Security Architect

About INTERPOL

INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime.

INTERPOL actively encourages applications from women and nationals of member countries that are currently unrepresented among our staff (please click on this link to access the list of countries). Candidates from these countries are particularly encouraged to apply.

INTERPOL’s recruitment process is merit-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization.

Job Summary

As part of the General Secretariat of INTERPOL, the world’s largest International Criminal Police Organization, the Information and Communication Technologies (ICT) Executive Directorate delivers trusted, secure, and innovative digital platforms and services that enable global police cooperation.

ICT constitutes the technological backbone of the Organization, providing the trusted, secure, and innovative platforms and services that allow law enforcement agencies across member countries to collaborate effectively and securely.

In this context the incumbent serves as the Security Architecture authority under the Chief Technology Officer (CTO), responsible for defining, governing, and evolving the organization’s security architecture strategy to ensure secure, resilient, and compliant ICT systems across all platforms and services. The incumbent leads the integration of security-by-design principles into the full lifecycle of ICT solutions, from concept to deployment, and champions a culture of security ownership across engineering, operations, and solution architecture teams.

Working in close collaboration with the Head of Engineering and Solution Design, the incumbent ensures that security architecture is embedded as a foundational component of all platform and solution designs, aligned with enterprise standards, regulatory obligations, and evolving threat landscapes. The incumbent is accountable for the maturity, consistency, and adoption of secure architectural patterns, governance frameworks, and DevSecOps practices across INTERPOL’s ICT ecosystem.

Principal Duties and Activities

Duty 1 - Security Design Authority

• Translate security requirements into scalable architecture patterns aligned with: NIST CSF, ISO 27001, CIS Controls v8, and Zero Trust (NIST 800-207).
• Lead the development of security architecture blueprints for cloud-native and hybrid environments
• Drive architectural governance and participate in design review boards as the security lead.
• Review and approve solution architectures, technical designs, and integration patterns from a security perspective.
• Define security reference architectures and reusable security components for infrastructure, applications, and data.
• Collaborate with solution architects, product owners, and engineering teams to embed security into platform and application designs, based on the organization’s security policies and standards.
• Ensure consistent application of security principles across the organization through design patterns and policy integration.
• Continuously evolve the security architecture based on threat intelligence, emerging risks, and changes in business or technology strategy

Duty 2 - Governance, Risk, and Standards Alignment

• Partner with engineering, DevOps, QA, and compliance teams to drive a unified DevSecOps culture and implement governance frameworks such as ISO/IEC 27001, NIST CSF
• Contribute to policies and standards development, security assessments, and audit readiness.

Duty 3 - Secure Software Development Lifecycle & DevSecOps

• Own and enhance the Secure Software Development Lifecycle in alignment with NIST SSDF, OWASP SAMM, and BSIMM.
• Perform and lead secure design reviews, threat modeling (STRIDE, PASTA), and code security assessments.
• Drive developer enablement: build playbooks, training materials, and run threat modeling workshops.
• Design and implement secure CI/CD pipelines with integrated tools for: SAST, DAST, SCA, IaC scanning, Secrets detection.
• Tooling: Source Code Control, Static Code analysis, Dynamic Code Analysis, Secret management and deployment, Container Scanning
• Automate security gates in build/test/deploy stages across multi-cloud environments.
• Enforce security guardrails using policy-as-code

Duty 4 - Cloud-native Security

• Define and implement cloud-native security controls on-prem and on-public-cloud aligned with CIS Benchmarks, NIST 800-53, NIST 800-190, and MITRE ATT&CK for Cloud.
• Secure container workloads and container scanning tools
• Implement workload identity, least privilege, and multi-cluster runtime protections.

Duty 5 - API Security & Software Supply Chain Protection

• Secure REST and GraphQL APIs with OAuth2.0/OIDC, schema validation, rate limiting, and OWASP API Security Top 10.
• Build controls around third-party libraries, packages, and image repositories using SBOM generation and validation.
• REST API Gateway security
• Drive adoption of secure artifact signing and provenance validation in the CI/CD process.

Duty 6 – Other Duties

• Perform any other duties as required by the supervisor.

Qualifications, Competencies And Skills

Education and Qualification Required

• University degree (3 to 4 years) in computer science, information security, or related field, or specialized higher education establishment.
• One or more of the following industry certifications:
  • DUTY1 (Security Architecture): SABSA, CISSP
  • DUTY2 (GRC & Risk): CISM, CRISC, ISO 27001 Lead Implementer
  • DUTY3 (Secure SDLC): CSSLP, GSSCS, DevSecOps Practitioner
  • DUTY4 (Cloud & DevSecOps): CCSP, CKS, GCSA
  • DUTY5 (API & Supply Chain): API Security Engineer, OpenSSF, SANS GSSCS

Experience Required

• At least 5 years of experience in a large and complex IT enterprise environment.
• Proven hands-on multi-year experience in security roles, with at least 3+ years as a Security Architect.
• Proven experience implementing DevSecOps practices in enterprise-level CI/CD pipelines.

Languages

• Fluency in English is required.
• Proficiency of a second official working language of the Organization (Arabic, French or Spanish) would be an additional asset

Abilities Required

• Excellent interpersonal and problem-solving skills; ability to work effectively in multicultural and diverse environments.
• Proven results-oriented and goal-driven attitude.
• Skilled in training and enabling development teams through workshops, playbooks, and secure coding guidance.
• Strong ability to translate complex security requirements into scalable architecture and design patterns.
• Expertise in enterprise security architectures for cloud-native, hybrid, and on-prem environments.
• Proven leadership in security reviews, governance processes, and architectural consistency.
• Experience defining reference architectures, reusable components, and security blueprints.
• Deep knowledge of DevSecOps, SSDLC, and security tooling (SAST, DAST, SCA, IaC, container scanning, secrets detection).
• Ability to embed security into DevOps workflows using automation and policy-as-code.
• Expertise in cloud-native and container security (CIS Benchmarks, workload identity, runtime protections).
• Strong skills in API security and software supply chain protection (OAuth2.0/OIDC, SBOMs, artifact signing, API gateways).
• Knowledge of Web Application Firewalls (WAFs) and OWASP Top 10 defenses.
• Ability to continuously adapt based on threat intelligence and MITRE ATT&CK mapping.