Security Architect

INTERPOL actively encourages applications from women and nationals of member countries that are currently unrepresented among our staff. Candidates from these countries are particularly encouraged to apply.

INTERPOL facilitates cross-border police cooperation.

Job Title

Security Architect

Location

Lyon

Contract type

Fixed-term contract – 36 months

Reporting to

Head of Engineering and Solution Design

Conditions applying for all candidates

• Only professional experience for which candidates can provide official proof of employment will be considered. Candidates may be asked to provide copies of such documents prior to interviews/test.
• Subsequent extension to this post will be subject to the terms of the Organization’s Staff Manual, to satisfactory performance, and to availability of funds.

SUMMARY OF DUTIES, INCLUDING GOALS AND OBJECTIVES OF THE POST

As part of the General Secretariat, the ICT Executive Directorate delivers secure digital platforms and services that enable global police cooperation. The incumbent serves as the Security Architecture authority under the Chief Technology Officer (CTO), responsible for defining, governing, and evolving INTERPOL’s security architecture strategy to ensure secure, resilient, and compliant ICT systems across all platforms and services.

DUTY 1 – Security Design Authority

• Translate security requirements into scalable architecture patterns aligned with NIST CSF, ISO 27001, CIS Controls v8, and Zero Trust (NIST 800‑207).
• Lead the development of security architecture blueprints for cloud‑native and hybrid environments.
• Drive architectural governance and participate in design review boards as the security lead.
• Review and approve solution architectures, technical designs, and integration patterns from a security perspective.
• Define security reference architectures and reusable security components for infrastructure, applications, and data.
• Collaborate with solution architects, product owners, and engineering teams to embed security into platform and application designs, based on the organization’s security policies and standards.
• Ensure consistent application of security principles across the organization through design patterns and policy integration.
• Continuously evolve the security architecture based on threat intelligence, emerging risks, and changes in business or technology strategy.

DUTY 2 – Governance, Risk, and Standards Alignment

• Partner with engineering, DevOps, QA, and compliance teams to drive a unified DevSecOps culture and implement governance frameworks such as ISO/IEC 27001 and NIST CSF.
• Contribute to policies and standards development, security assessments, and audit readiness.

DUTY 3 – Secure Software Development Lifecycle & DevSecOps

• Own and enhance the Secure Software Development Life Cycle in alignment with NIST SSDF, OWASP SAMM, and BSIMM.
• Perform and lead secure design reviews, threat modelling (STRIDE, PASTA), and code security assessments.
• Drive developer enablement: build playbooks, training materials, and run threat modelling workshops.
• Design and implement secure CI/CD pipelines with integrated tools for SAST, DAST, SCA, IaC scanning, and secrets detection.
• Automate security gates in build/test/deploy stages across multi‑cloud environments.
• Enforce security guardrails using policy‑as‑code.

DUTY 4 – Cloud‑native Security

• Define and implement cloud‑native security controls on‑prem and on‑public‑cloud aligned with CIS Benchmarks, NIST 800‑53, NIST 800‑190, and MITRE ATT&CK for Cloud.
• Secure container workloads and container scanning tools.
• Implement workload identity, least privilege, and multi‑cluster runtime protections.

DUTY 5 – API Security & Software Supply Chain Protection

• Secure REST and GraphQL APIs with OAuth2.0/OIDC, schema validation, rate limiting, and OWASP API Security Top 10.
• Build controls around third‑party libraries, packages, and image repositories using SBOM generation and validation.
• REST API Gateway security.
• Drive adoption of secure artifact signing and provenance validation in the CI/CD process.

DUTY 6 – Other Duties

• Perform any other duties as required by the supervisor.

Qualifications, Competencies And Skills

• University degree (3‑4 years) in computer science, information security, or related field, or specialized higher education establishment.
• One or more of the following industry certifications:
  • Security Architecture: SABSA, CISSP
  • Governance, Risk & Compliance: CISM, CRISC, ISO 27001 Lead Implementer
  • Secure SDLC: CSSLP, GSSCS, DevSecOps Practitioner
  • Cloud & DevSecOps: CCSP, CKS, GCSA
  • API & Supply Chain: API Security Engineer, OpenSSF, SANS GSSCS

• At least 5 years of experience in a large and complex IT enterprise environment.
• Proven hands‑on multi‑year experience in security roles, with at least 3+ years as a Security Architect.
• Proven experience implementing DevSecOps practices in enterprise‑level CI/CD pipelines.

• Fluency in English is required.
• Proficiency of a second official working language of the Organization (Arabic, French, or Spanish) would be an additional asset.

• Excellent interpersonal and problem‑solving skills; ability to work effectively in multicultural and diverse environments.
• Proven results‑oriented and goal‑driven attitude.
• Skilled in training and enabling development teams through workshops, playbooks, and secure coding guidance.
• Strong ability to translate complex security requirements into scalable architecture and design patterns.
• Expertise in enterprise security architectures for cloud‑native, hybrid, and on‑prem environments.
• Proven leadership in security reviews, governance processes, and architectural consistency.
• Experience defining reference architectures, reusable components, and security blueprints.
• Deep knowledge of DevSecOps, SSDLC, and security tooling (SAST, DAST, SCA, IaC, container scanning, secrets detection).
• Ability to embed security into DevOps workflows using automation and policy‑as‑code.
• Expertise in cloud‑native and container security (CIS Benchmarks, workload identity, runtime protections).
• Strong skills in API security and software supply chain protection (OAuth2.0/OIDC, SBOMs, artifact signing, API gateways).
• Knowledge of Web Application Firewalls (WAFs) and OWASP Top 10 defenses.
• Ability to continuously adapt based on threat intelligence and MITRE ATT&CK mapping.