HUMAN TOUCH CONSULTANCY LLP is hiring for Security Architect at Chennai
Job summary
The Security Architect will design and implement robust security frameworks and solutions to protect infrastructure, applications and data for a leading specialty e-retailer. You will work with cross-functional teams to secure ecommerce platforms, drive threat modeling and align controls to NIST / SOC2 / PCI expectations. :contentReference[oaicite:0]{index=0}
Key responsibilities
- Design secure architectures and ensure applications/services are secure by design. :contentReference[oaicite:1]{index=1}
- Develop security documentation for ecommerce platforms and perform threat modelling. :contentReference[oaicite:2]{index=2}
- Guide implementation of security controls: IAM, encryption, monitoring and cloud-native security tools. :contentReference[oaicite:3]{index=3}
- Collaborate with IT and DevSecOps teams to automate security processes and support incident response. :contentReference[oaicite:4]{index=4}
- Continuously evaluate emerging security technologies and recommend improvements. :contentReference[oaicite:5]{index=5}
Requirements & qualifications
- Bachelor’s in CS / Information Security or equivalent experience. :contentReference[oaicite:6]{index=6}
- 7+ years in information security with experience in ecommerce security architecture (note: posting header shows 5–10 years). :contentReference[oaicite:7]{index=7}
- Strong knowledge of cloud security, DevSecOps, security frameworks (NIST, ISO 27001) and compliance (SOC2, PCI DSS). :contentReference[oaicite:8]{index=8}
- Proficiency in scripting (Python, PowerShell) and strong communication & ownership mindset. :contentReference[oaicite:9]{index=9}
- Bonus: Certifications such as CISSP, CISM, CCSP and experience with cloud security automation/orchestration. :contentReference[oaicite:10]{index=10}
Estimated compensation (market estimate)
Estimated CTC in Chennai for a Security Architect (mid-senior, e-commerce focus): ₹18,00,000 – ₹38,00,000 per annum (approx).
The Hirist posting does not publish compensation; the figure above is a market estimate varying by company size, responsibilities, and candidate profile. Always confirm with the recruiter.
How to prepare — 6-week plan
- Week 1 — Core foundations: Review threat modeling, secure architecture patterns (OWASP, secure SDLC), and ecommerce threat vectors (payment flows, session management).
- Week 2 — Cloud & infra: Deep dive into cloud security (AWS/Azure/GCP) controls: IAM, KMS, VPC design, logging and cloud-native security services.
- Week 3 — DevSecOps: Practice container and CI/CD security (image scanning, pipeline hardening, SCA tools) and automation with IaC scanning.
- Week 4 — Observability & detection: Hands-on with SIEM/log ingestion, alert tuning and creating detection playbooks.
- Week 5 — Compliance & risk: Study NIST/ISO/SOC2/PCI basics and map controls to technical implementations and evidence gathering.
- Week 6 — Mock interviews & case studies: Prepare two short case studies: (a) secure architecture design for checkout flow, (b) incident response for a cloud data leak.
Interview — sample questions
- Walk me through threat modeling for an ecommerce checkout — what assets, threats and mitigations would you prioritise?
- How would you design IAM for a microservices-based ecommerce platform?
- Describe a SIEM ingestion and correlation strategy for detecting account takeover attempts.
- Explain how you would measure security posture and which KPIs you would report to stakeholders.
- Discuss a time you automated a security control — what toolchain and metrics did you use?
Company profile & culture (what to ask)
The role is posted by HUMAN TOUCH CONSULTANCY LLP for a specialty e-retailer client; verify whether recruitment is for an in-house role at the retailer or on a consultant/contract basis through the consultancy. Confirm reporting structure, security team size, and clarity on responsibilities in the initial screening. :contentReference[oaicite:11]{index=11}
Pros (likely)
- Work on e-commerce security — high-impact domain with interesting threat scenarios.
- Cross-functional collaboration (DevSecOps, infra, product) and chance to influence secure-by-design practice.
- Opportunity for hands-on cloud & automation work.
Cons / watchouts
- Recruitment via a consultancy can mean an extra layer — confirm who the hiring manager is and the employment type.
- Ecommerce environments can be fast-paced; clarify expectations and support for technical debt remediation.
- Compensation and role seniority may vary — validate scope during screening.
Latest trends relevant to this role (2025)
- Designs increasingly rely on identity-first security (Zero Trust) and workload identity for microservices.
- Shift-left DevSecOps: security automation in CI/CD and IaC scanning is table stakes for modern e-commerce.
- Cloud security posture management (CSPM) combined with runtime detection (CNAPP/XDR) is gaining adoption.
Questions to ask the recruiter
- Is the opening for an internal role at the e-retailer or a consultant placement via HUMAN TOUCH CONSULTANCY LLP?
- Which cloud provider(s) and security tooling (SIEM, WAF, IAM tooling) are currently in use?
- What is the size and seniority of the current security team?
- What are the top 3 priorities for the first 90 days?
- Onsite expectations — fully onsite in Chennai, hybrid, or remote-friendly?
📢 Join Our Telegram Channel
💼 Get Daily IT Job Updates, Interview Tips & Exclusive Alerts directly on Telegram!
👉 Join Telegram