Security Architect – Damascus, Syria

About the role

The Security Architect will lead the design and governance of the security architecture for a large‑scale enterprise application platform in Damascus. The role covers application, infrastructure, data protection, identity, API and container security, ensuring compliance with financial and operational systems.

Key responsibilities

• Define end‑to‑end security architecture across applications, databases, operating systems, containers, APIs, mobile apps and integration layers.
• Specify authentication, authorization, SSO, RBAC, least‑privilege and segregation‑of‑duties requirements.
• Integrate secure IAM, ERP, network and enterprise API solutions.
• Establish API security controls such as OAuth2, OpenID Connect, SAML, mTLS, certificates and token handling.
• Guide secure deployment on Linux, virtual machines, OpenShift, Kubernetes or equivalent platforms.
• Implement data protection measures including encryption at rest and in transit, database security and audit logging.
• Support vulnerability assessments, penetration testing, remediation tracking and secure release governance.
• Define DevSecOps gates for code, dependency and container image scanning and secret management.
• Ensure security logging, SIEM integration, monitoring, incident‑response readiness and audit‑trail coverage.

Required profile

• 10+ years of experience in cybersecurity, security architecture or related fields.
• Proven experience securing enterprise applications used by large internal and external user groups.
• Strong knowledge of IAM, SSO, RBAC, API security and data‑protection frameworks.
• Experience with Linux security, database security, web/mobile application security and secure integrations.
• Relevant certifications such as CISSP, CISM, CCSP, Certified Kubernetes Security Specialist or ISO 27001 Lead Implementer/Auditor.

Required skills

• IAM, SSO, RBAC, least‑privilege access controls
• OAuth2, OpenID Connect, SAML, mTLS, API gateway security
• Linux, virtual machines, OpenShift, Kubernetes
• Encryption at rest and in transit, database security, backup protection
• Vulnerability assessment, penetration testing, remediation tracking
• DevSecOps pipelines, code scanning, dependency scanning, container image scanning, secret management
• SIEM integration, security logging, monitoring, incident response