessments for solutions consisting of a variety of technology stacks and architectural implementations and hosting providers
• Exposure and understanding of enterprise solutions from a functional and security perspective
• Knowledge on Secure coding practices
• Strong knowledge on Cryptography
• Strong analytical and problem-solving skills.
• Excellent communication and teamwork skills.
• Experience designing and securing cloud-native services such as containers (Docker, Kubernetes), serverless architectures (AWS Lambda, Azure Functions), and microservices.
• Knowledge of secure cloud networking (VPCs, security groups, network peering) and data protection practices
• Experience in Managing the PKI and SSL CA management
• Relevant certifications (e.g., AWS Security Speciality, CEH, CCSP, SSCP, Azure Security Engineer, Azure Security Architect) preferred.