Duration: Perm FTE
Location: Hybrid in West Palm Beach, FL
Pay Range: $150K plus 15% annual bonus
Exact compensation may vary based on several factors, including skills, experience, and education.
Must Haves:
- 8+ years of experience as an IT Security professional with at least 5 years architecting and leading solutions in a hybrid environment with a heavy focus on Microsoft and/or Azure
- Broad security knowledge working in a heterogeneous environment of diverse applications, systems, databases, SaaS solutions and on premise as well as Cloud-based security offerings
- A minimum of a Bachelor’s Degree in Information Systems, Computer Science, Engineering, or equivalent experience - In lieu of a Bachelor’s Degree, 8+ years of relevant field experience will be considered
- CISSP, Microsoft/Azure, and/or SANS certification preferred
- Excellent Communication Skills are a must
Day to Day:
- Performs security architecture, related documentation, and validates solution designs spanning multiple domains: SAP and other critical business applications, Data, Cloud and On-prem Infrastructure, Mobile, Networking, Operational Technology “OT”, etc.
- Create, manage, and update Standard Operating Procedures as needed
- Functions as a Subject Matter Expert (SME) regarding security integrations and authentication elements such as Microsoft Security, Azure Security, O365 Security, SSO (SAML, OIDC, LDAP, etc.), Certificates, Multi Factor Authentication, VPN, ZTNA Architecture, Active Directory Federation, Reverse Proxy, Identity and Access Management, SIEM, e-mail security solutions (Abnormal, Defender, Proofpoint, etc), URL Filtering (ForcePoint), PAM, SecureAuth, etc.
- Works closely with the Security Engineer(s), Infrastructure, SAP BASIS, Partners and Solutions teams to ensure designs are functionally sound and based on best practice security standards
- Works expressly with the Enterprise Architecture team to design, validate and implement effective and compliant Security Controls; cooperates on implementing a compliance-based Segregation of Duties (SoD) strategy and robust, risk-based operational security model; takes an active role to ensure consistency of standards, practices and policies related to security operations and implemented solutions
- Works with security peers, Infrastructure, BASIS, Partners, and others to evolve security related processes and implement risk-based, prioritized security; leads effort and coordination with Infrastructure and Managed Security Service Provider(s) on asset management cataloguing for risk mitigation / risk assessment purposes
- Collaborates on Security Integration architectures for corporate acquisitions
- Evaluates security questionnaires for vendors and analyses the potential security impact including risks, threats, vulnerabilities, and process bottlenecks for solutions under consideration, and ensures solutions (application, service, database, network, infrastructure, mobile, cloud) can be implemented using best practice standards and innovations
- Leads internal initiatives to periodically review and perform operational risk assessments and analysis, vulnerability reviews, compliance violation checks, partner re-certifications, penetration testing and other activities to address potential security risks
- Participates in corporate and external security audit proceedings
- Coordinates the security patch management program for servers, systems, applications, and devices
- Leads the effort to architect and validate a preferred IAM solution and designing the integration points
- Functions as the lead to evolve the SIEM / Advanced (Real time) Threat Management strategy and its functional architecture
- Coordinates inner team and cross team communications and activities that improve and sustain operational security functions related to support, maintenance, optimizations, and projects as warranted
- Provides relevant security training to team members to improve their skills and abilities as security professionals
- Stays current on modern day security practices and techniques and evaluates new offerings and methodologies that potentially minimizes the company’s security risk on an ongoing basis
- Establish a threat modeling methodology to identify, classify, prioritize, and report on cyber threats using a structured approach
- Collect information on threats to the organization through communication with other partner institutions, mailing lists, open-source news, and industry partnerships
- Provide awareness to internal teams and leadership on changes to the cyber threat landscape