Senior Data & AI Platform Cloud Security Architect

About The Position

Requirements

• 5+ years of IT implementation experience (Highly technical and analytical)
• 5+ years of experience in IT security, compliance and risk management, including privacy, controls, cyber security, cloud technologies or secure system design
• 5+ years technical expertise in Security Architecture, automation, integration, and deployment (DevSecOps)

Nice To Haves

• 7+ years’ experience in IT security, compliance, and risk management, including privacy, controls, etc.
• Proven ability to deliver application and infrastructure security solutions in a multi-cloud environment
• DevSecOps automation best practices
• DFARS/FedRAMP/ITAR NIST Cybersecurity Framework ISO 27001
• Security Development Lifecycle
• AWS/Azure/GCP Security services
• Cloud Security monitoring process
• Certificate Management
• Threat modeling (STRIDE)
• Web Application Security (OWASP)
• Dynamic and Static Application Security Testing (DAST & SAST)
• Software Composition Analysis
• Experience developing and deploying tools and mechanisms to prevent security attacks on AI systems like data poisoning, model inversion and other adversarial attacks
• Strong verbal and written communications skills and ability to lead effectively across organizations
• Proven experience leading a globally distributed team
• Proven experience to research, advise, compare and recommend technology solutions; ability to demonstrate and maintain method of keeping current on new technologies

Responsibilities

• Collaborate with stakeholders, software architects, and DevOps teams to design and implement security solutions for cloud-based systems with an emphasis on Azure.
• Develop and maintain a comprehensive understanding of the organization's cloud infrastructure, applications, and data flows.
• Design, develop and implement secure patterns to aid the transformation of our estate to cloud first.
• Drive adoption of DevSecOps practices into the software engineering organization by working directly with teams on implementation.
• Develops and leads implementation of strong preventative and corrective data and information security controls for both data at rest and in motion.
• Code security elements of GitOps managed cloud landing zones and DevOps pipelines.
• Partner with our policy as code team to define and enforce cloud security policies, standards, and best practices to ensure compliance with industry regulations and internal security requirements.
• Lead threat modelling and risk assessments to identify potential security threats and vulnerabilities. Develop and execute strategies to mitigate and address these risks.
• Evaluate and recommend security tools, technologies, and services that enhance our cloud security posture.
• Collaborate with development teams to ensure secure coding practices, vulnerability assessments, and regular security testing.
• Lead security awareness training and education initiatives to ensure developers and application teams are familiar and competent in secure-by-design methodologies.
• Partner with development and platform communities to facilitate community steering of enterprise security roadmap.
• Stay up-to-date with emerging cloud security threats, vulnerabilities, and best practices, and apply this knowledge to continuously enhance our security strategies.
• Provide effective communication to business and technical community on security architecture topics.
• Perform security tool evaluations and make recommendations for adoption.

Benefits

• At Boeing, we strive to deliver a Total Rewards package that will attract, engage, and retain the top talent.
• Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.
• The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.