Website:
questglobal.com
Job details:
Direct Applications Accepted : Email : pratyusha.g@quest-global.com;sunil.chandran@quest-global.com
Experience : 15 - 25 Years
Managed Services - End to end Cyber sec ops exp.
AI Apps, SOUP, vendor Apps Sec Mgmt.
Cloud, Enterprise Sec, Edge sec.
Info sec, Data Protection & Privacy, IAM , Encryption mgmt..
Vulnerability, Threat Assessment, Risk Mgmt., Docker/ Repository Testing, PenTest ++
Must Have : MedTech, Healthcare Std. IEC, ISO, FDA 21 CFR, GDPR, FHIR (Fast Healthcare Interoperability Resources), HL7, HIPPA etc.
Cyber Security Architect – Job Description
Role
The Cyber Security Architect is responsible for both on‑premises legacy environments and modern cloud‑native solutions, leading threat modeling activities, and ensuring that products maintain a strong security posture.
Responsibilities
• Design secure architectures for hybrid environments, covering legacy on‑prem systems and modern cloud-native platforms (preferably AWS).Managing programs covering Cloud sec, Clinical workflow and Device Security systems design and verification including aspects of IoMT, Device data and Patient data protection.
Requirements management – experience in translating complex cyber sec threats into Clinical, Product/ System and business impact level requirements and defining/ deriving the design specifications.
• Lead threat modeling exercises and identify design-level risks.• Develop security reference architectures, guardrails, and best practices.• Collaborate with engineering teams to ensure secure-by-design principles.
Collaborating with CFTs (internal/ external TPAs, vendors) to drive Managed Services Programs managed cyber-threat detection and response mechanisms (MDR).
• Interpret DAST, SAST, SCA, Pen Test, and MMSR findings and advise on remediation.
• Ensure alignment with standards such as HIPAA, GDPR, DoD STIG, NIST, ISO 27001.
• Guide DevOps teams to integrate security automation into CI/CD pipelines. Ability to automate repetitive process tasks, scripting and integrate into DevSec Ops.
• Review API, microservices, and application security designs.
• Support Risk Assessment, risk mitigation and exception handling processes.
• Mentor developers on secure coding and architectural best practices
Skills
• Strong knowledge of application security, OWASP, and secure coding practices.
• Hands-on understanding of IAM, Zero Trust, encryption, and secrets management.
• Experience with container/Kubernetes security and cloud security services.
• Knowledge of regulatory frameworks including HIPAA, GDPR, DoD STIG, and NIST.
• Ability to analyze and interpret security vulnerabilities and recommend mitigations.
• Prior development experience (Java, Python, Node.js, or .NET).
- Strong knowledge of cybersecurity tools across application , cloud, network, and identity and Access management (IAM) domains(For Eg : SonarQube, Checkmarx, Black Duck ,Wiz ,IAM, AWS Security Hub,Twislock etc)
- Expertise in Auditing and Data governance - Knowledge of data protection controls for both on‑prem and cloud systems including encryption, tokenization, masking, and secure data flows.
- Strong expertise in Network & Infrastructure Security (Firewall, WAF, VPN, Secure Tunnelling etc)
• Understanding of DAST, SAST, SOUP assessments, analyzing Infra failure modes and devising penetration testing methodologies.
• Expertise in designing secure architectures for APIs and microservices.
- Experience with CI/CD pipeline security & DevSecOps, including secret management (HashiCorp Vault, AWS Secrets Manager), automated scans, security gates, and integrity validation.
• Strong communication and cross-functional collaboration skills.
Strong risk management experience w.r.t. system and patient data security & architecture design.
Ability and hands on experience in Healthcare / MedTech setup to analyze, interpret and translate stated and inferred regulatory and compliance needs (GDPR/ FDA CFR/ HIPAA etc.) into product/ system specific requirements.
Understanding HL7, FHIR and other healthcare data standards in order to define/ analyze and build security around patient data exchange workflows.
Certified Cyber sec and cloud sec practitioner CISSP and CCSP etc. Including Healthcare specific certification is an advantage.
Exposure / high level understanding of application of AI & ML in Cyber security domain.
Click on Apply to know more.