Security Architect

About Andela

Andela exists to connect brilliance and opportunity. Since 2014, we have been dedicated to breaking down global barriers and accelerating the future of work for both technologists and organizations around the world. For technologists, Andela offers competitive long-term career opportunities with leading organizations, access to a global community of professionals, and educational opportunities with leading technology providers.

At Andela, we're deeply passionate about creating long-lasting and transformative growth opportunities for all - and doing it in an E.P.I.C. way! We're excited to continue building our remote-first team with incredible people like you. After applying for this role, you will join our Andela Community of brilliant technologists by passing a technical screening and live interview. As a community member, you'll have access to many exclusive technologist roles. Join Andela today to access this opportunity and more in our global marketplace!

Our roles are typically filled at lightning speed, so if you're considering applying, get your application in quickly!

-- Full-time

-- Payment in USD

Description

This role covers three highly technical disciplines within InfoSec: security architecture and engineering review,and vulnerability and patch management maturation through Tenable Security Center (SC). The specialist works alongside the Security Solutions A&E Manager and the AISOC team to strengthen detection and defensive posture, ensure new architectural designs are secure by design, and operationalize the vulnerability management lifecycle.

RESPONSIBILITIES

1. Security Architecture & Engineering Assessment

• Review new and changed system designs, network architectures, and digital platform builds from an information security perspective, prior to build or procurement approval.
• Produce Security Architecture Review Reports with risk-rated findings, threat model summaries, and design recommendations aligned to security standards and CBE requirements.
• Assess security of APIs, cloud components, integration layers, and digital banking platforms (mobile, internet banking, payment processing) against OWASP, NIST, and CBE guidelines.
• Maintain an architecture review register tracking all submitted designs, decisions, and open risk items.
• Contribute to the InfoSec reference architecture and security design patterns library.

1. Tenable SC — Vulnerability & Patch Management

• Take ownership of Tenable Security Center (SC) and other vulnerability solutions configuration, scan policy design, and coverage assurance across full asset inventory.
• Design and implement a structured vulnerability management workflow — scan, triage, risk-rate, assign, track, and verify remediation — integrated with IT's patch management process.
• Produce weekly and monthly vulnerability dashboards for IT and InfoSec leadership showing patch SLA compliance, critical exposure trends, and remediation velocity.
• Define and enforce scan coverage SLAs: all in-scope assets scanned at appropriate frequency per asset criticality tier.
• Identify and escalate monitoring blind spots — unscanned, uncredentialed, or unreachable assets — and drive resolution with IT.
• Enable Tenable SC reporting to feed directly into KRI metrics for board-level visibility on patch SLA breach rate and vulnerability exposure.

Mandatory Experience

• Minimum 8 years in information security with strong hands-on technical depth across at least two of the three disciplines in this role.
• Proven Tenable SC (or Tenable.io) administration and workflow design experience — must be able to demonstrate scan configuration, policy tuning, and dashboard creation.
• Experience conducting security architecture reviews for banking or financial sector projects.
• Practical threat hunting experience using SIEM and EDR platforms with documented hunt outputs.
• Familiarity with MITRE ATT&CK framework and its application to threat hunting and detection engineering.

Preferred Certifications

• Tenable Certified Security Engineer (TCSE) or Tenable.sc Specialist
• GIAC Certified Enterprise Defender (GCED) or GIAC Certified Threat Intelligence Analyst (GCTI)
• CISSP — Certified Information Systems Security Professional
• SABSA Chartered Security Architect (SCF or SCP)

Preferred Experience

• Experience in Egyptian banking or financial institution regulated by CBE.
• Hands-on with F5 AWAF, Palo Alto, or equivalent network/application security controls from an assessment perspective.
• Familiarity with NIST CSF 2.0 and CBE Cybersecurity Framework control domains.

What does success look like in the first 90 days

• Tenable SC asset coverage audit completed — all gaps documented and remediation plan agreed with IT.
• First structured threat hunting mission executed with documented playbook and hunt report.
• At least two security architecture reviews completed with formal outputs submitted.
• Vulnerability management dashboard live and feeding weekly metrics to InfoSec leadership.

At Andela, we know our strengths lie in our diverse community whose talents, perspectives, backgrounds, and orientations we take pride in. Andela is committed to nurturing a work environment where all individuals are treated with respect and dignity. Everyone has the right to work in a professional atmosphere that promotes equal employment opportunities and prohibits discriminatory practices. Andela provides equal employment opportunities to all employees and applicants without regard to factors including but not limited to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, pregnancy (including breastfeeding), genetic information, HIV/AIDS or any other medical status, family or parental status, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. This commitment applies to all terms and conditions of employment, including but not limited to hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. Our policies expressly prohibit any form of harassment and/or discrimination, as stated above