Architect II - Information Security

ID: 57355 12 - 15 Years 2 Openings Hyderabad

Role description

• Partner with engineering, Cybersecurity, and Platform Engineering teams to design, build, and operate Enterprise Azure Platform, integration with Snowflake Tenant and other vendor platform for data & AI use-cases.

• Focus on Network & data security using required WAF, firewalls and NSG rules.

• Work with DevOps & AIOps teams on setting up network configuration for Azure Platform and AI services enablement for Product development.

• Become integral part of Architecture Review Board to bring network design assessment and guidelines for application architecture.

• Collaborate with Enterprise Architectures to approve and define approved application design patterns and approved standard Azure services.

• Constantly monitor network issues, security threats & s, create a SOP and train L1/L2 support to triage and troubleshoot to mitigate reoccurring issues.

• Track & deliver the assigned sprint items in a timely manner, with high quality.

Who are we looking for?

• 10+ years in enterprise networking with 4+ years designing Azure cloud networks.

Deep expertise in:

• VNets, Subnets, Peering, VNet Gateways

• Azure Firewall / Fortinet / Palo Alto / Check Point cloud firewalls

• Application Gateway (WAF), Load Balancers (ALB/ILB)

• Private Endpoints, Private Link, Service Endpoints

• DNS, Private DNS Zones, Traffic Manager, Front Door

• Expertise in establishing Network connectivity with Azure tenant & Vendor products e.g., Snowflake, DBX etc.

  Strong understanding of BGP, routing protocols, NAT, IPv4/IPv6, network segmentation, and HA/DR topology design.

  Required Skills:

  • Azure Core Networking: VNets, subnets, UDRs, route tables, peering, Virtual WAN, Azure DNS & Private DNS Zones.
  • Hybrid Connectivity: ExpressRoute, VPN Gateways, BGP, high‑availability and failover design.
  • Secure Service Access: Private Link/Private Endpoints, service endpoints, egress control, NAT, proxy patterns.
  • Network Security: Zero‑Trust design, Azure Firewall, WAF, DDoS Protection, NSGs/ASGs, segmentation, micro‑segmentation.
  • SaaS Integration: Private access patterns, IP allowlists, mTLS, API gateway connectivity, vendor onboarding/runbooks.
  • Observability: Network Watcher, Connection Monitor, Traffic Analytics, flow logs; integration with Monitor/Log Analytics/SIEM.
  • Automation/IaC: Terraform and/or Bicep (preferred both), Git, CI/CD, policy checks, drift detection.
  • Troubleshooting: Deep TCP/IP, routing, DNS, TLS, packet capture, latency and throughput tuning.
  • Resilience & Performance: Zone-/region‑redundancy, capacity planning, scaling limits for gateways/firewalls, performance baselines.
  • Security & Compliance Alignment: Understanding of SOC2, ISO 27001, HIPAA/GDPR from a network perspective; evidence & audit support.

Skills

cybersecurity,firewalls,vnet,subnets,peering,

About UST

UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.