Security Architect – Damascus, Syria

About the role

The Security Architect will lead the design and governance of security for a large‑scale enterprise application platform in Damascus. This full‑time onsite role focuses on protecting applications, infrastructure, data, and integrations across financial, procurement, identity, and operational systems.

Key responsibilities

• Define the end‑to‑end security architecture for the platform, covering applications, databases, operating systems, containers, APIs, mobile apps, and integration layers.
• Specify authentication, authorization, SSO, RBAC, least‑privilege and segregation‑of‑duties requirements.
• Ensure secure integration with IAM, ERP, network, planning/design, and enterprise APIs.
• Set API security standards including OAuth2, OpenID Connect, SAML, mTLS, certificates, token handling and API‑gateway controls.
• Guide secure deployment on Linux, virtual machines, OpenShift, Kubernetes or equivalent platforms.
• Define data‑protection controls such as encryption at rest and in transit, database security, backup protection and audit logging.
• Support vulnerability assessments, penetration testing, remediation tracking and secure release governance.
• Implement DevSecOps security gates: code scanning, dependency scanning, container image scanning and secret management.
• Maintain security logging, SIEM integration, monitoring, incident‑response readiness and audit‑trail coverage.

Required profile

• 10+ years of experience in cybersecurity, security architecture, application security, cloud or container security.
• Proven experience securing enterprise applications used by large internal and external user groups.
• Strong knowledge of IAM, SSO, RBAC, API security, data protection and enterprise security governance.
• Experience with Linux security, database security, web/mobile application security and secure integrations.
• Ability to support security reviews, audit requirements, vulnerability management and remediation governance.
• Preferred certifications: CISSP, CISM, CCSP, Certified Kubernetes Security Specialist, ISO 27001 Lead Implementer/Auditor, CEH, OSCP, GIAC.

Required skills

• IAM, SSO, RBAC
• OAuth2, OpenID Connect, SAML, mTLS, API‑gateway controls
• Linux security, virtual machines, OpenShift, Kubernetes
• Encryption at rest, encryption in transit, database security, backup protection, audit logging
• Vulnerability assessment, penetration testing, remediation tracking
• DevSecOps gates: code scanning, dependency scanning, container image scanning, secret management
• SIEM integration, monitoring, incident‑response readiness