Vacancy expired!
- Design, develop, review and implements security designs for new or existing technology system(s).
- Establishing and maintain trust relationships with the business and project teams through active engagement, clear accountability and expectations, and frequent communication.
- Collaborate with other teams and departments to fit security requirements with other constraints, such as business requirements or technology limitations.
- Provide business and project teams with cybersecurity expertise by participating in scoping, planning and executing cybersecurity related tasks.
- Provide feedback and approval for system and application designs and architectures as relates to adherence to security principles and company security policies, and develop a security risk management plan for noncompliance.
- Provide input on security requirements to be included in statements of work and other appropriate procurement documents.
- Create and maintain architecture design artifacts such as diagrams and documentation.
- Interpret output of activities such as penetration tests and application security scans, translating into actionable remediation requirements.
- Analyze current technology environment to identify deficiencies and recommending solutions, staying abreast of emerging security technologies and trends and apply them where appropriate.
- Educate and mentor project team members in areas of security best practice and company security policies.
- Coordinate with the Region Americas Security Operations Centers (RA SOC) to ensure new or modified solutions/systems are monitored continuously for security threats.
- Participate in the documentation process detailing the necessary monitoring processes, event analysis methodologies, response processes, communication requirements, and playbooks for incident response for the new or modified product/system/solution.
- Act as subject matter expert in case of a priority security incident(s).
- Analyze market and industry trends and adjust cybersecurity strategy accordingly.
- Maintain and expand knowledge of best practices and emerging threat landscape.
- 10+ years' experience in a combination of Security Architecture, Security Operations, Data Security and
- Auditing with at least 5 years of experience in Information Technology architecture, planning and execution in complex environments.
- Bachelor's Degree in Engineering/Programming, Computer Science, or related field or equivalent work experience- required
- Master's Degree in Engineering/Programming, Computer Science, or related field or equivalent work experience - desired
- Excellent verbal, written, and other interpersonal communication skills-ability to convey complex technical concepts effectively to a variety of audiences
- Ability to analyze processes, procedures, and architectures for information security for security implications
- Ability to communicate security designs, priorities, and concepts to working level and business level colleagues
- Solid analytical/problem solving skills with capability to identify solutions to unusual and complex problems.
- Proven experience in a multinational environment
- Outstanding team and collaboration skills
- Integration - joining people, processes or systems
- Ability to work independently with minimal supervision
- Ability to inform, educate, and influence managers and employees to support goals and initiatives problems.
- Excellent planning, organization, and time management skills.
- Certified Information Security System Professional (CISSP) certification or equivalent.
- Proven experience as a technical architect in multiple fields of IT (e.g. network, storage, server, client, web/application, cloud, etc.) with the ability to understand security best practices and implications across all fields.
- Hands-on experience implementing modern security architectures.
- Excellent knowledge of cybersecurity risk evaluations for applications and systems.
- Adept in translating security requirements into actionable controls and measures.
- Background in securing on-prem, cloud and hybrid systems in theory and practice, including secure architecture design concepts.
- Understanding of DevOps principles, "shift left" philosophy.
- Strong experience with common web application security concepts, such as the OWASP Top 10, and their practical implementation.
- Understanding of application development secure coding techniques.
- Experience with multi-factor authentication, single sign-on, identity federation, identity management and related technologies for both cloud and on-prem environments, and SaaS solutions.
- Experience with vulnerability management methodologies and implementations.
- Solid understand of intrusion detection and prevention solutions and techniques.
- Experience with encryption technology and industry best practices for practical implementation including Key Management (e.g. PKI, HSM, etc.)
- Security audit and assessment experience (e.g., ISO27001, NIST 800-53, etc.)
- Experience and knowledge with Internet protocols, (e.g., TCP/IP, UDP, DNS, SMTP, etc.)
- Experience with the design of systems across countries/geographic regions
- Experience in the automotive industry with specific expertise in securing those environments
- Strong understanding of investigation and breach best practices
- Software Development Life Cycle (SDLC) experience
- Strong knowledge in the following topics
- API security
- Containers, Kubernetes, OpenShift
- Big data analytics or data mining solutions (e.g., Apache Kafka, Apache Spark and databases like Apache Cassandra or Cloudera data lake)
- Security best practices with major platforms such as Microsoft O365, SAP Successfactors, SAP S/4HANA, and Salesforce.
- Working experience in using collaboration tools like confluence & JIRA
- Understanding of UX development strategies
- Understanding of native app development and deployment to iPhone and Android platforms
- Agile/SCRUM
- Knowledge of AEM, FeatureHub
- Knowledge of GraphQL and microservices
- Java, React, Node.js, Jenkins, GitHub
- Ability to travel as needed including international/overseas travel
- Flexibility regarding start time due to early morning conference calls
- Ability to support off-hour Incident Response in case of Priority 1 Security Incidents
Vacancy expired!