Security Architect

Location: Hyderabad

Department: Z- S&P SPGI ES Tech

Experience: 10+

Role Overview

Key Responsibilities

Red Team Operations & Penetration Testing

• Plan and execute red team engagements and penetration tests against web applications, APIs, internal services, and AWS cloud infrastructure, scoped and executed with clear rules of engagement.
• Simulate realistic attacker TTPs aligned with threat intelligence and frameworks such as MITRE ATT&CK (Enterprise and Cloud), tailored to the organizational threat model.
• Conduct full-scope assessments covering initial access, lateral movement, privilege escalation, persistence, and data exfiltration across application and cloud environments.
• Perform cloud-specific attack path analysis including IAM privilege escalation, metadata service abuse, cross-account access, misconfiguration exploitation, and container or serverless escape techniques.
• Execute CI/CD pipeline attack simulations covering supply chain compromise, secrets exposure, artifact tampering, and pipeline misconfigurations.
• Assess and exploit vulnerabilities in authentication and authorisation mechanisms, business logic, APIs, and data handling processes.
• Test multi-tenant platform boundaries to identify cross-tenant data access paths, context confusion, and shared-resource leakage.
• Assess AI and agentic system components, including prompt injection, tool-call abuse, agent privilege escalation, model output manipulation, and MCP/orchestration layer attack surfaces.

Security Control Validation & Remediation

• Independently validate the effectiveness of security controls implemented by engineering and platform teams, providing evidence-based assessments rather than checklist verdicts.
• Re-test remediated vulnerabilities to confirm fixes are effective and do not introduce new risks.
• Conduct adversarial reviews of proposed security architectures and AI/agentic system designs to identify potential bypasses, trust boundary violations, or design gaps.
• Challenge security assumptions through realistic attack simulations and communicate the business impact of exploitable gaps clearly.

Vulnerability Assessment & Research

• Perform application security assessments using structured methodologies including the OWASP Testing Guide, PTES, and emerging guidance for AI/LLM systems such as the OWASP Top 10 for LLMs.
• Assess AWS and cloud infrastructure through configuration review, privilege analysis, network exposure mapping, and detection gap identification.
• Assess data layer security including database access controls, ORM injection paths, data-tier privilege abuse, and financial data exfiltration routes.
• Evaluate secrets management practices across repositories, environment configurations, serverless functions, and managed secrets services.
• Research emerging attack techniques relevant to the ES technology stack and develop proof-of-concept exploits where appropriate.
• Contribute to the vulnerability management lifecycle with accurate risk ratings, regulatory exposure context, and practical remediation guidance.

Purple Team Collaboration

• Partner with Security Operations and Detection Engineering during purple team exercises to evaluate detection coverage and alert quality, producing ATT&CK coverage mapping and detection gap analysis as standard outputs.
• Develop and share attack playbooks, indicators of compromise (IOCs), and detection recommendations informed by red team findings.
• Identify and communicate logging and monitoring gaps uncovered during engagements, with specific attention to agentic workflow and API observability blind spots.

Reporting & Communication

• Produce clear, professional assessment reports documenting attack narratives, findings, supporting evidence, risk ratings, and remediation recommendations – framed in terms of regulatory exposure where relevant (SOC 2, MiFID II, DORA).
• Communicate findings effectively to both technical audiences (developers, engineers) and non-technical stakeholders (management, risk owners).
• Maintain engagement and findings tracking; contribute to security metrics and risk reporting dashboards.
• Present results in debrief sessions in a constructive, collaborative manner focused on risk reduction rather than fault.

Tooling & Continuous Improvement

• Maintain and enhance the red team toolset including custom scripts, automation, and exploitation tooling aligned to the ES technology environment and threat model.
• Develop internal tooling where commercial or open-source tools do not adequately cover ES-specific attack surfaces, particularly around agentic and multi-tenant systems.
• Stay current on offensive security research, CVE disclosures, cloud provider security updates, and AI/LLM attack research.
• Document methodologies, playbooks, and lessons learned to support programme maturity and knowledge transfer.

Required Qualifications

Technical Expertise

• 10+ years of hands-on experience in penetration testing, red teaming, or offensive security roles, with a track record of conducting full-scope assessments against complex, production systems.
• Demonstrated experience with application security testing including web applications, REST and GraphQL APIs, authentication and authorisation flows, and common vulnerability classes.
• Proven experience performing AWS cloud security assessments and exploiting cloud-specific attack paths including IAM, EC2, Lambda, S3, and ECS/EKS.
• Experience testing multi-tenant systems, with the ability to identify and exploit tenant isolation failures, context confusion, and shared-resource leakage.
• Practical experience assessing AI and agentic system security, including prompt injection, tool-call abuse, agent privilege escalation, and orchestration layer vulnerabilities. Familiarity with OWASP Top 10 for LLMs and emerging adversarial AI frameworks.
• Experience assessing data layer security including database access controls, ORM injection paths, and data exfiltration techniques relevant to financial services environments.
• Experience assessing secrets management posture across repositories, CI/CD pipelines, environment configurations, and managed secrets services.
• Experience conducting threat modelling using STRIDE or comparable methodologies, including for AI/agentic system components.
• Proficiency in at least one scripting or programming language (Python, Go, Bash, or PowerShell) sufficient to develop tooling, automate assessments, and understand application code under review.
• Strong understanding of networking fundamentals: TCP/IP, DNS, TLS, and HTTP/S.
• Strong understanding of Active Directory and associated identity-based attack techniques.
• Experience assessing CI/CD platforms and identifying pipeline security weaknesses including supply chain and secrets exposure vectors.
• Working knowledge of offensive security tools including Burp Suite, Metasploit, BloodHound, Nmap, Nuclei, and cloud-specific tooling such as Pacu, ScoutSuite, and Prowler.
• Familiarity with defensive technologies including WAFs, EDR, SIEM platforms, and cloud-native security controls, sufficient to reason about detection gaps and evasion.
• Ability to produce high-quality assessment reports that clearly articulate technical findings, business impact, and regulatory exposure to both engineering and senior business audiences.

Preferred Qualifications

Offensive Security Expertise

• Experience with container and Kubernetes attack techniques including RBAC abuse, privilege escalation, secrets extraction, and container escape.
• Familiarity with software supply chain and CI/CD attack vectors such as dependency confusion and artifact signing bypass.
• Experience with OAuth 2.0 and OpenID Connect attack scenarios including token misuse, redirect abuse, and scope escalation.
• Knowledge of serverless and cloud-native architectures and their associated attack surfaces.
• Experience developing or extending offensive security tooling including custom payloads and evasion techniques.
• Familiarity with API gateway and service mesh attack surfaces, including mTLS bypass and fine-grained authorisation abuse.