Platform and Infrastructure Security Architect at Equity Bank Kenya

Job Purpose:   

The Platform and Infrastructure Security Architect is primary responsibility will be to design measures to protect the corporate data from leakage. Provide requirements for implementing strategic direction and business requirements on data loss protection. 

The Platform and Infrastructure Security Architect will ensure data loss protection design is well coordinated to achieve  full data protection on systems, network, infrastructure, and cloud, remote workers, contractors and vendors. 

Job Responsibilities/ Accountabilities: 

Architecture: 

• Involve in infrastructure design with a Security focus 
• Design Data Loss Prevention (DLP) and Information Classification tools, M365 DLP and Azure Information Protection. 
• Designing of key network and infrastructure security solutions and controls such as firewalls, SD-WAN, WAF, DDoS protection, IPS, Web Proxy, EDR. 
• Designing of SASE solutions and cloud-based service delivery of traditional security controls (e.g. content filtering, firewall) 
• Designing of cloud infrastructure security designs (IaaS and PaaS), MS Azure preferred 
• Broad knowledge of Information Security, IT and industry best practices 
• Providing technical direction on all areas of data security, including strategy, architecture roadmap, policies, standards, procedures, and governance. 
• Leading the Architecture, design and implementation guidance for Data Security program including techniques such as data obfuscation, masking, tokenization, encryption technologies. 
• Providing guidance to technical teams on architectural, design, procedural best practices for data security in hybrid environments (on-prem and cloud-based such as AWS, Azure, GCP)  
• Developing security best practices for integrations between data producers, data lake, data consumers, API, and application integrations  
• Designing & architect data protection mechanisms for protecting data at rest and data in transit  
• Develop data security best practices for protecting corporate data in M365 cloud 

Strategy: 

• Excellent understanding of best practice infrastructure and network architectures  
• Documnet and communicate security solution roadmap to head of department and the bsuiness  

Qualifications

Knowledge and Experience 

• BS/BA in Computer Science, Information Technology, Engineering, or related field AND 5+ years’ experience in technology solutions, practice development, architecture and consulting. 
• Proven success and expertise in architecting innovative security solutions primarily in a client-facing role 
• Experience giving presentations to executive audiences and explaining the benefits of the Microsoft security platform 
• Track record of delivering quality solutions as a Security technical leader 
• Deep technical knowledge of Microsoft security and identity technologies, such as Active Directory, Azure Active Directory, Microsoft Defender for Endpoint, Azure Defender for Identity, Azure Security Center/Azure Defender, Azure Sentinel, and M365 Security & Compliance technologies 
• Knowledge of Cybersecurity concepts and mitigation practices, such as Advanced Persistent Threat (APT), Credential Theft, Zero Trust, Privileged Access Management, Just-in-time Administration, etc. 
• Knowledge of Security Assessments and Reviews 
• Knowledge of security, threat modelling, incident response and recovery techniques 
• Knowledge of Hybrid Cloud and Workload Security configurations and practices. 
• Knowledge of Security Standards, Policies and Governance frameworks 
• Knowledge of industry and government cybersecurity frameworks and regulations, such as NIST Cybersecurity Framework, NIST 800-53, FINRA and CMMC. 
• Microsoft AZ-500 and MS-500 certification or equivalent AWS, GCP or OpenStack certified 
• Knowledge and certification in modern project delivery methods, such as DevOps and Agile/SCRUM. 
• Knowledge and use of product management methodologies and Scaled Agile Framework 
• Familiarity with structured architectural methodologies 

Key Critical Competencies 

• Experience of designing and architecting secure infrastructure services to meet business requirements across a range of technology areas. 
• Strong experience of deploying and securing cloud environments (Azure, AWS or Google Cloud). 
• Solid experience of Microsoft 365 security and authentication technologies such as Active Directory, Azure Active Directory. 
• Demonstrable experience of securing, designing, deploying and installing enterprise applications 
• Knowledge of Intune, Email security platforms, Enterprise Antivirus 
• Experience of installing and supporting diverse server hardware. 
• Experience of managing Windows Server, Exchange, Linux, VMWares, SCCM and Windows 10. 
• Excellent negotiation, and written and verbal presentation skills 
• Ability to handle high pressure situations with key stakeholders 
• Good Analytical skills, Problem solving and Interpersonal skills

Communication:   

• You will be a self-motivated and dynamic individual who is able to champion secure infrastructures, be adaptable and flexible and able to adjust to a new situations and environments  
• Effective oral and written communication skills, with a logical and pragmatic approach to tasks  
• Ability to communicate with people at all levels, including the ability to communicate complex technical information to non-technical users

Budgets/ Financial Input 

• Provide input to the head of team on budget where required or assign