Security Architect (Hybrid)

Job Description

• Security Architecture and Design
  • Ensure security architecture provides secure software development, data protection, cryptography, key management, Identity and Access Management (IAM), network security (VPNs), and containerization within colocation services as well as SaaS, IaaS, PaaS, and other cloud environments.
  • Architect security processes and procedures for cloud environments, cloud-based services, DevOps, Microservices, Mobile Applications, Portals, and APIs.
  • Design security architecture elements to mitigate threats.
  • Assess and enforce cloud security and governance tools, Cloud Access Security Brokers (CASBs), and secure server virtualization technologies.
  • Perform security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks.
  • Evaluate and enforce common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, SAML, Ping, Okta, etc) and key management (Safenet, Vormetric, other).
  • Validate and improve Secure Development Lifecycle and global regulatory compliance.
  • Architect, validate and improve perimeter security controls firewall, IDS/IPS, network access control and network segmentation including router, switch, VLAN, and wireless security.
  • Network security architecture development and tokenization along with DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies.
  • Create solutions that align enterprise security architecture frameworks and standards (e.g. SABSA, NIST 800-53, ISO 27002) with overall business and security strategy.
  • Complete other duties as assigned.

• Security & Risk Assessments and Resolutions
  • Perform security assessments, identify gaps in existing security architecture, and recommend changes or improvements.
  • Participate in risk assessments for new technologies and business projects.
  • Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies.
  • Evaluate Third Party Service Providers (TPSPs) auditing and cloud risk assessment methodologies.
  • Track risks and their severities to help resolve security and vulnerability items or incidences.
  • Contingency planning and operational continuity in the face of an attack.
  • Work alongside with Risk Management and Security Operations teams to investigate and mitigate potential bypass and exploit techniques.
  • Evaluate and vet TPSPs cybersecurity.

• Collaboration
  • Work within the security team to develop and maintain our security posture.
  • Efficiently and effectively evaluate and communicate enterprise security posture to the Chief Architect, Enterprise Architect, and other Value Stream Architects.
  • Collaborate with SAI team, managers, and leads to define and drive security architecture roadmap, upgrades, transformation, and migration.
  • Work with other architects to maintain, execute, and prioritize security features and identify/resolve security risks.
  • Collaborate with cross-functional teams to ensure that applications, products, tools, solutions, and services are in adherence to security best practices and policies.
  • Maintain relationships with key TPSPs. Participate in negotiations with the security product providers as a subject matter expert.
  • Collaborate closely with infrastructure architect to identify upcoming changes and security requirements.

• Architecture Processes & Governance
  • Ensures architectural governance adherence, enterprise security technology adaptation, and security policy advancements.
  • Evolve security architecture, governance, processes, and maturity model.
  • Participate in evaluating the success of the project, best practices, and lessons learned.
  • Actively participate in architecture review sessions with the SAI team.

• Knowledge of computer networking concepts and protocols (e.g. TCP/IP, DNS) and network security methodologies
• Knowledge of industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, SAML, Ping, Okta, etc) and key management (Safenet, Vormetric, other)
• Ability to test and automate the security testing of multiple internal and/or external systems and the integration between them (Example: Web server, databases, CRM, ERP, Application server)
• Capability to develop threat models and design reviews assessing security implications and requirements of new technologies
• Familiarity with ISO 27001/27002, ITIL and COBIT frameworks. Cloud security architecture related certifications or any of the CISS, CISSP-ISSAP, CISM, CEH, CSSA, and GIAC Security certification
  .

• Bachelor's or Master's degree in Computer Science, Engineering or related field
• 10+ years overall industry experience and 5+ years as a SA
• Experience in designing security architectures to mitigate threats and identifying gaps in existing architectures
• Extensive experience with Firewalls, ACLs, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, CASB, Secure Proxies, encryption and SSL crypto solutions
• Experience architecting multi-factor authentication, authorization, and encryption/ decryption standards. Integrated IAM and performed entitlement engineering under the influence of Cloud environments (IaaS, SaaS, and PaaS)
• Strong communication and interpersonal skills to collaborate with cross-functional teams, perform reviews to identify and resolve vulnerabilities, and provide recommendations
• Strong analytical and problem-solving skills capable of managing projects that drive business objectives
• Exceptional written, oral, and interpersonal communication skills
• Solid understanding of a range of compliance, regulatory and legal requirements and relevant principles, best practices and standards across insurance industry
• Ability to meet tight deadlines and to prioritize tasks