We are looking for a Senior Security Architect, one who is responsible for designing, building, testing and implementing security systems, across a large enterprise, its multiple offerings, and various lines of business.
The right candidate must thrive in high-pressure situations, thinking like both an attacker and defender, to drive engineering, development, and business teams to take the right actions in the right time frames to mitigate risks. They are expected to have a thorough understanding of complex IT systems and stay up to date with the latest security standards, systems and authentication protocols, as well as best practice security products
We are looking for an individual who can balance technical risks against business risks and consistently drive for the right results. A passion for engineering solutions to complex security challenges, recognize and fill gaps from a defense-in-depth perspective is essential.
The successful candidate will have a good mix of deep technical knowledge, a demonstrated background in Information Technology and Security and a keen understanding of policy. We value broad and deep technical knowledge, although having a specialization in three or more of these domains is desired: Cryptography, Network, Infrastructure, Open-Source Software, DevOps / CICD Pipelines, Virtualization, Cloud-Native Technologies, Application Security, Malware Analysis, Forensics, Security Operations, Incident Response, or an emerging technology are welcomed.
- Advise, Design, implement enterprise-class security systems for production environments, both internal and external to the company and its customers
- Review and compare current tools with emerging technologies to fine the best mix of performance, security, and cost across the platforms
- Align company standards, policies, frameworks and security management directives with overall business and technology strategy
- Identify and communicate current and emerging security threats
- Design security architecture elements to mitigate threats as they emerge
- Create solutions that balance business requirements with company information and the company's security standards
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation.
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Degree in Information Technology or any related field
- With more than 10 years of experience as an Architect (Software, Solutions, Network, Security, etc.)
- Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives for multiple lines of business
- Policy (ISO, NIST, CIS) and risk management experience required
- Data privacy and regulatory background is necessary (GDPR, Data Privacy, etc)
- Experience with Incident Response / Operations or addressing breaches, incidents
- Experience with forensic analysis
- Experience with C, Python, Java or Go a plus
- Experience with IBM Cloud, OpenStack, AWS, or similar proprietary cloud environments
- Experience with CICD and Development Pipelines
- Experience with Docker and Kubernetes a plus
- Experience with Agile design and Project Management methodologies
- Exceptional communication skills with diverse audiences - Strong critical thinking, analytical skills and empathy
Carolyn Ann Santibanez Mendoza EA License No. 02C3423 Personnel Registration No. R1105160