DevSecOps Security Architect Perm role job vacancy

Vacancy expired!

DevSecOps Security Architect Perm role

Location: Chicago, IL

Position SummaryThe DevSecOps Security Architect provides accountability for the security of the technical solutions from the Modern Engineering Center of Excellence to ensure that the new technology, processes, and ways of working within IT align with IT strategy, increase the client security posture, and drive higher quality products. Modern Engineering is FHLBC’s adoption of DevSecOps processes and tools. The DevSecOps Security Architect is responsible for the technical thought leadership surrounding security considerations of modern product development technology and supporting processes across FHLBC. Primary responsibilities include developing security architecture, code and designs for Modern Engineering solutions (including SAST, DAST, RASP, CI/CD, IaC, immutability, and automated testing), consulting across the FHLBC organization on implementation of security solutions, and training IT to adopt continuous security principles. The ability to build collaborative stakeholder relationships is a must.

DutiesServe as security authority for IT on the Modern Engineering solutions; responsible for developing "security first" strategy and evangelizing cloud and application security best practicesServe as subject matter expert for security and tooling landscape; stay current on market trends and researchDesign and implement architecture of security solutions in accordance with IT strategy and leading practices from industry including AWS Well-Architected FrameworkWork directly with business and IT technology owners to understand security requirements, complexities, and implementation strategiesDefine, develop, and validate RBAC security configurations when applicable to Modern Engineering platforms and environmentsConsult with all levels of the organization, including executive leadership, to provide direction for security practices and controls; this includes areas of application security, cloud security, DevOps, compliance, and organizational strategyEngage and consult with other client Security leadership including Information Security, Security Advisory & Analytics, and IT Risk & Compliance to define Security Standards and Procedures and integrate security considerations within the software development lifecycleDefine, review, and implement Modern Engineering cloud-specific Security Standards, Procedures, and GuidelinesEngage and consult with the CoE and IT Delivery Teams to review their architecture and security checkpoints, perform gap analyses, implement proof-of-concepts, present findings and recommendations, and automate implementationConsult on application development projects to assess security requirements and controls, and to ensure that security controls are implemented as plannedEvaluate the benefits and risks of a solution’s security posture and identify implementation strategies to enhance security postureReview and approve Modern Engineering architecture and designs for security posture; to enforce security requirements and address identified risksProvide oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, tracking progress, and providing status and updates to the enterprise Risk team for reporting purposesParticipate in evaluating security requirements of third-party tools or SaaS SolutionsConsult on and evangelize the behavior change and mindset shifts required of people resources to implement new architecture and processesPartner with other CoE members and HR to account for effort associated with culture change as part of implementation strategiesModel desired culture including open knowledge sharing, proactive cross-functional collaboration, and adaptive learning via continuous improvementEducate stakeholders from the business and IT on security solutions and how to best leverage the Modern Engineering solutions and processes to enhance the FHLBC security postureDevelop project case studies, training materials and technical guidance on how to “shift left” on security implementation for teams within FHLBCAssist with estimating work efforts required for each phase of a projectLead and coordinate technical reviews (architectural, security, compliance, etc.)Implement key performance indicators (KPI) to monitor process health and service metrics

RequirementsBachelor’s Degree or equivalent experience required. Computer Science, Computer Information Systems or related field preferredCertification from leading vulnerability management frameworks (e.g., SANS, CISSP, OSCP) preferred10+ years of security experience including implementation of security controls for applications, cloud, and/or DevOps5+ years of software engineering experience requiredAudit, compliance, and governance experience preferredKnowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plansKnowledge of common information security management frameworks, such as ITIL and COBIT frameworksIn-depth knowledge of risk assessment methods and technologiesIn-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controlsSkilled in performing risk, business impact, control, and vulnerability assessments

Knowledge, Skills, Abilities And BehaviorsProven experience with AWS cloud security best practices (e.g., IAM, WAF, KMS)Subject matter expertise in security domains, with knowledge pertaining to the majority of these topics: AppSec (OWASP Top10, SANS Top 25), Defense-in-depth, Risk assessment and management, Network topology and security, Network Infrastructure - securing network devices, Network protocols, Virtualization, Intrusion Detection, Intrusion Prevention, Logging, SIEM, Social Engineering, Security policy related to business continuity planning and contingency planning, Incident handling process, Opsec, Data classification, DRM, Pentesting, Vulnerability Analysis, Secure communications including encryption and cipher suites, Linux and Windows securityStrong analytical skills to analyze security requirements and relate them to appropriate security controlsExperience in performing web application and infrastructure penetration security test and threat modelingExperience collaborating across multiple functional/technical teams to deliver a projectAbility to communicate with customers on a business level and translate their needs into a technical solutionAbility to adapt to organizational change and advocate for the required culture change within the organizationStrong emotional intelligence to identify the behavioral and cultural indicators to team effectivenessConsultative, collaborative approach to solving complex problems, with customer service skillsPassionate about developing the skills of team members through technical and professional mentoringCapable of leading by role or influence, as well as working independentlyStrong communications skills, both oral and written, appropriate for a broad range including business stakeholders and end users, executive leadership, and third-party vendorsDemonstrated growth mindset, enthusiastic about learning new technologies quickly and applying the gained knowledge to address business problemsSelf-starter; ability to proactively define work and deliver results. For more details please contact:Bharath Kumar

Vacancy expired!

ID	#19723224
State	Illinois
City	Chicago
Job type	Permanent
Salary	USD Depends on Experience Depends on Experience
Source	Marlabs, Inc
Showed	2021-09-16
Date	2021-09-14
Deadline	2021-11-12
Category	Security
Create resume

Job Details

DevSecOps Security Architect Perm role

Related jobs

»Unarmed Security Officer

»Unarmed and Armed Security

»Unarmed Security Officer

»NOW HIRING SECURITY OFFICERS - CHICAGOLAND AREA! UP TO $20.04/HR!

»SECURITY - CERTIED POLICE OFFICER WANTED - $50/Hour

»Looking for Security officers will train.

»Security Officer $275/day