AVEVA

Cybersecurity Architect, Secure Development Lifecycle

AVEVA

full-time

Posted on:

Location Type: Hybrid

Location: HyderabadIndia

Visit company website

Explore more

AI Apply
Apply

Job Level

SeniorLead

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud PlatformIoTKubernetesSDLC

About the role

  • Define and institutionalize Secure SDLC framework across AVEVA solutions
  • Embed security controls into design, development, testing, deployment, and maintenance.
  • Establish and perform threat modeling, secure coding standards, and code review practices.
  • Own security architecture for applications, APIs, cloud workloads, and supporting platforms.
  • Establish & perform secure coding standards and developer enablement (secure coding playbooks, training, guardrails).
  • Ensure vulnerability management and patch governance across product lifecycle.
  • Develop reference architectures focused on cyber security for cloud, on-prem, IoT, and hybrid environments.
  • Conduct architecture risk assessments and security design reviews.
  • Lead Zero Trust, identity, encryption, and data protection strategies.
  • Define security patterns aligned to industry standards (ISO 27001, NIST, IEC 62443, etc.).
  • Conduct product risk assessments and cybersecurity impact analysis.
  • Has knowledge of EU Cyber Resilience Act
  • Ensure “secure-by-default” configuration in products with digital elements.
  • Prepare for regulatory audits and compliance certifications.
  • Conduct product risk assessments and cybersecurity impact analysis.
  • Guide developers & tester for secure testing.
  • Support creation of compliance artifacts (architecture documentation, risk assessments, security requirements, SBOM processes, vulnerability handling process)

Requirements

  • 10-15 years in cybersecurity with strong experience in security architecture and application/product security.
  • Proven experience building and running a Secure SDLC program in agile/DevOps environments.
  • Strong expertise in Secure SDLC frameworks.
  • Strong Hands-on knowledge of: Threat modeling (STRIDE, attack trees) security design reviews, secure coding practices SAST, DAST, SCA tools SBOM (CycloneDX, SPDX) Cloud security (AWS, Azure, GCP) OWASP Top 10, API security, authentication/authorization (OAuth2/OIDC, SSO, RBAC/ABAC) Container & Kubernetes security Vulnerability management lifecycle and tooling integration
  • Working knowledge of EU Cyber Resilience Act (CRA) concepts and practical implementation needs: Knowledge of global cybersecurity regulations (NIS2, GDPR, etc.).
  • Experience preparing technical documentation for regulatory audits.
  • Strong communication: translate security risk into engineering actions and business impact.
  • Ability to drive adoption without “blocking” delivery—pragmatic and risk-based.
  • Leadership, mentoring, and cross-functional influence.
Benefits
  • Gratuity
  • Medical and accidental insurance
  • very attractive leave entitlement
  • emergency leave days
  • childcare support
  • maternity, paternity and adoption leaves
  • education assistance program
  • home office set up support (for hybrid roles)
  • well-being support
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Secure SDLCthreat modelingsecure coding standardssecurity architecturevulnerability managementcloud securityAPI securitycontainer securityKubernetes securityregulatory audits
Soft Skills
strong communicationleadershipmentoringcross-functional influencepragmatic decision-makingrisk-based approach
Certifications
ISO 27001NISTIEC 62443