Lead, Security Architect

About The Position

Requirements

• Bachelor's degree and experience in information security, or an equivalent combination of education and work experience
• Excellent consultative and communication skills, and the ability to work effectively with clients, partners, and IT management and staff
• Six years of industry experience with a combination of mainstream Information Security role and application development is preferred
• CISSP, CISM, or Security+ certification preferred
• Strong collaboration skills and analytical ability
• Deep knowledge of application or infrastructure systems architecture, usually having experience with multiple system technologies

Nice To Haves

• Experience related to application development and DevOps
• Very good understanding of CI/CD pipeline and secure application development methodologies
• Experience with security tools related to DevSecOps- SAST, DAST, IAST
• In-depth knowledge of various cybersecurity frameworks, standards, and SSDLC
• Experience related to vulnerability management is a big plus
• Knowledge related to OWASP top vulnerabilities and knowledge related to MITRE framework
• Knowledge related to WAF, App Proxy, and CDN
• Very good understanding of zero-trust architecture and working experience with relevant tools/technologies
• Good understanding related to IPS/IDS, Network load balancer, firewalls, Z-Scaler, and networking technologies
• Knowledge related to AI/ML, DevSecOps, CI/CD Pipeline, IaC, and relevant tools
• Experience in dealing with threat vectors and developing relevant plans to protect the organization from cyber threats
• Lead the security architecture reviews and provide analysis with observations and findings
• Experience in providing security consultation to application teams
• Knowledge of network architecture concepts including topology, protocols, and components
• Understanding related to SEIM and experience related to Microsoft Defender, Entra, KQL, APIM, endpoint protection, scripting, CoPilot
• Knowledge related to Privilege access management, Threat hunting, data protection, encryption, Authentication/Authorization, Vulnerability management systems, Cloud Security Posture Management
• Very good understanding of concepts related to docker, container, serverless computing, and Kubernetes
• Must be able to represent the security architecture team in technical discussions and drive towards deliverables with minimal guidance

Responsibilities

• Serve as subject matter expert in Application Security Architecture space
• Partner with Application teams and provide consultation that can help secure their CI/CD implementation
• Provide security architecture guidance in selection of appropriate tools as an SME in DevSecOps space
• Provide security guidance that can help accelerate the application migrations to cloud
• Ensure 'secure by design' principles are followed as applications are modernized
• Carry out complex initiatives involving multiple disciplines and/or ambiguous projects
• Evaluate and select from existing and emerging technologies those options best fitting business/project needs
• Promote sharing of expertise through consulting, presentations, and documentation
• Understand decision process issues of technology choice, such as design, data security, client server communication
• Guide the development, specification, and communication of application or infrastructure architectures used by multiple business or application systems

Benefits

• Comprehensive benefits package including retirement benefits (401k and pension)
• Health and welfare benefits (medical, dental, vision, spending accounts and disability)
• Paid time off
• Parental and caregiver leave
• Life & accident insurance
• Other voluntary and well-being benefits
• Discretionary bonus program that may include an equity component