Infrastructure Security Architect

Job Location: Hyderabad/Bangalore

Remote/Hybrid

Role:

The Infrastructure Security Architect defines and delivers security architecture for high-performance data center infrastructures supporting AI/ML, HPC, and large-scale storage. This role designs security controls across InfiniBand and Ethernet environments, ensuring strong isolation of management planes, authentication of control planes, and resilient protection of east-west and north-south traffic flows. The architect partners with network, platform, and operations teams to implement enforceable security standards, real-time monitoring and detection pipelines, and incident response strategies—while balancing risk reduction with performance and cost constraints.

• Core Responsibilities
• Design and implement security controls for high-performance networks (InfiniBand and Ethernet), ensuring management planes are isolated and control planes are authenticated.
• Design the placement of North-South firewalls (Internet to DC) and East-West firewalls (internal traffic) to ensure critical clusters (e.g., GPU environments) are isolated from general office or management traffic.
• Define and implement security zones (e.g., Management, Compute, Storage, and Public) and the specific least-privilege policies that govern communication between them.
• Ensure firewalls and inline security services are capable of handling high-velocity traffic without introducing latency that would degrade AI training or storage performance.
• Build security monitoring and detection pipelines using streaming telemetry (gNMI/gRPC) and SIEM integrations to detect anomalous network behavior in real-time.
• Write, publish, and maintain High-Level Security Policies and technical standards that are measurable and enforceable through automated compliance tooling.
• Conduct cost-benefit and financial analyses for security investments, balancing the cost of control against the potential impact of loss.
• Lead or coordinate technical incident response for complex infrastructure-level breaches or hardware-based vulnerabilities, including containment, eradication, and lessons learned.

• Mandatory Skillset
• Mastery of L2–L7 security controls, including stateful firewalls, DDoS mitigation strategies, and high-speed encryption for data-in-transit (MACsec/IPsec).
• Strong understanding of high-performance networking concepts across InfiniBand and Ethernet, including separation of management/control/data planes and secure authentication methods.
• Proven ability to design low-latency security architectures for high-throughput environments, with performance testing and capacity planning of firewalls and security services.
• Hands-on experience with telemetry and monitoring integrations (gNMI/gRPC, log pipelines) into SIEM platforms and real-time alerting workflows.
• Experience authoring security policies, standards, and reference architectures, and driving adoption via automation and compliance validation.
• Demonstrated incident response leadership for infrastructure security events, including forensic triage, root cause analysis, and remediation planning.
• Excellent communication and stakeholder management skills, with the ability to translate risk into technical and business terms.

• Optional Skillsets
• Experience securing GPU/HPC clusters and distributed storage systems, including segmentation patterns for RoCEv2 or InfiniBand environments.
• Familiarity with zero-trust network principles and micro-segmentation implementations in data centers.
• Experience with automation/IaC (e.g., Terraform, Ansible, Python) and policy-as-code approaches for network and security controls.
• Knowledge of vulnerability management for firmware/BIOS/ASIC components and mitigations for hardware-based threats.
• Exposure to compliance frameworks and audits (e.g., ISO 27001, SOC 2) and mapping technical controls to governance requirements.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related discipline (or equivalent practical experience).
• 8+ years of experience in infrastructure security and/or network security, with 3+ years in an architecture or technical lead capacity.
• Proven track record designing and deploying security controls in high-throughput, low-latency data center environments.
• Demonstrated ability to lead cross-functional initiatives, influence design decisions, and mentor engineers.
• Strong analytical skills including quantitative risk assessment and financial modeling for security investment decisions.

Note: Responsibilities and requirements may evolve based on business needs, security posture, and technology roadmap.