Arbetsbeskrivning

Avaron AB is a growing consultancy focused on technology, finance, and business support. We match your expertise with the market's most interesting assignments, offering a platform where your professional development is central.

We are looking for a Security Architect to define and evolve security architecture in a cloud-native environment. You will work cross-functionally with architects, DevOps teams, and a central cybersecurity function to ensure security is embedded across platforms and services, aligned with regulatory requirements and internal security policies.

• Define and evolve the security architecture to meet customer needs, regulations, and internal security policies.
• Embed security across the software development lifecycle and guide teams in secure-by-design and cloud-native security practices.
• Identify, assess, and manage vulnerabilities and risks, and drive mitigation actions to ensure appropriate security controls.
• Collaborate with the central CyberSecurity team, solution architects, and other stakeholders.
• Evaluate technologies and third-party solutions, and lead design reviews with a focus on threat modeling, secure architecture, and maintainability.
• Support continuous improvements in detection, incident response, and resilience, including security assessments, reviews, and audits.
• Contribute to roadmaps and long-term technical direction, ensuring security is built into future platform and architecture evolution.

• Proven experience working as a Security Architect.
• Strong cloud-native security experience, with deep AWS knowledge and the ability to operate in multi-cloud environments (e.g., Azure).
• Solid understanding of secure development practices (SDLC).
• Familiarity with security frameworks such as ISO 27001 and NIST 800-53.
• Experience designing and securing cloud-based backend environments, including IAM, networking, monitoring, and cloud-native security controls.
• Hands-on experience with DevSecOps practices and tools such as SAST, SCA, dependency scanning, secrets scanning, and infrastructure-as-code security.
• Ability to perform risk assessments, threat modeling, secure design, and architecture reviews, with clear and structured documentation.

• Experience with connected services and PKI (onboarding/offboarding).
• Familiarity with UNECE R155.
• Experience working with large-scale distributed systems.

Selections are made on an ongoing basis, so we recommend that you apply as soon as possible.