Information Security Architect

Hi,

I hope you're doing well. We have an urgent requirement for an Information Security Architect for our client. Please go through job description below and send your updated resume to or call me on to discuss further.

Role: Information Security Architect

Project Name: Medicaid Enterprise System Modular Transformation

Client: Maryland Department of Health

Location: 201 W Preston St, Baltimore, MD, 21201

Hybrid (at least 2 days on site)

Interview Type: Google Meet Video

Duration of the Contract: 6 Years

Anticipated Start Date: Immediate

Minimum US Experience 3 Years

Description:

The Maryland Department of Health (MDH) is building a web-based Provider Management Module (PMM) to support Provider Enrolment, Revalidation, Re-Enrolment, and Update services for participation in State Medicaid. We are seeking an Information Security Architect who will play a critical role in ensuring the confidentiality, integrity, and availability of our organization's information assets. The candidate will be responsible for designing and implementing robust security solutions, collaborating with cross-functional teams, and staying abreast of the latest security trends and technologies. Key duties and responsibilities include:

Duties/Responsibilities:

• Develop and maintain identity and access management strategies, including role-based access controls, authentication, and authorization mechanisms to safeguard sensitive data and systems.
• Design and implement secure API architectures, ensuring proper authentication, authorization, encryption, and auditing for seamless and secure data exchange.
• Define and enforce data security measures to uphold the Confidentiality, Integrity, and Availability (CIA) triad principles across various data types and storage systems.
• Establish and oversee application security architectures, incorporating security best practices throughout the software development lifecycle to mitigate vulnerabilities.
• Stay informed about the latest Open Web Application Security Project (OWASP) API vulnerabilities and attacks to proactively identify and address potential threats.
• Implement end-to-end security controls in web applications, ensuring compliance with FIP 140-2 requirements for encryption and other security measures.
• Leverage Splunk's threat intelligence capabilities to analyse and respond to security incidents, providing real-time insights into potential threats and vulnerabilities.
• Implement and adhere to National Institute of Standards and Technology (NIST) security controls (800-53), applying a risk-based approach to security management.
• Lead and participate in breach incident response efforts, coordinating with internal teams and external stakeholders to contain, mitigate, and recover from security incidents.
• Utilize Certified DevSecOps Professional expertise to integrate security practices into the DevOps pipeline, promoting a culture of continuous security improvement.

Education and Certification:

• Bachelor's degree in computer science, Computer Engineering or similar.
• Certified DevSecOps Professional is highly desirable.

Mandatory Experience:

• A minimum of 10 years of relevant experience in information security architecture and design.
• Proven experience with IAM solutions and role-based access controls.
• Extensive experience in designing and securing cloud-based environments, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) platforms. Proficiency in cloud security controls, identity federation, and data encryption in cloud environments.
• In-depth understanding of network security protocols, firewalls, intrusion detection/prevention systems, and VPN technologies. Ability to design and implement secure network architectures to protect against external and internal threats.
• Demonstrated expertise in API security, API gateway implementation, and secure data exchange.
• Strong understanding of the CIA triad principles and their application in data security.
• Hands-on experience working with development teams to integrate security practices into the software development lifecycle (SDLC). Familiarity with secure coding practices, code analysis tools, and continuous integration/continuous deployment (CI/CD) pipelines.
• Extensive knowledge of application security architecture and secure coding practices.
• Familiarity with OWASP API vulnerabilities and attack vectors.
• Experience working with relevant industry standards (e.g., ISO 27001, PCI DSS) and regulations.
• Experience in conducting security audits, risk assessments, and developing remediation plans.
• Hands-on experience implementing security controls in web applications, ensuring FIP 140-2 compliance.
• Proficiency in utilizing Splunk for threat intelligence and incident response.
• In-depth knowledge of NIST security controls (800-53) and their implementation.
• Track record of managing and responding to breach incidents effectively.
• Should possess excellent communication and teamwork skills, a deep understanding of industry best practices, and the ability to adapt and innovate in a rapidly evolving security landscape.
• This role requires a strategic thinker with a hands-on approach to security implementation and a strong commitment to safeguarding the organization's digital assets.

Thanks & Regards,

Rakesh Sharma

Direct:

2017, 2016, 2015, 2014 & 2013 Inc. 5000 America's Fastest-Growing Private Companies