Security Architect

Hertz•Atlanta, GA

About The Position

The Security Architect is a key member of the Hertz Global Information Security & Compliance organization. This is a lead role for maintaining a cyber security architecture program, standards, and security technology effectiveness. The role involves consulting on security for all Hertz technology projects, identifying risks, and contributing to the architecture of each project.

Requirements

Bachelor's degree in computer science, MIS, or related field or equivalent experience.
7+ years of Information Security experience required, preferably in a global Fortune 500 corporation.
Applied knowledge of multiple security architectures to include cloud security.
Experience with the Network Security architecture methodologies.
Experience with STRIDE threat assessment methodologies.
Experience with a wide range of enterprise common security platforms, endpoint security, vulnerability management, etc.
Experience with network analysis tools.
Experience with edge security tools such as Imperva, Zscaler, and AWS WAF
Experience with securing cloud technology such as AWS
Experience using security tools such as Wiz.io
Experience automating processes using cloud tools such as AWS Lambda
Experience scripting in python, PowerShell, etc.
Deep expertise in security architecture.
Capable of working under pressure in a continually changing fast paced environment.
Ability to effectively collaborate with stakeholders across a global environment.
Strong written and verbal communication skills.
Strong analytical and problem-solving skills.
Ability to influence
Flexible and adaptable; ability to work effectively in ambiguous situations
Excellent verbal and written communication skills
Results driven, ability to make decisions and help solve problems
Ability to work under minimal supervision with a goal-oriented mindset.
Ability to see the big picture and leverage critical thinking and decision-making skills.
Excellent organization, time management, delegation, and prioritization skills.

Nice To Haves

Certifications desired: AWS Solutions Architect, AWS Security Specialty, Certified Information Systems Security Professional, (CISSP) Certified Ethical Hacker, (CEH) GIAC Security Essentials Certifications, GIAC Certified Intrusion Analyst, Global Information Assurance Certification.

Responsibilities

Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with cloud, business, technology, and threat drivers.
Develops security strategy plans and roadmaps based on sound enterprise architecture practices.
Creates and maintains security architecture artifacts (i.e., threat models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
Determines baseline security configuration standards for operating systems (i.e., CSPM, OS hardening) network segmentation.
Develop strategy for monitoring and managing Hertz external attack surface.
Develops standards and practices for data encryption and tokenization within Hertz, based on data classification criteria.
Drafts security procedures and standards to be reviewed by executive management and/or formally authorized by the Chief Information Security Officer.
Establishes a taxonomy of indicators of compromise (IOC’s) and shares this detail across the Hertz Cyber Security and Compliance organization, as well as counterparts within the Technology organization.
Tracks developments and changes in the Hertz digital business and threat environments to ensure they are adequately addressed in security strategy plans and architecture artifacts.
Validates IT infrastructure and other reference architectures for security best practices and recommends changes to enhance security and reduce risks, where applicable.
Validates security configurations and access to security infrastructure tools, including firewalls, IPS, WAF, and endpoint protection systems.
Conducts and participates in threat modeling of services and applications that tie to the risk and data associated with the service or application.
Coordinates with legal and compliance teams to document data flows of sensitive information within Hertz and recommends controls to ensure that this data is adequately secured.
Reviews security technologies, tools, and services, and makes recommendations to the broader security team for their use, based on security, financial, and operational metrics.
Liaises with other security architects and security practitioners to share best practices and insights.
Partners with internal audit to review and evaluate the design and operational effectiveness of security-related controls.
Drive optimal cyber security services to complete resolution according to security SLA’s.
Handle all private information with discretion and keep sensitive information private.
Partners with the enterprise architecture team to ensure all architectural artifacts are aligned with Hertz enterprise architecture strategies.
Excellent teamwork competencies, seeks out opportunities to partner with all stakeholders.
Mentors' junior security staff.