Description:
What you will do
- Responsible for aligning and translating business requirements into secure solutions, reviewing technical architectures for applications and products to ensure they meet security standards and creating reference architectures that can be leveraged by technology functions across the firm to develop secure solutions in a multi-cloud environment.
- Perform assessment of existing platforms and processes to understand limitations and weaknesses to identify security challenges and identify opportunities for efficiencies, as well as for improvements in security controls
- Build secure architectures in Azure, AWS or GCP for defined workloads
- Participate and provide guidance in the design, development and delivery of technical security solutions that aligns to industry standards and business goals.
- Act as a subject matter expert in areas pertaining to DevSecOps and Cloud technology security with responsibilities to coach other members of the broader Technology Architecture function with ITS.
- Develop and maintain security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
- Provide analytical and technical security recommendations to other team members and stakeholders and identify requirements based upon need or as the result of a security issue that puts organizations systems at risk
- Conduct code reviews of applications to determine security flaws or other issues that would impact the confidentiality, integrity, or availability of the software.
- Coordinate with DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices to the Sr. Manager of Security or CISO
- Configure and implement cloud security services, including identity and access management, detective controls, infrastructure protection, and data protection.
- Analyzing requirements for security tools and technology (SIEM, Endpoint Protection, Vulnerability Management, DLP, other).
What you bring to the role
- 5+ years' experience with architecting, designing, and implementing cybersecurity systems, solutions, and tools for on-premises with 2 years of experience in cloud environments.
- Bachelor's or master's degree in Information Technology, Computer Science, or a related work experience, or equivalent.
- Previous security experience in a consultancy role collaborating with internal ITS teams as well as business teams.
- Understanding of information security standards (e.g., ISO, PCI DSS, NIST CSF etc.), rules and regulations related to information security and data protection.
- Experience interpreting business, technology, and threat drivers, and develop practical security roadmaps to deal with these drivers.
- Experience in developing DevSecOps practices while focusing on securing open systems solutions.
- Experience with application security, experience with application integration, secured apps, embedding security with CI/CD pipelines, secure coding practices exposure, ability to run pen test.
- Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
- Full-stack knowledge of IT infrastructure:
- Applications
- Operating systems (Windows & Linux)
- IP networks (WAN, LAN)
- Experience designing the deployment of applications and infrastructure into public cloud services (Microsoft Azure).
- Experience in building cloud architecture with Azure, using Azure Resource Manager, Azure IaaS, PaaS offerings
- Experience and understanding of Infrastructure as Code, Automation, and Orchestration
- Some out of hours support maybe required.
- The ideal candidate will maintain one or more of the following certifications
- CISSP
- ISSAP
- Microsoft Azure Security Technologies Certification
- Azure Solutions Architect Expert Certification
- CISM
- CISA
- CCSP