Security Architect – Damascus, Syria

About the role

The Security Architect will define and govern the end‑to‑end security architecture for a large‑scale enterprise application platform in Damascus. This full‑time, on‑site position requires deep expertise in application, infrastructure, and data protection to support integrations with financial, procurement, identity, and operational systems.

Key responsibilities

• Design the comprehensive platform security architecture across applications, databases, operating systems, containers, APIs, mobile apps, and integration layers.
• Define authentication, authorization, SSO, RBAC, least‑privilege and segregation‑of‑duties requirements.
• Ensure secure integration with IAM, ERP, network, planning/design, and enterprise APIs.
• Specify API security controls (OAuth2, OpenID Connect, SAML, mTLS, certificates, token handling, API‑gateway).
• Guide secure deployment on Linux, VMs, OpenShift, Kubernetes or equivalent platforms.
• Implement data‑protection measures: encryption at rest/in‑transit, database security, backup protection, audit logging.
• Support vulnerability assessments, penetration testing, remediation tracking and secure release governance.
• Define DevSecOps security gates (code, dependency, container image scanning, secret management).
• Maintain security documentation, risk assessments, compliance evidence and architecture reviews.
• Ensure proper security logging, SIEM integration, monitoring, incident‑response readiness and audit‑trail coverage.

Required profile

• 10+ years of experience in cybersecurity, security architecture, application or cloud/container security.
• Proven experience securing enterprise applications used by large internal and external user groups.
• Strong knowledge of IAM, SSO, RBAC, API security, data protection and enterprise security governance.
• Ability to work with architecture, infrastructure, application, data and operations teams.

Required skills

• IAM, SSO, RBAC
• OAuth2, OpenID Connect, SAML, mTLS, certificates, token handling, API‑gateway controls
• Linux security, virtual machines, OpenShift, Kubernetes
• Encryption at rest, encryption in transit, database security, backup protection, audit logging
• Vulnerability assessment, penetration testing, remediation tracking
• DevSecOps gates: code scanning, dependency scanning, container image scanning, secret management
• SIEM integration, security monitoring, incident response