Advanced Cyber Security Architect/Engineer in Pune

Sparta Systems is seeking an exceptionally skilled and experienced Advanced Cyber Security Architect/Engineer to provide expert-level leadership in product security for embedded and cloud-deployed applications. This critical role drives secure architecture by design, manages product risk, ensures regulatory compliance, and fosters a culture of security throughout the development lifecycle, directly impacting the safety and security of our advanced technology solutions.

Key Responsibilities:

• Lead product risk management and security control implementation with development teams.
• Drive secure architecture by design, conduct comprehensive security risk assessments, and implement defense-in-depth strategies with multi-layered security controls.
• Identify security gaps and define effective remediation approaches.
• Conduct threat modeling for embedded products and web applications, communicating security risks proactively.
• Provide security architecture guidance and support to promote security-by-design principles across a large development organization.
• Integrate best-in-class security requirements into product and service offerings, providing architecture and best practice guidance.
• Support product security processes including threat modeling, security requirements definition, security reviews, threat vulnerability assessments, and risk management, particularly for aerospace applications.
• Ensure a strong background in product architecture and development with Secure Software Development Lifecycle (SDLC) experience.
• Stay current with emerging security threats and exploitation techniques.
• Develop, secure, and drive security requirements for Embedded & IIoT-based Avionics Products on RTOS platforms like VxWorks and Deos.
• Secure Commercial Cloud, Hybrid, and Private cloud-deployed applications, including Containers and VMs, through secure configurations and periodic security reviews.
• Mentor and train the engineering development community, facilitating the adoption of shift-left security practices.
• Lead new initiatives to enhance Secure Software Development Lifecycle (SDL) processes and procedures.
• Understand design objectives such as DO-178B/C, DO-326A, DO-355, and DO-356A for continuous airworthiness and security.
• Contribute to certifying and meeting compliance for embedded products in aircraft cockpits with authorities like FAA and EASA.

Skills and Qualifications:

• Expertise in threat modeling for embedded products and web applications.
• Strong background in product architecture and development with Secure SDLC experience.
• Deep understanding of security by design principles.
• Experience securing Embedded & IIoT Avionics Products on RTOS platforms (VxWorks, Deos).
• Experience securing cloud-deployed applications (Commercial, Hybrid, Private), including Containers and VMs.
• Excellent interpersonal, negotiation, and conflict resolution skills.
• Familiarity with Agile software development practices.
• Experience with DevSecOps and CI/CD pipelines, including security tooling.
• Proficiency with security tools such as SD Elements, BlackDuck Hub, Microsoft Threat Modeling Tool, SAST (Coverity, SonarQube), DAST (Burp, ZAP, AppSpider), Fuzzing, Vulnerability management, and continuous monitoring tools.
• Sound understanding of Cryptography, PKI, Secure Boot, and Open-source risk management.
• Strong leadership, team-building, and stakeholder management skills.
• Effective communication, relationship management, analytical, decision-making, and problem-solving skills.
• Commitment to continuous learning and upskilling the team.
• Bachelor's degree or equivalent experience in Cyber Security or IT.
• Information Security accreditation (CISSP, CSSLP) is valued.
• Cloud Security or Solutions Architecture certifications (Azure, AWS, GCP) are valued.