Secure Development Lifecycle (SDL) / Cybersecurity Architect

Responsibilities

• Define and institutionalize Secure SDLC framework across AVEVA solutions
• Embed security controls into design, development, testing, deployment, and maintenance.
• Establish and perform threat modeling, secure coding standards, and code review practices.
• Own security architecture for applications, APIs, cloud workloads, and supporting platforms.
• Establish & perform secure coding standards and developer enablement (secure coding playbooks, training, guardrails).
• Ensure vulnerability management and patch governance across product lifecycle.
• Develop reference architectures focused on cyber security for cloud, on-prem, IoT, and hybrid environments.
• Conduct architecture risk assessments and security design reviews.
• Lead Zero Trust, identity, encryption, and data protection strategies.
• Define security patterns aligned to industry standards (ISO 27001, NIST, IEC 62443, etc.).
• Conduct product risk assessments and cybersecurity impact analysis.
• Has knowledge of EU Cyber Resilience Act
• Ensure "secure-by-default" configuration in products with digital elements.
• Prepare for regulatory audits and compliance certifications.
• Conduct product risk assessments and cybersecurity impact analysis.
• Guide developers & tester for secure testing.
• Support creation of compliance artifacts (architecture documentation, risk assessments, security requirements, SBOM processes, vulnerability handling process

Requirements

• 8-12 years in development (.Net, Web, Cloud) and cybersecurity with strong experience in security architecture and application/product security.
• Strong experience in Architecting & design experience in developing multi-tier software or solution.
• Expertise in Secure Development Lifecycle frameworks in agile/DevOps environments.
• Strong experience in
• Static Code analysis tools
• Threat modelling (STRIDE, attack trees)
• Security design reviews, secure coding practices
• Cloud security (AWS, Azure, GCP) nice to have
• OWASP Top 10, API security, authentication/authorization (OAuth2/OIDC, SSO, RBAC/ABAC)
• Secure Testing (Fuzz Testing, Penetration Testing)
• Secure API practices: input validation, rate limiting, secure headers, CORS, secrets handling
• API design & development (REST/GraphQL), versioning, pagination, error handling
• Vulnerability management lifecycle and tooling integration
• Writing high-quality code: unit/integration tests, code reviews, refactoring, clean architecture
• Preparing technical documentation for regulatory audits.
• Experience in Industrial automation company or domain is desirable.
• Knowledge of EU Cyber Resilience Act (CRA) concepts and practical implementation needs is desirable
• Knowledge of global cybersecurity regulations (NIS2, GDPR, etc.) is desirable
• Services at AVEVA
• Find out more: https://www.aveva.com/en/about/careers/
• India Benefits include:
• Gratuity, Medical and accidental insurance, very attractive leave entitlement, emergency leave days, childcare support, maternity, paternity and adoption leaves, education assistance program, home office set up support (for hybrid roles), well-being support
• It's possible we're hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.
• Find out more: aveva.com/en/about/careers/benefits/
• Hybrid working
• By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.
• Hiring process
• Interested? Great! Get started by submitting your cover letter and CV

Benefits

Additional Information

AVEVA is creating software trusted by over 90% of leading industrial companies. Job Title: Secure Development Lifecycle (SDL) / Cybersecurity Architect Location: Hyderabad, India Employment Type: Full-time, hybrid work arrangement The job We are seeking a senior cybersecurity leader with deep expertise in Secure Development Lifecycle (SDLC), enterprise security architecture, and strong knowledge of the Cyber Resilience Act (CRA). This role will drive secure-by-design engineering practices, ensure regulatory compliance for products with digital elements, and embed cybersecurity governance across the product lifecycle. The candidate will act as a strategic advisor to Engineering, Product, Legal, and Compliance teams while defining security architecture standards aligned with global cybersecurity regulations.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at aveva? Share your experience