FLEX Associate Security Architect

About The Position

Requirements

• Bachelor's or master's degree in computer science, information systems, cybersecurity or a related field or equivalent experience/certification.
• 7+ years overall Information Technology experience with:
• 5+ years of Information Security experience in security engineering with experience in three or more of the following areas
• Conducting security reviews and identifying risks and gaps
• Performing security accreditations
• Developing security architectures and strategies
• Developing Enterprise security patterns
• Working with development teams and vendor teams for implementing compensating controls
• Experience in reviewing and developing Security Architectures and identifying security risks/gaps as well as mitigation strategies.
• Strong experience in APIs, integrations, and tokenization. This role requires SME level knowledge for these technologies.
• The security architect should have 3+ years combined experience in five or more of the following areas:
• Full-stack knowledge of IT infrastructure: Applications Databases Operating systems — Windows, Unix, and Linux IP networks — WAN and LAN Backup networks and media Containers/Kubernetes and microservices Cryptography and current cryptographic standards, including PKI
• Direct, hands-on experience or a strong working knowledge of vulnerability management tools
• Working knowledge of the OWASP Top 10

Nice To Haves

• Strong working knowledge of IT service management (e.g., ITIL-related disciplines): Change management Configuration management Asset management Incident management Problem management
• Ability to provide Security Requirements for areas including but not limited to; Cloud Computing, Application Development, IAM, Cryptography, and Infrastructure design and standards
• Ability to understand large complex integrated solutions and provide the security needed between systems
• Experience in developing Enterprise Security Strategies.
• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
• Experience designing the deployment of applications and infrastructure into internal, hybrid, and public cloud services
• Ability to conduct independent research
• Strong abilities and experience in documentation and written communication for diverse audiences
• Experience working with diverse and distributed global teams.
• Current information security certification(s), such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISC2 Certified Cloud Security Professional (CCSP), GIAC certifications, ITIL
• Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK & CAPAC, STRIDE, NIST 800-53, CIS Benchmarks, etc.
• Knowledge of securing technologies such as, but not limited to; SaaS services (i.e., O365, Salesforce), Application Design, Container Platforms (ie. Docker, Kubernetes), APIs, Serverless, Network Infrastructure, Operating Systems, Identity and Access Management
• Knowledge of SDLC (Waterfall/Agile), DevSecOps, and good understanding of the ITIL Framework
• Knowledge of SAFe Agile Methodologies
• Strong negotiating, influencing and problem resolution skills
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action

Responsibilities

• Contributes to, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements.
• Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.
• Defines strategy and roadmap, provides guidance, creates standards and guidelines, and reviews architectural designs.
• Ensures standards and guidelines incorporate legal and regulatory requirements.
• Conducts security and privacy technology research, assessments, and integration processes; provides and supports a prototype capability and/or evaluates its utility
• Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards
• Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain
• Applies knowledge of priorities to define an entity’s direction and identify programs or infrastructure that are required to achieve desired goals within domain of interest.
• Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements
• Works with the Security Architect Analysts to monitor ongoing project activities, intake of new projects and monitoring of the Security Engagement Process including but not limited to: Data Classification, Security Controls, Threat Models, Architecture Review Boards, Authority to Operate
• Managing Projects and Priorities
• Functions as a strategic senior technical expert within the department.
• Develops specific goals and plans to prioritize, organize, and accomplish work.
• Champions leaders’ vision for product and service delivery.
• Makes and executes the necessary decisions to keep moving forward toward achievement of goals.
• Provides direction and assistance to other teams regarding projects.
• Determines priorities, schedules, plans and necessary resources to promote completion of any projects on schedule.
• Analyzes information and evaluates results to choose the best solution and solve problems.
• Reviews vendor proposals and selects appropriate vendor for services/technologies/hardware.
• Thinks creatively and practically to develop, execute and implement new project plans.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Plans, develops, implements, and evaluates the quality of operations.
• Delivering on the Needs of Key Stakeholders
• Understands and meets the needs of key stakeholders.
• Communicates concepts in a clear and persuasive manner that is easy to understand.
• Demonstrates an understanding of business priorities.
• Supports achievement of performance goals, budget goals, team goals, etc.
• Providing Technical Support and Consultation
• Provides technical expertise and technical leadership within own and other teams.
• Provides recommendations to improve the effectiveness of processes and programs.
• Demonstrates advanced knowledge of job-relevant issues, products, systems, and processes.
• Demonstrates advanced knowledge of function-specific procedures.
• Applies knowledge/judgment to achieve business goals.
• Foresees, identifies and resolves problems.
• Keeps up-to-date technically and applies new knowledge to job.
• Performs other reasonable duties as required for this position.