Cybersecurity Architecture Consultant --(Application & Network side)📣 Job Ad

About the Role

TAT IT Technologies is seeking an experienced Cybersecurity Architecture Consultant with a specialization in Application and Network security for a contract position in Riyadh, Saudi Arabia. This role requires a deep understanding of the banking domain and involves reviewing architecture designs from a cybersecurity perspective, identifying vulnerabilities in application and network infrastructure, and developing mitigation plans. The ideal candidate will possess comprehensive knowledge of network and application architectures, strong experience in Data Security Management and Access Management, and a proven track record within the banking sector.

Key Responsibilities

• Lead cybersecurity architecture design for core banking, payments, digital channels, and treasury systems.
• Define security blueprints encompassing network segmentation, zero trust principles, identity management, encryption strategies, and data protection measures.
• Translate complex banking business flows into detailed threat models and corresponding security controls.
• Provide expert guidance on network architecture, including DMZ design, micro-segmentation, firewalls, Web Application Firewalls (WAF), Distributed Denial of Service (DDoS) protection, Software-Defined Wide Area Networking (SD-WAN), and secure cloud connectivity.
• Design and implement network security controls for on-premises, AWS, Azure, and hybrid cloud environments.
• Review and enhance network topologies for core banking and SWIFT systems to ensure robust security.
• Own and develop the data security strategy, covering data classification, encryption at rest and in transit, tokenization, data masking, key management, and Data Loss Prevention (DLP).
• Design security controls to protect Personally Identifiable Information (PII), adhere to PCI-DSS standards, and ensure compliance with regulatory data residency requirements.
• Define secure data flows across internal systems, third-party integrations, and cloud platforms.
• Conduct thorough cybersecurity architecture reviews for new projects and significant system changes.
• Identify security risks, design gaps, and instances of non-compliance with enterprise security standards.
• Chair security design forums and provide formally signed-off architecture decisions.
• Ensure architectural alignment with frameworks such as SABSA and TOGAF, as well as specific bank security policies.
• Apply in-depth knowledge of banking operations, including core ledgers, ISO 20022 payments, card schemes, treasury, trade finance, and digital onboarding processes.
• Secure transaction flows, settlement systems, and interfaces with external networks like SWIFT, ACH, and various payment gateways.
• Collaborate with Risk, Compliance, and Audit teams to address regulatory requirements, including MAS TRM, RBI, GDPR, PCI-DSS, and SWIFT CSCF.
• Support security responses for Requests for Proposals (RFPs), conduct third-party risk assessments, and provide architectural evidence for regulatory audits.
• Guide engineering and infrastructure teams on secure implementation patterns and best practices.
• Define security requirements, develop reusable security patterns, and establish appropriate guardrails for development and operations.
• Review High-Level Designs (HLDs) and Low-Level Designs (LLDs), providing guidance on secure coding practices, Infrastructure as Code (IaC), and container security.

Qualifications and Experience

• A minimum of 5 years of experience in cybersecurity.
• At least 3 years of hands-on experience in banking or financial services architecture.
• Proven experience in securing core banking, payments, or digital platforms.
• Detailed understanding of banking processes, transaction lifecycles, and financial messaging standards.
• Experience with core banking systems such as Temenos, Finacle, or FIS is highly desirable.
• Expertise in network architecture, including routing, switching, firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), proxies, Virtual Private Networks (VPN), Network Access Control (NAC), and segmentation strategies.
• Experience with cloud network security in AWS and Azure environments.
• Strong background in data security management, including encryption, Hardware Security Modules (HSM)/Key Management Systems (KMS), DLP, Cloud Access Security Brokers (CASB), database security, and privacy engineering.
• Demonstrated experience in performing threat modeling using methodologies like STRIDE and DREAD, and conducting comprehensive security architecture reviews.
• Ability to make informed decisions on design approvals or rejections based on risk assessments.
• Working knowledge of architectural frameworks and standards including TOGAF, SABSA, NIST 800-53, ISO 27001, and MITRE ATT&CK.
• Relevant certifications are required, including CISSP or CISM.
• Additional desirable certifications include TOGAF, SABSA SCF, or Open CA for architecture; AWS Certified Security – Specialty or Microsoft Certified: Cybersecurity Architect Expert for cloud security; CCSP, GIAC GDSA, CISA, or CDPSE for network/data security and privacy; and SWIFT Certified Expert or PCI ISA/PCIP for banking-specific expertise.

Required Skills

• Cybersecurity Architecture
• Application Architecture
• Network Architecture
• Data Security Management
• Access Management
• Network Segmentation
• Zero Trust Architecture
• Identity and Access Management (IAM)
• Encryption (at rest and in transit)
• Data Protection
• DMZ Design
• Micro-segmentation
• Firewall Management
• Web Application Firewall (WAF)
• DDoS Mitigation
• SD-WAN
• Secure Cloud Connectivity
• AWS Security
• Azure Security
• SWIFT Standards
• Data Tokenization
• Data Masking
• Key Management Systems (KMS)
• Data Loss Prevention (DLP)
• Personally Identifiable Information (PII) Protection
• PCI-DSS Compliance
• Regulatory Data Residency
• Threat Modeling (STRIDE, DREAD)
• Security Design Forums
• SABSA Framework
• TOGAF Framework
• Core Banking Systems
• Payment Systems (ISO 20022)
• Card Schemes
• Treasury Systems
• Trade Finance Systems
• Digital Onboarding Processes
• Transaction Flow Security
• Settlement System Security
• ACH Network Security
• Payment Gateway Security
• Risk Management
• Compliance Management
• Audit Support
• MAS TRM Compliance
• RBI Compliance
• GDPR Compliance
• SWIFT CSCF
• RFP Security Response
• Third-Party Risk Assessment
• Regulatory Audit Support
• Secure Implementation Patterns
• Security Requirements Definition
• Reusable Security Patterns
• Security Guardrails
• HLD/LLD Review
• Secure Coding Practices
• Infrastructure as Code (IaC) Security
• Container Security
• Routing and Switching Security
• IDS/IPS Implementation
• Proxy Server Security
• VPN Configuration and Security
• Network Access Control (NAC)
• Cloud Network Security
• HSM/KMS Management
• CASB Implementation
• Database Security
• Privacy Engineering
• NIST 800-53
• ISO 27001
• MITRE ATT&CK Framework
• CISSP Certification
• CISM Certification
• TOGAF Certification
• SABSA SCF Certification
• Open CA Certification
• AWS Certified Security – Specialty
• Microsoft Certified: Cybersecurity Architect Expert
• CCSP Certification
• GIAC GDSA Certification
• CISA Certification
• CDPSE Certification
• SWIFT Certified Expert
• PCI ISA/PCIP

Work Environment and Contract Details

This is a contract position based in Riyadh, Saudi Arabia. The role requires a consultant with over 10 years of experience in cybersecurity, with at least 3 years specifically in banking or financial services architecture. The work type is contract.