Security Architect

The Security Architect is responsible for partnering with internal and client servicing teams to provide information security, cyber architecture insights and guidance in order to adequately architect and deliver client solutions. The Security Architect identifies, prioritizes and implements security related requirements enabling project teams to deliver security architecture controls in IT solution through effective risk management and threat modelling.

Key Role Responsibilities:

The role applies to and requires specialization in the following technology categories:

  • Information Security
  • Infrastructure Security
  • Application & Data Security
  • Cloud Security


This role will also play a key role in the sales engagement process, driving security controls assessment throughout the pre-sales engagement and help customer on delivering the architecture. Preferably have experience across Microsoft Security - Identity Access Management (Active directory controls), Azure Security, M365 (Office365, Windows and EMS) and Security Management controls.

The Security Architect will evangelize security and be an advocate for customer trust and also provide key link between the Sales and services delivery teams, requiring awareness to work in line with the agreed sales business drivers through:

  • Demonstration of market / industry experience and knowledge, assistance in sales.
  • Provide technical leadership and mentoring to other Solution Architects in the team as appropriate.
  • Support solutioning and security architecture controls for customer with respect to Information, application, data, infrastructure security.
  • This role will have 60% delivery and 40% pre-sales participation/support to drive create security solutions for engagements.
  • Part of delivery work - Analyze, requirements development, research, design and develop secure implementations of technology solutions in areas of application security, data security, platform security, vulnerability assessment process using latest security tools and practices.
  • Review existing security polices and regulatory requirements to enhance security practices.
  • Provide advisory to the management team and deliver Thought Leadership through speaking engagements with staff to share on best security practices.
  • Oversee the development, implementation, and maintenance of information security, including access management, vulnerability assessments, penetration testing, infrastructure, and regulatory compliance.
  • Perform risk assessments of threats of system's vulnerabilities and present recommendations of risk mitigation options and implement accordingly.
  • Manage reporting, investigation, and resolution of data security incidents
  • Analyze business needs and oversee security architecture, administration, and policy planning to lessen possibility of security breach.
  • Provide guidance and direction on best practices for the protection of information. Act as a subject matter expert (SME)
  • Ensure compliance with region regulations and privacy laws.

Key Role Skill & Capability Requirements:

Technical Requirements

  • Demonstrable experience identifying, providing and validating security requirements of IT solutions (design and implementation), preferably in a consulting environment
  • Experienced user of methods and identification tools for risks and security threats
  • Good grasp in latest security trends, landscape and application security i.e. Open Web Application Security Project (OWASP)
  • Knowledge of information security standards (i.e. ISO 27001/27002, PCI, NIST and aware of MTCS Cloud Standards.
  • Lead as a Practitioner supporting through Information Security, compliance, data protection controls.
  • Experience with operating systems, database platforms, web technologies, firewalls and programming languages along with understanding of vulnerability tools, red teaming.


Non-Technical Requirements

  • Excellent English written and verbal communication skills and ability to effectively convey Security risks to technical and non-technical stakeholders
  • Ability to work with minimal supervision and research, formulate and present a point of view to technical and business stakeholders
  • Experience with the provision of advisory services in large scale technology projects working effectively with clients and Avanade team members across all levels

Preferred Certifications:
Certified candidates in related Security certifications (i.e. CISSP, GSEC, CISM, or CISA) preferred

Preferred Education Background:
You will likely have a Bachelor's degree in computer science or related field from an accredited college or university
MS in Information Security preferred

Preferred Years of Work Experience:
You will likely have 6-8+ years of IT experience focused on an Information Security background with Application, Data & infrastructure work experience

Preferred Years of Management Experience:
3+ years managing complex teams of business and technical resources

Scope of Work:

Nature of Work: Creates and implements work plans for assigned projects, programs, and/or clients against established operational objectives; supports translation of group strategy into objectives and work plans.
Scope of Work: Provides operational leadership for work efforts requiring significant coordination.
Complexity: Complex problems that consistently span work domains, requiring considerable judgment of contextual factors.
Discretion: Wide latitude in approach to work, including ability to reshape work plans, guided by professional best practices and domain expertise.
Organizational Impact: Work efforts have significant impact on near- and medium-term Avanade and/or client operations. If client-facing, should contribute to client-relationship and sales outcomes.
Supervision Received: Works independently, with occasional validation of work efforts against strategic and operational objectives. Significant latitude in judgment & approach.
Supervision Provided: Mentors and manages work efforts of more junior colleagues and team members as required by various workstreams; may formally supervise work of project teams. If managing team(s) of more junior employees full-time, then refer to the People & Business Leadership levelling criteria. Often serves as Career Advisor.
Knowledge Applied: Applies advanced knowledge of learned occupation / discipline and strong business operational acumen.

Accountabilities & Metrics:

  • Chargeability target
  • Personal goals


Back to top