Lead Information Security Architect

About The Position

Requirements

• Able to create AWS secure cloud architecture designs
• Understand current security threats, techniques, and landscape
• System threat modeling of applications and platforms
• Able to identify and provide mitigation for security vulnerabilities within applications and application environments based on threat models.
• Able to simplify complex security topics for consumption and critical decision making.
• Clear and accurate communication
• Able to lead/direct discussions with technical and business teams to achieve common goals.
• Able to work well within a team and support team goals
• Understand cyber security frameworks such as NIST 800-53
• Ability to work on a geographically distributed team across multiple time zones
• Self-starter, able to readily explore and learn new areas and concepts.
• Knowledge and experience normally acquired through, or equivalent to, the completion of a Computer Science or Computer Engineering Bachelor's degree with a minimum of 5 years of job-related experience.

Nice To Haves

• Experience with AWS commercial or government cloud
• Experience securing critical workloads in a cloud environment.
• Knowledge and experience with Databricks, Starburst, Collibra and Immuta is advantageous.
• Degrees in Computer Science or Engineering and/or relevant technically focused certifications in Cloud and/or enterprise security architecture such as GCAD or GDSA are advantageous
• Familiarity with SAFe a plus

Responsibilities

• Evolve and mature our models, templates, standards and procedures related to secure application development and secure application and cloud architecture.
• Ensure these artifacts are in alignment with policy and standards.
• Consult with our development teams to help them align with policy and standards and meet the risk appetite of the customer.
• Work with members of application development teams to review and create secure application and infrastructure designs and patterns.
• Assist development teams by reviewing threat models related to applications and related systems.
• Analyze potential business impact and exposure leading to risk, based on emerging security threats, vulnerabilities, configurations, threat actor TTPs, etc.
• Evaluate CICD pipeline design, and related development team processes and help to mature and secure creation, management and utilization of pipelines.
• Assist in identification and integration of security focused tooling into development and operations processes.
• Support secure application architecture within the System by fostering constructive dialogue and seeking resolution when confronted with discordant views.
• Solicit feedback and continuously improve your knowledge, skills and capabilities related to the position.
• Assist with recruiting activities and administrative work.