Vacant job

Avaron AB is a growing consultancy focused on technology, finance, and business support. We match your expertise with the market's most interesting assignments, offering a platform where your professional development is central.

We are looking for an experienced Security Architect to define and evolve security architecture in a cloud-native environment. You will work closely with architects, leads, DevOps teams and a central cybersecurity function to ensure security is embedded end-to-end—aligned with customer needs, regulatory requirements, and internal policies.

This role has a strong focus on secure architecture, risk-based decision-making, and long-term platform resilience across AWS and multi-cloud setups.

• Define and continuously improve the security architecture, ensuring alignment with regulatory requirements and internal security policies.
• Embed security across the full software development lifecycle and guide teams in secure-by-design and cloud-native security best practices.
• Identify, assess, and manage vulnerabilities and risks, driving mitigation actions and ensuring security controls meet applicable standards.
• Collaborate with cybersecurity specialists, solution architects and other stakeholders.
• Evaluate technologies and third-party solutions, and lead design reviews with emphasis on threat modeling, secure architecture and maintainability.
• Support continuous improvements in detection, incident response and overall resilience.
• Support security assessments, reviews, and internal/external audits.
• Contribute to roadmaps and long-term technical direction with security built into future platform evolution.

• Proven experience working as a Security Architect.
• Experience in cloud-native environments, with strong AWS expertise and ability to work across multi-cloud setups such as Azure.
• Strong understanding of secure development practices (SDLC).
• Familiarity with security frameworks such as ISO 27001 and NIST 800-53.
• Hands-on experience designing and securing cloud-based backend environments in AWS, including IAM, networking, monitoring and cloud-native security controls.
• Practical experience with DevSecOps practices and tools, such as SAST, SCA, dependency scanning, secrets scanning, and infrastructure-as-code security.
• Ability to perform and document risk assessments, threat modeling, secure design and architecture reviews in a structured way.

• Experience with connected services and large-scale distributed systems.
• Experience with PKI (onboarding/offboarding).
• Familiarity with UNECE R155.

Selections are made on an ongoing basis, so we recommend that you apply as soon as possible.