Security Architect – Cloud & Platform Security (IFS Cloud)
Hewlett Packard Enterprise · Bangalore Urban, Karnataka, India
- On site
- Full-time
- $150,000 / year
- Bangalore Urban, Karnataka, India
Job highlights
- Define cloud security architecture for IFS Cloud.
- Ensure security-by-design, zero trust, and compliance.
- Architect IAM, data protection, and incident response.
- Collaborate with platform and product teams.
- Support regulatory audits and compliance programs.
About the role
About Hewlett Packard Enterprise
Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE.HPE Operations
HPE Operations is our innovative IT services organization. It provides the expertise to advise, integrate, and accelerate our customers’ outcomes from their digital transformation. Our teams collaborate to transform insight into innovation. In today’s fast paced, hybrid IT world, being at business speed means overcoming IT complexity to match the speed of actions to the speed of opportunities. Deploy the right technology to respond quickly to market possibilities. Join us and redefine what’s next for you.Role Summary: Security Architect – Cloud & Platform Security (IFS Cloud)
The Security Architect is responsible for defining, governing, and assuring the end-to-end security architecture of the IFS Cloud Foundation and all cloud services (IaaS, PaaS, SaaS) delivered to customers. This role ensures security-by-design, zero trust, regulatory compliance, resilience, and continuous assurance across architecture, operations, and service delivery. The architect acts as the single security authority ensuring that controls, tools, and processes are consistent, reusable, and compliant across foundational cloud and customer-facing cloud services.Key Responsibilities
Architecture
Define target security architecture for Foundational IFS Cloud and IaaS/PaaS/SaaS layers. Establish defense-in-depth and zero-trust architectures across network, compute, storage, identity, and application layers. Define reference architectures, secure design patterns, and guardrails for cloud services. Ensure shared responsibility clarity between cloud foundation, platform services, and customers.Account Management & Separation
Architect secure multi-tenant account structures with strong isolation. Define account separation models for: Management, production, non-production, Customer tenancy isolation. Enforce least privilege, blast-radius reduction, and strong boundary controls.Identity & Access Management (IAM)
Define enterprise IAM architecture across Foundational Cloud and cloud services. Enforce Zero Trust IAM: MFA, RBAC/ABAC, PAM, Just-in-Time access. Integrate IAM with cloud platforms, SaaS applications, APIs, and DevOps pipelines. Ensure identity lifecycle governance (joiner/mover/leaver).IT & Information Security Incident Management
Architect security incident detection, response, and escalation frameworks. Integrate SIEM, SOAR, SOC, threat intelligence across all cloud layers. Define incident response playbooks aligned to regulatory and customer SLAs. Support forensic readiness and regulatory reporting.Asset & Configuration Management
Define authoritative asset inventory across infrastructure, platforms, applications, and APIs. Enforce secure configuration baselines aligned to CIS, OEM, and regulatory benchmarks. Enable configuration drift detection and remediation using automation. Ensure visibility across Foundational Cloud and customer environments.Change & Release Management
Embed security controls into CI/CD pipelines (DevSecOps). Define security gates for changes and releases across IaaS/PaaS/SaaS. Ensure traceability, approvals, and rollback mechanisms. Align with ITSM and regulatory change control expectations.Patch Management
Define patching strategies for OS, middleware, platforms, containers, and cloud services. Establish risk-based patch prioritization. Ensure non-disruptive patching aligned to availability and resilience requirements. Govern patch compliance reporting.Data Protection
Architect data security and privacy controls across the cloud stack: Encryption at rest and in transit, Key management (KMS/HSM), Tokenization and masking. Define data classification, retention, residency, and sovereignty controls. Ensure protection for customer, regulatory, and sensitive financial data.Vulnerability Management
Architect continuous vulnerability assessment across infrastructure, platforms, apps, APIs. Integrate SAST, DAST, SCA, container scanning, and infrastructure scanning. Define risk acceptance, remediation SLAs, and exception handling. Provide visibility for Foundational Cloud and cloud services.Physical & Environmental Security
Ensure data center and facility security alignment with cloud security architecture. Validate environmental controls, access restrictions, and redundancy. Ensure physical security controls align with logical security and resilience models.Security Governance
Define security policies, standards, and control frameworks for IFS Cloud. Ensure alignment with RBI, CERT-In, ISO 27001, PCI-DSS, SOC2, and customer mandates. Govern third-party and supply chain security. Act as security authority during architecture and design reviews.Security Assurance
Define continuous control assurance and compliance monitoring. Support internal audits, external audits, regulatory inspections, and certifications. Ensure evidence generation and traceability across all services. Drive security posture reporting to leadership and regulators.Resilience
Architect security-aware resilience and DR designs. Ensure secure failover, backup protection, ransomware resilience, and recovery assurance. Participate in BCP / DR drills and regulatory testing. Align resilience controls across Foundational Cloud and cloud services.Controls & Tooling Expectations
Ensure controls and tools are reusable and consistent across Foundational IFS Cloud, IaaS, PaaS, SaaS offerings. Leverage: IAM / PAM platforms, SIEM / SOAR, CSPM / CWPP / CIEM, Vulnerability & compliance tools. Ensure automation-first security operations.What You Need To Bring
Education and Experience Required
12+ years of professional experience and a Master of Arts/Science or equivalent degree in computer science or related area of study; without a Masters degree, three additional years of relevant professional experience (15+ years in total).Mandatory
- 10+ years in security architecture across enterprise and cloud environments
- Strong experience with regulated BFSI or financial cloud platforms
- Proven expertise across IAM, cloud security, data protection, governance, and resilience
- Experience supporting regulatory audits and compliance programs
Preferred
- Experience designing foundational cloud platforms
- Exposure to sovereign / regulated cloud environments
- Strong DevSecOps and automation experience
Certifications
CISSP / CCSP, Cloud Security certifications (AWS / Azure / GCP), ISO 27001 Lead Implementer / Auditor, TOGAF / SABSA.Behavioral & Leadership Expectations
- Strong risk-based decision making
- Ability to influence platform, cloud, and product teams
- Clear communication with regulators, customers, and senior leadership
- Ownership mindset for security posture and assurance
Additional Skills
Accountability, Accountability, Active Learning, Active Listening, Bias, Business Growth, Client Expectations Management, Coaching, Creativity, Critical Thinking, Cross-Functional Teamwork, Customer Centric Solutions, Customer Relationship Management (CRM), Design Thinking, Empathy, Follow-Through, Growth Mindset, Information Technology (IT) Infrastructure, Infrastructure as a Service (IaaS), Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity, Process Improvements, Product Services, Relationship Building {+ 5 more}What We Can Offer You
Health & Wellbeing
We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.Personal & Professional Development
We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.Unconditional Inclusion
We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.Let's Stay Connected
Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE. #india #operations Job Services Job Level TCP_05 HPE is an Equal Employment Opportunity/ Veterans/ Disabled/ LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity. Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories. No Fees Notice & Recruitment Fraud Disclaimer It has come to HPE’s attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates. These scammers often seek to obtain personal information or money from candidates. Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process. The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.Skills & topics
- Security Architect
- Cloud Security
- Platform Security
- IFS Cloud
- Hewlett Packard Enterprise
- IAM
- Data Protection
- DevSecOps
- Cybersecurity
- IT Services
How to get hired
- Tailor your resume: Highlight your 10+ years in security architecture, cloud environments, and regulated financial platforms. Emphasize IAM, data protection, governance, and resilience experience.
- Showcase expertise: Detail your experience supporting regulatory audits and compliance programs, especially within BFSI or financial cloud contexts.
- Prepare for technical questions: Be ready to discuss defense-in-depth, zero-trust architectures, and specific cloud security tools and frameworks.
- Demonstrate leadership: Highlight your ability to influence teams, communicate with regulators and leadership, and your ownership mindset.
Technical preparation
Master cloud security principles (AWS, Azure, GCP).,Demonstrate deep understanding of IAM frameworks.,Prepare to discuss zero trust and defense-in-depth.,Familiarize with relevant compliance standards (ISO 27001, PCI-DSS).
Behavioral questions
Describe a complex security challenge you solved.,How do you influence cross-functional teams?,How do you handle pressure during an incident?,Provide an example of strong risk-based decision making.
Frequently asked questions
- What are the key security domains for a Security Architect at HPE focusing on IFS Cloud?
- For the Security Architect role at HPE focusing on IFS Cloud, key security domains include defining target security architecture, managing account separation, architecting Identity and Access Management (IAM), IT and Information Security Incident Management, Asset & Configuration Management, Change & Release Management, Patch Management, Data Protection, Vulnerability Management, Physical & Environmental Security, Security Governance, Security Assurance, and Resilience. Emphasis is placed on security-by-design, zero trust principles, and regulatory compliance.
- What experience is mandatory for the Security Architect – Cloud & Platform Security (IFS Cloud) position at HPE?
- Mandatory experience for this role includes over 10 years in security architecture across enterprise and cloud environments, strong experience with regulated BFSI or financial cloud platforms, proven expertise in IAM, cloud security, data protection, governance, and resilience, and experience supporting regulatory audits and compliance programs. A Master's degree in a related field is preferred, or equivalent experience.
- Does HPE offer professional development opportunities for Security Architects?
- Yes, HPE invests significantly in personal and professional development. They offer specific programs to help you reach career goals, whether you aim to become a subject matter expert or transition to another division within the company.
- How does HPE ensure inclusion and diversity in its hiring for the Security Architect role?
- HPE is committed to unconditional inclusion, celebrating individual uniqueness and valuing varied backgrounds. They provide flexibility to manage work and personal needs, fostering an environment where everyone can succeed and contribute to bold moves together.
- What is the expected work arrangement for the Security Architect role at HPE?
- This role is designed as 'Hybrid,' with an expectation to work an average of two days per week from an HPE office. This allows for a blend of in-office collaboration and remote flexibility.
- What certifications are considered preferred for the Security Architect position?
- While not strictly mandatory, preferred certifications for this Security Architect role include CISSP / CCSP, Cloud Security certifications (AWS / Azure / GCP), ISO 27001 Lead Implementer / Auditor, and TOGAF / SABSA. These demonstrate advanced knowledge and commitment to the field.