Security Architect – Cloud & Platform Security (IFS Cloud)

Security Architect – Cloud & Platform Security (IFS Cloud)

  

This role has been designed as ‘Hybrid’ with an expectation that you will work on average 2 days per week from an HPE office.

Job Description:

   

HPE Operations is our innovative IT services organization. It provides the expertise to advise, integrate, and accelerate our customers’ outcomes from their digital transformation. Our teams collaborate to transform insight into innovation. In today’s fast paced, hybrid IT world, being at business speed means overcoming IT complexity to match the speed of actions to the speed of opportunities. Deploy the right technology to respond quickly to market possibilities. Join us and redefine what’s next for you.

Job Family Definition:

Provide technology consulting to external customers and internal project teams. Responsible for providing technical support and/or leadership in the creation and delivery of technology solutions designed to meet customers’ business needs and, consequently, for understanding customers’ businesses. As trusted advisor create and maintain effective customer relationships so as to insure customer satisfaction. Maintain knowledge of leading edge technologies and industry/market domain knowledge. Actively contribute to the company’s solutions portfolio by providing information ranging from technical knowledge to methodologies based on experience gained from customer projects. Shape technical direction and technical strategies within the organization and for external customers. Accountable for consistent and significant chargeability levels (or expense relief for internal project teams) and for assisting in meeting or exceeding revenue and customer satisfaction goals. Contribute to organization’s profitability by generating and cultivating new business opportunities and by providing technical support for deal proposal development.

Management Level Definition:

Contributions have visible technical impact on a product or major subcomponent.  Applies in-depth professional knowledge and innovative ideas to solve complex problems. Visible contributions improve time-to-market, achieve cost reductions, or satisfy current and future unmet customer needs. Recognized internal authority on key technology area applying innovative principles and ideas. Provides technical leadership for significant project/program work. Leads or participates in cross-functional initiatives and contributes to mentorship and knowledge sharing across the organization.

Responsibilities:

• Key Responsibilities 

  1. Architecture 

  • Define target security architecture for Foundational IFS Cloud and IaaS/PaaS/SaaS layers. 

  • Establish defense-in-depth and zero-trust architectures across network, compute, storage, identity, and application layers. 

  • Define reference architectures, secure design patterns, and guardrails for cloud services. 

  • Ensure shared responsibility clarity between cloud foundation, platform services, and customers. 

  2. Account Management & Separation 

  • Architect secure multi-tenant account structures with strong isolation. 

  • Define account separation models for: 

  • Management, production, non-production 

  • Customer tenancy isolation 

  • Enforce least privilege, blast-radius reduction, and strong boundary controls. 

  3. Identity & Access Management (IAM) 

  • Define enterprise IAM architecture across Foundational Cloud and cloud services. 

  • Enforce Zero Trust IAM: 

  • MFA, RBAC/ABAC, PAM, Just-in-Time access 

  • Integrate IAM with cloud platforms, SaaS applications, APIs, and DevOps pipelines. 

  • Ensure identity lifecycle governance (joiner/mover/leaver). 

  4. IT & Information Security Incident Management 

  • Architect security incident detection, response, and escalation frameworks. 

  • Integrate SIEM, SOAR, SOC, threat intelligence across all cloud layers. 

  • Define incident response playbooks aligned to regulatory and customer SLAs. 

  • Support forensic readiness and regulatory reporting. 

  5. Asset & Configuration Management 

  • Define authoritative asset inventory across infrastructure, platforms, applications, and APIs. 

  • Enforce secure configuration baselines aligned to CIS, OEM, and regulatory benchmarks. 

  • Enable configuration drift detection and remediation using automation. 

  • Ensure visibility across Foundational Cloud and customer environments. 

  6. Change & Release Management 

  • Embed security controls into CI/CD pipelines (DevSecOps). 

  • Define security gates for changes and releases across IaaS/PaaS/SaaS. 

  • Ensure traceability, approvals, and rollback mechanisms. 

  • Align with ITSM and regulatory change control expectations. 

  7. Patch Management 

  • Define patching strategies for OS, middleware, platforms, containers, and cloud services. 

  • Establish risk-based patch prioritization. 

  • Ensure non-disruptive patching aligned to availability and resilience requirements. 

  • Govern patch compliance reporting. 

  8. Data Protection 

  • Architect data security and privacy controls across the cloud stack: 

  • Encryption at rest and in transit 

  • Key management (KMS/HSM) 

  • Tokenization and masking 

  • Define data classification, retention, residency, and sovereignty controls. 

  • Ensure protection for customer, regulatory, and sensitive financial data. 

  9. Vulnerability Management 

  • Architect continuous vulnerability assessment across infrastructure, platforms, apps, APIs. 

  • Integrate SAST, DAST, SCA, container scanning, and infrastructure scanning. 

  • Define risk acceptance, remediation SLAs, and exception handling. 

  • Provide visibility for Foundational Cloud and cloud services. 

  10. Physical & Environmental Security 

  • Ensure data center and facility security alignment with cloud security architecture. 

  • Validate environmental controls, access restrictions, and redundancy. 

  • Ensure physical security controls align with logical security and resilience models. 

  11. Security Governance 

  • Define security policies, standards, and control frameworks for IFS Cloud. 

  • Ensure alignment with RBI, CERT-In, ISO 27001, PCI-DSS, SOC2, and customer mandates. 

  • Govern third-party and supply chain security. 

  • Act as security authority during architecture and design reviews. 

  12. Security Assurance 

  • Define continuous control assurance and compliance monitoring. 

  • Support internal audits, external audits, regulatory inspections, and certifications. 

  • Ensure evidence generation and traceability across all services. 

  • Drive security posture reporting to leadership and regulators. 

  13. Resilience 

  • Architect security-aware resilience and DR designs. 

  • Ensure secure failover, backup protection, ransomware resilience, and recovery assurance. 

  • Participate in BCP / DR drills and regulatory testing. 

  • Align resilience controls across Foundational Cloud and cloud services. 

  Controls & Tooling Expectations 

  • Ensure controls and tools are reusable and consistent across: 

  • Foundational IFS Cloud 

  • IaaS, PaaS, SaaS offerings 

  • Leverage: 

  • IAM / PAM platforms 

  • SIEM / SOAR 

  • CSPM / CWPP / CIEM 

  • Vulnerability & compliance tools 

  • Ensure automation-first security operations. 

  What you need to bring:

Education and Experience Required:

• 12+ years of professional experience and a Master of Arts/Science or equivalent degree in computer science or related area of study; without a Masters degree, three additional years of relevant professional experience (15+ years in total).

Accountability, Accountability, Active Learning, Active Listening, Bias, Business Growth, Client Expectations Management, Coaching, Creativity, Critical Thinking, Cross-Functional Teamwork, Customer Centric Solutions, Customer Relationship Management (CRM), Design Thinking, Empathy, Follow-Through, Growth Mindset, Information Technology (IT) Infrastructure, Infrastructure as a Service (IaaS), Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity, Process Improvements, Product Services, Relationship Building {+ 5 more}

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

#india

#operations

Job:

Services

Job Level:

TCP_05

    

    

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

   

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

   

No Fees Notice & Recruitment Fraud Disclaimer

 

It has come to HPE’s attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates.  These scammers often seek to obtain personal information or money from candidates.

 

Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process.  The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.