Security Architect 

Role Overview

The Security Architect will support the security and compliance assessment activities. The role focuses on evaluating the security posture, configuration hardening practices, operational risk exposure, and compliance constraints. 

The engagement is assessment and advisory only and does not include security implementation, remediation execution, vulnerability testing, or penetration testing.

The environment includes:

• Oracle 10g database

• Oracle Forms and Reports legacy environment

• Ruby on Rails components

• Hybrid infrastructure (cloud and on-premise)

Key Responsibilities

Security and Compliance Screening

Conduct security posture evaluation including:

• Privilege exposure review (read-only analysis)

• Configuration hardening observations

• Identification of operational security risk exposure

• License-safe validation confirmation

The security review must support risk identification and structured advisory findings.

Data Protection and Privacy Compliance Review

Ensure that assessment activities comply with Ateneo security and privacy requirements, including:

• Adherence to Ateneo Data Privacy and Information Security policies

• Compliance with the Data Privacy Act of 2012 (RA 10173) where applicable

• Ensuring that no production data is exported outside Ateneo-controlled infrastructure without authorization

Security assessment activities must align with the execution guardrails defined for the engagement.

Operational Security Risk Identification

Assess system exposure related to:

• Legacy technology components

• Operational configuration practices

• Infrastructure and application security posture

Findings must be documented as part of the Evidence Register and Risk Register for the engagement.

Support Technical Debt Quantification

Contribute to identifying security-related technical debt including exposure associated with:

• End-of-life technology components

• Legacy authentication mechanisms

• Limited encryption posture

• Outdated infrastructure or system components

Security risks must be documented with impact analysis and cost-of-inaction considerations.

Governance and Compliance Controls

Support validation that assessment activities comply with:

• Oracle license-safe protocol requirements

• Ateneo security guardrails

• Information security approval requirements for tools and scripts used during the assessment

Security controls must ensure that:

• No unlicensed Oracle features are triggered

• No production data is exported

• All tools used are approved by Ateneo Information Security.

Scope Limitations

The following activities are explicitly outside the scope of this role:

• Vulnerability Assessment

• Penetration Testing

• Security implementation or remediation

Security responsibilities are limited to screening, observation, and advisory findings.

Required Experience

Candidates must demonstrate experience in:

• Security posture assessment in enterprise IT environments

• Infrastructure and application security configuration review

• Security risk identification within legacy technology stacks

• Security governance and compliance practices

Experience working with mission-critical enterprise systems or legacy environments is required.