Skip to main content
Posted 21 May, 2026

Cyber Security Lead / Architect

Utthunga
Bengaluru, KA, IN Full Time
Reference: a4b3457d826798c2

Job Description

Job Title\nCyber Security Lead / Architect\nJob Description\n\nThe Cyber Security Architect is responsible for defining, implementing, and governing cybersecurity architectures for Industrial Automation and Control Systems (IACS) and embedded product platforms operating in regulated and safety‑critical environments. The role ensures that products and systems are designed and delivered with strong cybersecurity foundations, aligned with IEC 62443 , applicable regulatory requirements (including EU Cyber Resilience Act ), and relevant industry best practices.\nThe position requires a hands‑on security architect capable of working across multiple engineering teams, product lines, and customer programs, ensuring consistent application of security principles while supporting diverse domain needs such as industrial automation, connected products, and vehicle‑adjacent systems.\n\nRoles & Responsibilities\n\n1. Security Architecture & Design Leadership\nDefine and maintain cybersecurity architectures for industrial and embedded systems, ensuring secure‑by‑design principles.\nGuide security design decisions across multiple products and platforms.\nTranslate security standards and regulatory requirements into practical system and product architectures .\nProvide architectural input on security trade‑offs involving risk, performance, cost, and lifecycle considerations.\n2.

Threat Modeling & Risk Analysis\nLead threat modeling and Threat Analysis and Risk Assessment (TARA) for products and systems.\nIdentify and assess security risks across system, component, and interface levels.\nDefine and track mitigation strategies aligned with product and operational risk profiles.\n3. Secure Product Lifecycle Management\nEnsure cybersecurity is addressed throughout the entire product lifecycle , including:\nConcept and requirements definition\nArchitecture and design\nDevelopment and verification\nRelease, deployment, and post‑deployment monitoring\nOversee penetration testing, vulnerability assessment, and remediation activities.\nEnsure security evidence and documentation are suitable for customer and regulatory review.\n4. Security Controls & Secure Development Practices\nDefine and standardize security controls across products and systems.\nPromote adoption of secure coding practices and security‑focused design reviews.\nAlign development practices with NIST Secure Software Development Framework (SSDF) and industry security guidance.\n5.

Compliance, Standards & Regulatory Alignment\nEnsure alignment of products and systems with:\nIEC 62443 series for industrial and control systems\nApplicable regional and sector‑specific cybersecurity regulations (e.g., EU CRA )\nSupport customer, internal, and third‑party security assessments and audits.\nInterpret standards and regulations into actionable engineering and documentation requirements.\n6. Cross‑Team Guidance & Capability Enablement\nProvide guidance and technical direction to engineering teams on cybersecurity topics.\nReview security designs, threat models, and test strategies across projects.\nEnable consistent application of security practices across domains and product variations.\n7. Stakeholder & Customer Interaction\nCollaborate with development teams, quality teams, and system architects to address security requirements.\nEngage with customers, assessors, and regulatory stakeholders to explain security concepts, design decisions, and compliance posture.\nCommunicate security risks and recommendations clearly at both technical and leadership levels.\n8.

Incident Response, Monitoring & Threat Awareness\nDefine approaches for cybersecurity monitoring and incident response for deployed systems.\nMonitor emerging threats, vulnerabilities, and advisories relevant to industrial, embedded, and connected systems.\nProactively recommend improvements to architectures and controls based on threat intelligence.\n\nMandatory Skills\nStrong expertise in IEC 62443 and industrial cybersecurity concepts.\nProven experience in security architecture for industrial automation, embedded systems, or connected products.\nHands‑on experience with:\nThreat modeling and TARA\nSecure product development lifecycles\nVulnerability management and penetration testing\nKnowledge of NIST CSF and NIST SSDF .\nExperience with product security , including:\nEmbedded systems and firmware\nThick‑client and edge applications\nMobile or companion applications (where applicable)\nAbility to operate across multiple projects, domains, and customer programs in a services environment.\n\nDesirable / Good‑to‑Have Skills\nExposure to automotive or vehicle‑adjacent cybersecurity practices , standards, or customer expectations.\nFamiliarity with cybersecurity regulations such as:\nEU Cyber Resilience Act (CRA)\nNIS2\nData protection and privacy regulations (awareness level)\nExperience supporting customer or third‑party security audits .\nAbility to mentor engineers and architects on secure design and implementation practices.\n(Certifications are valued but do not replace hands‑on architectural expertise.)\n\nMandatory Skills\nIEC 62443 , Industrial cybersecurity, Cybersecurity architecture, Security architecture (industrial / embedded), Industrial automation security (IACS), Embedded systems security, Connected products security, Threat modeling, TARA (Threat Analysis and Risk Assessment), Secure Product Development Lifecycle (SPDLC) / secure SDLC, Vulnerability management, Penetration testing, NIST CSF, NIST SSDF, Product security, Embedded firmware security, Thick client applications security, Edge applications security, Mobile\nDesirable Skills\nAutomotive cybersecurity exposure, Vehicle-adjacent cybersecurity practices, Cybersecurity regulations familiarity, EU Cyber Resilience Act (EU CRA), NIS2, Data protection regulations (awareness), Privacy regulations (awareness), Customer security audits support, Third-party security audits support, Mentoring engineers / architects, Secure design mentoring, Secure implementation mentoring, Security certifications (valued)\nSkills to be evaluated on\nIEC-62443 -Industrial-cybersecurity-Cybersecurity-architecture-Security-architecture-(industrial-/-embedded)-Industrial-automation-security-(IACS)-Embedded-systems-security-Connected-products-security-Threat-modeling-TARA-(Threat-Analysis-and-Risk-Assessment)-Secure-Product-Development-Lifecycle-(SPDLC)-/-secure-SDLC-Vulnerability-management-Penetration-testing-NIST-CSF-NIST-SSDF-Product-security-Embedded-firmware-security-Thick-client-applications-security-Edge-applications-security-Mobile\nYears Of Experience\n12 to 16 Years

Apply to this Job

Sign up for Job Alerts

By clicking Create Alert, you agree to the Global Terms of Use Agreement and acknowledge that you have read and understand the Global Privacy Policy.