The Senior Lead Cyber Security Architect position is a hybrid role combining key aspects of Architecture and Engineering. This position requires the selected candidate to possess business insight; technical acuity; and the ability to think, communicate and write at various levels of abstraction. This position contributes to improving our Information Security program, through formal Information Security architecture processes that deliver consistent, optimal and resilient solutions that satisfy the business requirements for security services. This position works on multiple projects as a project leader or as the subject matter expert and is expected to coach and mentor more-junior technical staff. This position assists on, plans, and carries out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
This role partners with the Director, Information Security & Compliance and works closely with enterprise architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently across the following areas:
This position is remote and will require you to interact with your colleagues and leadership remotely.
- Security infrastructure; program development and delivery
- Security governance, policies, standards, guidelines and procedures
- Security infrastructure implementation, technology evaluation and solution recommendation
- Security management for all threat and vulnerability solutions and guidelines
1. Serves as a security expert in network design, database design, platform security (cloud, operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
2. Researches, designs, and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors
3. Develops the business, information, and technical artifacts that constitute the enterprise information security architecture and solutions
4. Ensures security architecture standards and solutions meet business objectives and regulatory compliance requirements
5. Contributes to the alignment of security governance with Enterprise Architecture (EA) governance and project and portfolio management (PPM)
6. Assists with the Threat Vulnerability Management Process
7. Implements complex security architecture project tasks including providing requirements for designing and implementing components of the Information Security program
8. Interfaces with external departments and vendors to provide expert-level consultation concerning Information Security architectures and the implementation and integration with existing network environments, applications, and services
9. Evaluates third party products and services to verify that they meet security standards and will integrate seamlessly and securely into the IT computing architecture
10. Assist with designing and developing security policies, standards, and procedures e.g. firewall management, SSL/IPSec, security incident and event management (SIEM), data protection (DLP, encryption), user account management (SSO, SAML), and password/key management
Min 10 years' experience
Professional designation/certification, such as OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Professional), or equivalent is desired
Level of Formal Education: Bachelors or Relevant Work Experience Area of Study: Computer Science, Information Management, Security, Compliance or Relevant Work Experience
- Deep knowledge of web-related technologies (Web applications, Web Services, and Service-Oriented Architectures) and of network/web related protocols
- Experience successfully designing and developing security policies, standards, and procedures e.g. firewall
- management, SSL/IPSec, security incident and event management (SIEM), data protection (DLP, encryption), user account management (SSO, SAML), and password/key management
- Experience with a combination of the following: C or C++/Java/Ruby/ASM/other languages, scripting languages (Bash, Perl, Python), web application testing/exploitation, database testing/exploitation or cloud instance testing/exploitation is preferred
- Knowledge of and experience with cloud architecture deployments across key security domains, including, but not limited to, Data Security, Network Security and Identity & Access Mngmt.
- Experience designing the secure deployment and monitoring of applications and infrastructure into public cloud services (e.g., AWS or Microsoft Azure)
- Proven ability to work and interact closely with senior management levels to determine their business needs and obtain support for initiatives
- Strong leadership and organizational experience
- Strong security technical skills with the ability to synthesize relevant information and make key decisions
- Strong analytical skills to relate security requirements to appropriate security controls
- Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation • Excellent communication abilities and relationship building skills
- Written, verbal, and presentation skills with the ability to effectively interact with internal and external business partners • Ability to think strategically
- Understanding of complex automated system
- Familiarity with various technologies (Cloud SaaS, PaaS, IaaS, On Premise, package, custom, etc.)
CompuCom is committed to providing equal employment opportunities in all employment practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, citizenship status, marital status, age, disability, protected veteran status, sexual orientation or any other characteristic protected by law.