Freelance Security Architect – Secure Development Platform

Job Title: Freelance Security Architect – Secure Development Platform

Location: Remote (with occasional on-site visits if required)
Client: Financial Institution
Duration: Contract / Freelance

Overview:
We are seeking an experienced Security Architect to work with our client, a leading financial institution, to design and implement a secure development platform. This role involves ensuring a robust DevSecOps framework and integrating security best practices across their development tools, specifically GitLab, SonarQube, and GitLab Ultimate. Experience with Azure Cloud architecture is essential for this position, as the platform will be deployed on Azure infrastructure.

Key Responsibilities:

1. Platform Security Architecture & Design

   • Develop and implement a secure architecture for the client’s development environment, incorporating GitLab, SonarQube, and GitLab Ultimate.
   • Architect and document security processes and standards to integrate seamlessly within the existing infrastructure.
   • Define secure coding practices, review pipelines, and conduct code scanning to ensure comprehensive security coverage.

2. DevSecOps Implementation

   • Establish a DevSecOps framework that integrates security throughout the CI/CD pipeline.
   • Configure GitLab for secure collaboration, role-based access, and code reviews.
   • Enable security features and scanning within GitLab Ultimate and SonarQube to monitor code quality and vulnerabilities.

3. Cloud Security on Azure

   • Design and implement Azure-based security controls, IAM policies, and network segmentation for the development environment.
   • Leverage Azure’s security tools, such as Azure Security Center and Azure Key Vault, to strengthen security and compliance.
   • Ensure alignment with industry regulations (e.g., PCI-DSS, GDPR) relevant to financial institutions.

4. Collaboration and Client Engagement

   • Work directly with client development, security, and operations teams to ensure the security framework aligns with business and technical requirements.
   • Provide guidance and best practices on security measures, risk management, and compliance.
   • Conduct workshops or training sessions to enhance security awareness among developers and DevOps teams.

5. Continuous Improvement and Monitoring

   • Establish continuous monitoring and alerting for potential security threats.
   • Regularly review and update the security architecture to adapt to emerging threats and regulatory changes.
   • Recommend tools or services to enhance platform security and address client-specific needs.

Required Qualifications:

• Experience: 5+ years as a Security Architect or in a similar role with expertise in secure software development, cloud security, and financial industry standards.
• Technical Skills:
  • Strong experience with GitLab (including GitLab Ultimate) and SonarQube.
  • Proficiency in Azure architecture, specifically around security and compliance frameworks.
  • Deep understanding of DevSecOps principles and CI/CD security practices.
• Certifications: Azure Security Engineer (AZ-500), Certified Information Systems Security Professional (CISSP), or similar is a plus.
• Industry Knowledge: Familiarity with financial regulatory requirements (e.g., PCI-DSS, GDPR, ISO 27001) and experience implementing security in financial institutions.

Preferred Qualifications:

• Experience with container security (e.g., Docker, Kubernetes).
• Familiarity with automation tools for security auditing and monitoring.
• Prior experience working with or consulting for financial institutions.

Key Competencies:

• Excellent analytical and problem-solving skills with a proactive approach to security.
• Strong communication and collaboration skills, with the ability to work effectively in a client-facing role.
• Ability to translate complex security concepts for technical and non-technical stakeholders.