Security Architect (100% Remote)
JOB SUMMARY
Leads the development and maintenance of security strategies, requirements, and standards for applications and platforms. Acts as a Security Subject Matter Expert (SME), providing in-depth technical guidance across various technologies and projects. Ensures seamless integration of security considerations throughout the Software Development Lifecycle (SDLC) by effectively communicating company security policies, standards, and industry best practices to program teams. Proactively identifies and mitigates security risks and vulnerabilities, collaborating with project teams to enhance security posture while optimizing for time-to-market, functionality, and scalability. Serves as the primary point of contact for escalating and resolving critical security issues and risks. Has a broad knowledge in areas of Security such as Cloud Computing, Application, IAM, Cryptography, Infrastructure, and Risk.
CANDIDATE PROFILE
Required:
- 5+ years of Information Security experience in security engineering with experience in three or more of the following areas:
- Conducting security reviews and identifying risks and gaps
- Performing security accreditations
- Developing security architectures and strategies
- Developing Enterprise security patterns
- Working with development teams and vendor teams for implementing compensating controls
- Experience in reviewing and developing Security Architectures, identifying security risks/gaps, and designing mitigation strategies
- 3+ years of combined experience in five or more of the following areas:
- Operating systems (Windows, Unix, and Linux)
- IP networks (WAN and LAN)
- Front-end Web Protections (e.g., Akana)
- Bot protections and other internet monitoring and protection methods/technologies
Preferred:
- Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
- Change management
- Configuration management
- Asset management
- Incident management
- Problem management
- Ability to provide security requirements for areas including but not limited to Cloud Computing, Application Development, IAM, Cryptography, and Infrastructure design and standards
- Experience in developing Enterprise Security Strategies
- Documented experience and strong working knowledge of methodologies to conduct threat-modeling exercises on new applications and services
- Experience designing the deployment of applications and infrastructure into internal, hybrid, and public cloud services
- Experience working with diverse and distributed global teams
- Current information security certification(s) such as CISSP, CISM, CCSP, GIAC certifications, ITIL
- Knowledge of industry standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK & CAPAC, STRIDE, NIST 800-53, CIS Benchmarks, etc.