Ministry of Public and Business Service Delivery and Procurement
As a Senior Security Architect in our security architecture practice, you will co-develop digital enterprise solutions alongside application, platform product, and operations teams—embedding cyber security by design principles from the outset. You’ll lead client-facing consultative engagements, perform end-to-end security assessments, architecture, and create repeatable architecture patterns and guidelines that ensure compliance with internal standards and industry best practices.
Key Responsibilities
- Partner with business, product, and engineering stakeholders to define security requirements and translate them into architecture designs.
- Conduct threat modeling, risk assessments, and security analyses at inception, design, and implementation phases.
- Develop and maintain reusable “secure-by-design” patterns for cloud (IaaS/PaaS), SaaS, and hybrid deployments.
- Architect identity and access solutions: SSO, MFA, PKI, least-privilege controls, and federated identity.
- Design network and infrastructure controls: network segmentation, firewalls, security groups, SASE, micro-segmentation.
- Specify data-protection mechanisms: encryption key management, transparent data encryption, tokenization, and database activity monitoring.
- Integrate security telemetry—logs, events, and alerts—into SIEM (Splunk Cloud, Azure Sentinel) and SOAR workflows.
- Embed security requirements into DevSecOps pipelines using IaC tools and CI/CD integrations.
- Facilitate architecture review boards, governance gates, and security design workshops.
- Mentor and guide junior architects and engineers on secure architecture principles and patterns.
General Skills
- Demonstrated leadership in technical security architecture and solution delivery
- Deep expertise with at least two major public cloud platforms (AWS, Azure, GCP) and SaaS ecosystems
- Strong knowledge of application architecture, networking, and security operations
- Proficiency in structured design methodologies and ITIL processes
- Excellent verbal and written communication; skilled at presenting to technical and executive audiences
- Collaborative team player with strong interpersonal, negotiation, and stakeholder-management skills
- Solid analytical, problem-solving, and decision-making abilities
- Awareness of emerging security technologies, trends, and compliance requirements
Experience & Skill Set Requirements
1. Core Security Technology Domains (45%)
- Identity & Access Management: SSO, MFA, PKI, OAuth/OIDC, SAML, RBAC/ABAC
- Infrastructure Security: IaaS/PaaS hardening, VPC/VNet/VCN and subnet segmentation, firewalls, Network Security Groups, SASE
- Data Protection: KMS/Vault, Transparent Data Encryption, tokenization, Data Loss Prevention, Database Activity Monitoring
- Application Security: Secure SDLC, threat modeling (STRIDE, DREAD), container and serverless security, API gateway, WAF
- Security Operations Tools: SIEM (Splunk Cloud, Azure Sentinel) ingestion, correlation searches, dashboards; SOAR automation; EDR (Defender, Cortex XDR)
2. Agile Project Delivery (15%)
- Hands-on experience with Agile/Scrum: backlog management, user-story creation, sprint planning, stand-ups, retrospectives
- Embed security requirements and automated tests into CI/CD pipelines
- Facilitate cross-functional workshops to align SecOps, DevOps, and product teams
3. Architecture & Design Expertise (35%)
- Apply frameworks (TOGAF, NIST CSF, CIS Controls) to digital solution blueprints
- Lead requirements gathering, conceptual, logical, and detailed design phases
- Develop solution design artifacts: architecture diagrams, data-flow models, sequence diagrams, policy matrices
- Provide implementation guidance: infrastructure-as-code templates, configuration guidance, logging-agent deployments
- Chair architecture review boards, capture decisions, and enforce governance processes
4. Public Sector & Regulatory Awareness (5%)
- Prior public-sector or regulated-industry experience is an asset
- Familiar with mandates and standards (FIPPA, PHIPA, PCI DSS, AODA, ISO 27001)
- Embed audit trails, data-retention policies, and compliance controls into design deliverables
Closing Date/Time: 2025-12-08, 1:00 p.m. EST
Max submission: 1 (one)
• From October 20, 2025, the candidate is required to work onsite 4 days a week and 1 day from home
• From January 5, 2026, the candidate is required to work onsite 5 days a week fully
Must Have:
Cyber security Architect:
SIEM (Splunk Cloud, Azure Sentinel) – must have
Experience with ServiceNow – design and integration to support CSOC monitoring and threat use case development.
7+ years of experience with Architecture – Security and Enterprise.
Experience with stakeholder management and working with clients (engaging for security design).
Experience developing enterprise information security program (DLP, insider risk management, etc. )
