Job Description TITLE:
Senior Information Security ArchitectLocation:
As a Senior Information Security Architect, Candidate will work closely with IT and business senior leaders to drive a security-minded culture, while defining standards and maintaining security controls at the Enterprise level. Candidate will have the critical responsibility to identify, document and communicate complex security and technical issues, in a simplified, non-technical way to a broad audience; from developers to senior executives.
A curious, self-starter Willing to challenge the status-quo with the mindset of continuous improvement and a drive for seamless execution. Will be a security champion within Information Security that influences and inspires people from a range of disciplines, as well as colleagues and internal clients at every level.
- Work across the business to define technical and functional requirements covering areas of software design, including microservice APIs, Cloud Services (Azure, AWS, etc.), and XaaS integration
- Work with software/infrastructure architects and leads to ensure security components (security technology, operations, and management) are integrated into the design as defined in the requirements
- Azure Enterprise Mobility and Security Suite (EM+S) design and implementation
- O365 Security and Compliance control and standards
- Assist in designing containerization/microservices security architecture, standards and procedures
- Design and develop cost effective security solutions that meet functional, technical, and performance requirements
- Review security architecture deliverables throughout software/system development to ensure quality and requirement traceability
- Ensure adherence to all regulatory and security industry best practices (NYDFS, Client, OWASP, SANS, NIST)
- Assess the software/systems security architecture, ensuring that it meets business and security requirements, as well as industry regulations.
- Security Architecture from hardware, network and software
- Identify gaps and omissions in the end-to-end solution
- Take ambiguous requirements and identify, suggest, and implement effective compensating controls in a complex, fast-moving, and regulated cutting-edge environment
Education & Experience
- Partner with key stakeholders to ensure security is embedded into DevOps and CI/CD pipeline
- Identify and communicate any cross area or cross release issues that affect other project areas
- Work with other software/infrastructure architects and leads to define a governance process to ensure continued compliance to stated security design requirements
- Document and communicate the status of progress against plans, taking corrective action as necessary
- Bachelors (BS) degrees in related technical field AND 6 years' IT Security experience or 10 years' experience including following:
- Designing and building secure systems, networks, and infrastructures
- Defining enterprise, infrastructure, or application security architecture and security standards
- Defining cloud architectures and API web-services delivery, risks, and controls
- Experience in two or more of the following security frameworks and standards; NIST CSF, NIST 800-53, ISO/IEC 27001, ITIL, COBIT, SABSA, TOGAF
- Experience with Secure Software Development Life Cycle (SDLC) process and CI/CD (DevSecOps) pipeline including experience with:
- GitHub, Artifactory, SonarQube, and Jenkins
- Architecture, Design, Build and Operationalize Redhat OpenShift environment
- In-depth knowledge of best practices around developing micro services architectures
- Application development using Java EE, Spring framework integrating with OpenShift
- Configuration management, infrastructure, and application deployments in a toolset such as Puppet, Chef, Ansible
- Experience designing and implementing Container Security, API Security, and Azure Cloud Security
- Demonstrated experience in security integration using oAuth, OpenID Connect, SAML, and LDAP
- Certified Information Systems Security Professional (CISSP) required or able to attain within 6 months of hire
- Knowledge of Containerization technologies such as; Kubernetes, Openshift, Docker
- Knowledge of security industry best-practices, including nonrepudiation, auditing, and monitoring
- Familiarity with agile development
- Any additional security certifications, such as:
- Offensive Security Certified Professional (OSCP)
- Certificate of Cloud Security Knowledge (CCSK)
- Information Systems Security Architecture Professional (ISSAP)
A coach who knows how to guide others. A good listener and an effective communicator who can execute, lead by example and add business value.
Candidate will want to part of a culture and a team where you have a voice, and you respect the voices of others.
Be a part of the ConsultNet difference. As a leading national provider of IT staffing and solutions, ConsultNet delivers exceptional services to startup, midmarket and Fortune 1000 companies across North America. Since 1996, we've partnered with clients to create rewarding opportunities for our consultants, successfully building teams that have surefire results.
In the past two years alone, we have placed more than 1,500 consultants in contract, contract-to-hire, or direct placement opportunities. We understand communication is key to finding the right job that matches your skills and career goals. For us, it's not just the work that we do; it's how we do the work. Our breadth of offerings extends to multiple IT positions in major markets throughout the country, see more at - www.consultnet.com