Vacancy Notice 1792

INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime. 

INTERPOL actively encourages applications from women and nationals of member countries that are currently unrepresented among our staff (please click on this link to access the list of countries). Candidates from these countries are particularly encouraged to apply. 

INTERPOL’s recruitment process is merit-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization.

Job Title: Security Architect  
Reporting To: Head of Engineering and solution design
Location: Lyon 
Type of contract: Fixed-term Contract [Click and drag to move]
Duration (in months): 36.00
Grade: 4   
Number of post: 1
Level of Security screening:  Enhanced
Deadline for application: 6 June 2026

Conditions applying for all candidates

Only professional experience for which candidates can provide official proof of employment will be considered. Candidates could be requested to provide copies of such official documents prior to interviews/test.

* Subsequent extension to this post will be subject to the terms of the Organization’s Staff Manual, to satisfactory performance and to availability of funds.

Tests/interviews in connection to this selection procedure will take place approximately 1/3 weeks after the deadline for applications. Applicants are kindly requested to plan their availability during this period accordingly, in case they are short-listed.

​Selected candidates will be expected to report for duty approximately one to three months after receiving an offer of employment at the latest.

This selection exercise may be used to generate a reserve list of suitable candidates that may be used to address Organization's similar staffing needs in the future.

As part of the General Secretariat of INTERPOL, the world’s largest International Criminal Police Organization, the Information and Communication Technologies (ICT) Executive Directorate delivers trusted, secure, and innovative digital platforms and services that enable global police cooperation.

ICT constitutes the technological backbone of the Organization, providing the trusted, secure, and innovative platforms and services that allow law enforcement agencies across member countries to collaborate effectively and securely.

In this context the incumbent serves as the Security Architecture authority under the Chief Technology Officer (CTO), responsible for defining, governing, and evolving the organization’s security architecture strategy to ensure secure, resilient, and compliant ICT systems across all platforms and services. The incumbent leads the integration of security-by-design principles into the full lifecycle of ICT solutions, from concept to deployment, and champions a culture of security ownership across engineering, operations, and solution architecture teams.

Working in close collaboration with the Head of Engineering and Solution Design, the incumbent ensures that security architecture is embedded as a foundational component of all platform and solution designs, aligned with enterprise standards, regulatory obligations, and evolving threat landscapes. The incumbent is accountable for the maturity, consistency, and adoption of secure architectural patterns, governance frameworks, and DevSecOps practices across INTERPOL’s ICT ecosystem.

DUTY 1 - Security Design Authority  

• Translate security requirements into scalable architecture patterns aligned with: NIST CSF, ISO 27001, CIS Controls v8, and Zero Trust (NIST 800-207). 
• Lead the development of security architecture blueprints for cloud-native and hybrid environments 
• Drive architectural governance and participate in design review boards as the security lead. 
• Review and approve solution architectures, technical designs, and integration patterns from a security perspective. 
• Define security reference architectures and reusable security components for infrastructure, applications, and data. 
• Collaborate with solution architects, product owners, and engineering teams to embed security into platform and application designs, based on the organization’s security policies and standards. 
• Ensure consistent application of security principles across the organization through design patterns and policy integration. 
• Continuously evolve the security architecture based on threat intelligence, emerging risks, and changes in business or technology strategy 

DUTY2 - Governance, Risk, and Standards Alignment 

• Partner with engineering, DevOps, QA, and compliance teams to drive a unified DevSecOps culture and implement governance frameworks such as ISO/IEC 27001, NIST CSF
• Contribute to policies and standards development, security assessments, and audit readiness. 

DUTY 3 - Secure Software Development Lifecycle & DevSecOps 

• Own and enhance the Secure Software Development Lifecycle in alignment with NIST SSDF, OWASP SAMM, and BSIMM. 
• Perform and lead secure design reviews, threat modeling (STRIDE, PASTA), and code security assessments. 
• Drive developer enablement: build playbooks, training materials, and run threat modeling workshops. 
• Design and implement secure CI/CD pipelines with integrated tools for: SAST, DAST, SCA, IaC scanning, Secrets detection. 
• Tooling: Source Code Control, Static Code analysis, Dynamic Code Analysis, Secret management and deployment, Container Scanning 
• Automate security gates in build/test/deploy stages across multi-cloud environments. 
• Enforce security guardrails using policy-as-code 

DUTY 4 - Cloud-native Security 

• Define and implement cloud-native security controls on-prem and on-public-cloud aligned with CIS Benchmarks, NIST 800-53, NIST 800-190, and MITRE ATT&CK for Cloud. 
• Secure container workloads and container scanning tools  
• Implement workload identity, least privilege, and multi-cluster runtime protections. 

DUTY 5 - API Security & Software Supply Chain Protection 

• Secure REST and GraphQL APIs with OAuth2.0/OIDC, schema validation, rate limiting, and OWASP API Security Top 10. 
• Build controls around third-party libraries, packages, and image repositories using SBOM generation and validation. 
• REST API Gateway security
• Drive adoption of secure artifact signing and provenance validation in the CI/CD process.

DUTY 6 – OTHER DUTIES

• Perform any other duties as required by the supervisor.

Education and qualification required/FORMATION:

• University degree (3 to 4 years) in computer science, information security, or related field, or specialized higher education establishment. 
• One or more of the following industry certifications:

• DUTY1 (Security Architecture): SABSA, CISSP
• DUTY2 (GRC & Risk): CISM, CRISC, ISO 27001 Lead Implementer
• DUTY3 (Secure SDLC): CSSLP, GSSCS, DevSecOps Practitioner
• DUTY4 (Cloud & DevSecOps): CCSP, CKS, GCSA
• DUTY5 (API & Supply Chain): API Security Engineer, OpenSSF, SANS GSSCS

Experience required:

• At least 5 years of experience in a large and complex IT enterprise environment.
• Proven hands-on multi-year experience in security roles, with at least 3+ years as a Security Architect. 
• Proven experience implementing DevSecOps practices in enterprise-level CI/CD pipelines. 

languages:

• Fluency in English is required.
• Proficiency of a second official working language of the Organization (Arabic, French or Spanish) would be an additional asset

Abilities required :

• Excellent interpersonal and problem-solving skills; ability to work effectively in multicultural and diverse environments.
• Proven results-oriented and goal-driven attitude.
• Skilled in training and enabling development teams through workshops, playbooks, and secure coding guidance.
• Strong ability to translate complex security requirements into scalable architecture and design patterns.
• Expertise in enterprise security architectures for cloud-native, hybrid, and on-prem environments.
• Proven leadership in security reviews, governance processes, and architectural consistency.
• Experience defining reference architectures, reusable components, and security blueprints.
• Deep knowledge of DevSecOps, SSDLC, and security tooling (SAST, DAST, SCA, IaC, container scanning, secrets detection).
• Ability to embed security into DevOps workflows using automation and policy-as-code.
• Expertise in cloud-native and container security (CIS Benchmarks, workload identity, runtime protections).
• Strong skills in API security and software supply chain protection (OAuth2.0/OIDC, SBOMs, artifact signing, API gateways).
• Knowledge of Web Application Firewalls (WAFs) and OWASP Top 10 defenses.
• Ability to continuously adapt based on threat intelligence and MITRE ATT&CK mapping.