Security Architect

Definition

Security Architect: the role that is played when a person architects the security countermeasures of one or more systems, applications, components, or centers

As illustrated in the preceding figure, Security Architect is part of the following inheritance hierarchy.

The typical role-specific responsibilities of a Security Architect are to:

Review the security requirements.
Develop the security architecture of the:
- Application(s).
- Contact center(s).
- Data center(s).
Ensure that the system architecture (data center, software, hardware, and network) meets the security requirements.
Develop the security mechanisms in the software architecture.
Ensure the integrity of the architectures with regard to security.

Security Architect typically inherits the general role responsibilities from the Role method component.

To fulfill these responsibilities, a Security Architect typically should have the following personal characteristics, expertise, training, and experience:

A Security Architect should typically have the following personal characteristics:

The ability to think like an attacker.
Strong in strategic and analytical thinking.
Able to see and understand:
- The context of the security architecture.
- The big picture without being caught up in diversionary details.
- Beyond the obvious.
- Patterns or connections between situations that are not obviously related.
- Key or underlying issues in complex situations.
Excellent verbal and written communication skills, and thus able to explain the security architecture to its diverse stakeholders.

A Security Architect should typically have the following expertise:

Expert knowledge of and experience with security engineering tasks, techniques (e.g., passwords, encryption/decryption, digital signatures), and tools.
Expert knowledge of security architectural mechanisms and components (e.g., firewalls).
Solid knowledge of applications, contact centers, and data centers.
Basic knowledge of the customer’s business and application domain(s).

A Security Architect should typically have the following training:

A Security Architect should typically have the following experience:

A minimum of 2 year‘s experience working as a Security Engineer on similar endeavors.

A Security Architect typically performs the following role-specific tasks in an iterative, incremental, parallel, and time-boxed manner:

Security Architecting:
- Architecture Reuse:
- Architectural Patterns Selection
- Logical Architecture Production
- Physical Architecture Production
  (e.g., data, hardware, software, and personnel components)
- Architectural Mechanism Production
- Architecture Documentation
- Architecture Integrity Assurance
Quality Control:
- Quality Control - Environments Evaluation
- Quality Control - Requirements Evaluation

Security architects typically inherit common role tasks from the Role method component.

A Security Architect typically performs these tasks as a member of the following teams:

As a member of these teams, a Security Architect typically produces all or part of the following work products:

Architecture Work Products:
- System Architecture Document (e.g., security hardware)
- Software Architecture Document (security mechanisms)
- Contact Center Architecture Document (security hardware and mechanisms)
- Data Center Architecture Document (security hardware and mechanisms) (security hardware and mechanisms)
Quality Work Products:
- Inspection Report
- Inspection Summary Report

Security architects should work closely with security analyst and security engineers.
On small projects, the same person may play the security analyst, security architect, and security engineer roles.
This role typically inherits the common team guidelines from the Role method component.