Secure Development Lifecycle (SDL) / Cybersecurity Architect

AVEVA is creating software trusted by over 90% of leading industrial companies.

• Define and institutionalize Secure SDLC framework across AVEVA solutions
• Embed security controls into design, development, testing, deployment, and maintenance.
• Establish and perform threat modeling, secure coding standards, and code review practices.
• Own security architecture for applications, APIs, cloud workloads, and supporting platforms.
• Establish & perform secure coding standards and developer enablement (secure coding playbooks, training, guardrails).
• Ensure vulnerability management and patch governance across product lifecycle.
• Develop reference architectures focused on cyber security for cloud, on-prem, IoT, and hybrid environments.
• Conduct architecture risk assessments and security design reviews.
• Lead Zero Trust, identity, encryption, and data protection strategies.
• Define security patterns aligned to industry standards (ISO 27001, NIST, IEC 62443, etc.).
• Conduct product risk assessments and cybersecurity impact analysis.
• Has knowledge of EU Cyber Resilience Act
• Ensure “secure-by-default” configuration in products with digital elements.
• Prepare for regulatory audits and compliance certifications.
• Conduct product risk assessments and cybersecurity impact analysis.
• Guide developers & tester for secure testing.
• Support creation of compliance artifacts (architecture documentation, risk assessments, security requirements, SBOM processes, vulnerability handling process

• 8-12 years in development (.Net, Web, Cloud) and cybersecurity with strong experience in security architecture and application/product security.
• Strong experience in Architecting & design experience in developing multi-tier software or solution.
• Expertise in Secure Development Lifecycle frameworks in agile/DevOps environments.
• Strong experience in
  • Static Code analysis tools
  • Threat modelling (STRIDE, attack trees)
  • Security design reviews, secure coding practices
  • Cloud security (AWS, Azure, GCP) nice to have
  • OWASP Top 10, API security, authentication/authorization (OAuth2/OIDC, SSO, RBAC/ABAC)
  • Secure Testing (Fuzz Testing, Penetration Testing)
  • Secure API practices: input validation, rate limiting, secure headers, CORS, secrets handling
  • API design & development (REST/GraphQL), versioning, pagination, error handling

• Vulnerability management lifecycle and tooling integration
• Writing high-quality code: unit/integration tests, code reviews, refactoring, clean architecture
• Preparing technical documentation for regulatory audits.

• Experience in Industrial automation company or domain is desirable.
• Knowledge of EU Cyber Resilience Act (CRA) concepts and practical implementation needs is desirable
• Knowledge of global cybersecurity regulations (NIS2, GDPR, etc.) is desirable

India Benefits include:  

It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

Find out more: aveva.com/en/about/careers/benefits/

Hybrid working

By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

Hiring process

Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.

Find out more: aveva.com/en/about/careers/hiring-process

About AVEVA

AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably.

We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/

Find out more: aveva.com/en/about/careers/

AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check.  Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.  AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.