Cyber Security Platform Architect

Insighture is a leading technology consultancy that drives digital transformation for businesses worldwide. With a team of over 85 expert consultants, the company delivers tailored, high-impact strategies and solutions, enabling scalable product engineering. As an AWS partner, Insighture excels in co-integrated cloud services. It has collaborated with more than 50 clients globally, guiding them through cloud adoption, DevOps transformation, enterprise modernisation, and more.

The team’s expertise spans Cloud-Native Development, Solutions Architecture, UI/UX, Quality Engineering, Data Engineering, AI/ML, and DevSecOps. These capabilities empower businesses to achieve impactful and innovative outcomes.

In 2024, Insighture achieved ISO certification and was recognised as a Great Place to Work, earning three prestigious awards: Best Workplace in Sri Lanka, Best Workplace for Technology, and Best Workplace for Young People. Insighture's technology and expertise are embedded in the work of internationally recognised care providers, global freight operations, child protection systems, and health tech platforms across Australia, the UK, and Singapore.

Responsibilities

• Own end to end platform architecture: current state assessment → target state → patterns/standards → delivery governance and optimisation.
• Define and enforce secure-by-design patterns: segmentation, access control, telemetry-by-default, policy-as-code (where possible), and “shift-left” onboarding standards for apps/endpoints/network devices.
• Produce key architectural artefacts: HLD/LLD, implementation strategy plans, roadmaps, operational models, and design authority sign-offs.
• Lead engineering and lifecycle management for endpoint security controls, including policy design, baselining, health monitoring, coverage reporting, and incident triage.
• Drive Trellix platform operations/engineering (example activities commonly demanded): policy/baselines, trusted sources/publishers, deployment telemetry, false positive management, and automation via scripting.
• Embed insider risk / user behavior analytics use cases where DTEX is in scope: analysis of workforce activity signals, reporting/visualisations, and recommendations to remediate risk while maintaining privacy and trust.
• Ensure tool integrations with ITSM, SIEM (Splunk), and enterprise management to support detection/response and operational efficiency.
• Architect and optimise Purview capabilities: sensitivity labels, auto labelling, DLP policies, classifiers/custom classifiers, governance frameworks, and implementation roadmaps.
• Design and implement DLP strategies across M365 workloads and endpoints, including robust detection approaches using labels + content-based classifiers (SITs/trainable classifiers).Produce compliance-ready documentation: control mapping, design decisions, operational guidance, and policy effectiveness reporting.
• Architect and run enterprise network security controls: LAN/WAN/WLAN/VPN security considerations, segmentation strategy, and firewall operations (configuration/tuning).
• Act as escalation point and design authority for P1/P2 network security incidents; lead RCA and preventative design improvements.
• Conduct risk assessments for perimeter and segmentation changes; maintain accurate topology and security documentation.
• Own SIEM platform outcomes: “not just logs” — focus on detection engineering, tuning, dashboards, correlation rules, and automation to improve signal-to-noise.
• Manage, optimise, and secure Splunk for SIEM operations and threat detection effectiveness (performance, data onboarding, detections).
• Partner with SOC/IR teams to define use cases, map detections to threats, and implement continuous improvement.
• Build delivery plans: scope decomposition, WBS, dependency mapping (apps/endpoints/network), migration waves, environments, and cutover/runbook planning.
• Provide credible effort estimates for onboarding (devices/apps/log sources), policy design, testing/ITST, change governance/CAB, operational readiness and handover.
• Establish measurable outcomes: coverage %, detection efficacy, false-positive reduction, policy compliance and incident trends.

Requirements

• 8–10+ years in security and Strong experience across security engineering/architecture spanning endpoint controls, network security, and monitoring/SIEM.
• Network security: firewalls, segmentation strategies, VPN, and incident/problem management for critical events.
• Splunk: engineering for SIEM operations, detection/tuning, dashboards/correlation/automation.
• Microsoft Purview: labels, auto-labelling, DLP, governance/roadmaps; ability to run assessments and optimise policies.
• Endpoint platforms: Trellix engineering (policy/baselines, telemetry, automation, integrations) and/or equivalent enterprise EDR/endpoint security tooling.
• Understanding of insider risk / behaviour analytics approaches when DTEX is used (analysis, reporting, recommendations, client trust/privacy).
• Strong documentation: HLD/LLD, strategy plans, roadmaps, operational guides.
• Proven estimation and planning capability: scoping, WBS creation, rollout waves, change governance.
• Stakeholder management: able to explain complex security trade-offs, drive adoption, and coordinate across infra, apps, SOC and vendors.