Senior Security Architect

Location: Corporate Internal Audit
Unit Name: IT Security & Compliance
Unit Code: 9FI9SY06
Hourly Rate (if applicable):

Summary:

The Senior Security Architect is responsible for information security guidance during the design and implementation of solutions and services across the business and IT support areas, driving the successful configuration and implementation of IT/Security solutions to reduce risk to an acceptable level for the company. Duties will include, but are not limited to, providing support to internal and external teams to define and develop secure architecture and solutions for projects and business solutions, conduct discovery sessions to gain the necessary background and review findings to ensure sustained compliance, remediation of control gaps, and escalation of possible critical issues to senior management.

The Senior Security Architect will also identify areas of potential improvement for key processes and procedures and define strategies for achieving reductions in work effort and costs related to compliance efforts. Additional responsibilities include working with various business owners in implementing, executing, and monitoring IT related logical access and IT operations. This is a management position and typically reports to the Sr Dir IT Security & Compliance.

Essential Functions:

• Determines security requirements by evaluating business strategies and requirements; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates. Plans delivery of solutions and addresses technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members; serving as team technical lead.
• Plans security systems and adheres to industry standards by evaluating network and security technologies; developing requirements for networks, routers, firewalls, software defined networking (SDN) and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; attends client and internal status meetings and performs reporting.
• Follows emerging security practices and standards and maintains security by monitoring and ensuring compliance to standards, policies, and procedures such as FISMA, NIST 800-53, PCI and ISO27001; conducting incident response analyses; develops and conducts training; participates in educational and networking opportunities; recommends security best practices and standards; reviews and update Security Policies and Procedures on an on-going basis
• Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation.
• Verifies security systems by developing and implementing test scripts using technologies such as Python, Microsoft PowerShell, .NET, etc.
• Produces gap analysis documentation to identify any gaps between specific technical security requirements and the architecture of the system and provide detailed technical recommendations on appropriate mitigation measures. Identifies and prepares system security reports and metrics by collecting, analyzing, and summarizing data and trends using statistical tools.
• Enhance organization reputation and vendor relations through participation in security conferences, including delivering presentations.
• Performs OS hardening reviews (Windows/Linux/UNIX) and recommendations; as well secure coding reviews of in-house applications written in programming languages such as Objective-C (Apple iOS) and Java (Android) and reviews Cisco Catalyst switch, Cisco Nexus router, and WatchGuard firewall configurations
• Evaluates security of cloud hosted solutions, such as applications residing in Amazon Web Services (AWS) or Microsoft Azure cloud environments.
• Verifies security controls through internal penetration testing (pen testing) and develops forensic capability on the team via tools, process and training.

Minimum Qualifications, Knowledge, Skills, and Work Environment:

• Requires a Master’s degree in Cyber Security or related field
• Requires 7-10 years of experience programming/analysis level with Information Security.
• Requires (ISC) 2 Certified Information Systems Security Professional (CISSP), ISACA Certified Information Systems Manager (CISM) or SANS GIAC Certification (GSEC, GCIH), EC-Council Certified Ethical Hacker (CEH), CompTIA CASP or other certifications.
• Requires a working knowledge of common enterprise Linux distributions such as the Community Enterprise Operating System (CentOS) and Red Hat Enterprise Linux (RHEL).
• Requires working knowledge of the OSI model for computer networks, network operation, and common network protocols such as TCP/IP, 802.1q VLANs, OTV, Port Security, EIGRP, BGP, etc.
• Requires working knowledge of information security solutions; e.g., vulnerability management (Rapid7 Nexpose, Tenable Nessus), IDS/IPS (Sourcefire Snort), log management (using Syslog, Splunk Enterprise Security, or QRadar SIEM) and all security controls in scope for both PCI compliance and general information security.
• Requires a track record of building collaborative partnerships with team, customers, client stake-holders while setting and managing expectations and acting as department liaison
• Requires ability to apply expertise in developing conceptual, logical, and technical security architecture artifacts, knowledge of a variety of hardware and software security capabilities and features, and an ability to resolve security and non-security requirement conflicts.
• Requires familiarity with common vulnerabilities (e.g. OWASP Top 10) and attack vectors (e.g. MITRE ATT&CK).
• Requires knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common protocols (RADIUS, LDAP, Active Directory, KERBEROS, SAML, etc.).
• Requires knowledge and experience with PCI and emerging Personal Information Privacy Laws.
• Experience with U.S. Federal Government ISSO is a plus – familiar with PII, HIPAA, PHI, FISMA, FEDRAMP, NIST guidelines, etc.
• Requires strong knowledge of security as applied to virtualized infrastructure including VMware vSphere ESXi hypervisor, Citrix Xen / XenServer, and Microsoft Hyper-V.
• Requires knowledge of virtual networking technologies including VMware Distributed vSwitches (dvSwitch) and Cisco Nexus 1000v virtual switches.
• Requires familiarity with Mobile Device Management (MDM) to effectively manage and secure Google Android and Apple iOS devices.
• Requires experience with common Information Security tools such as Backtrack, Kali Linux, Metasploit, Wireshark, Nmap, THC Hydra, etc.
• Requires knowledge of common relational databases such as IBM DB2, Oracle Database 12c, Microsoft SQL Server, Oracle MySQL, PostgreSQL, and MariaDB. Demonstrated ability to review code for proper data sanitization, input validation, and SQL injection flaws.
• Requires experience working with development teams to build secure solutions
• Requires experience breaking down complex systems and applications to find flaws.
• Requires demonstrated ability to make and take responsibility for decisions on major technical issues.
• Requires knowledge of common web application and mobile frameworks.
• Requires solid understanding of secure network and system design.
• Requires experience providing technical guidance to help assist with adherence to industry best practices.
• Requires experience with internal and external audits.
• Requires experience in hands-on technical security control architecture and design, information security solution engineering, security technology implementation, and security service delivery role, including in-depth hands-on experience in complex enterprise architectures lock downs.
• Requires ability to analyze malware.
• Requires willingness and proven ability to quickly learn new technologies and applications.
• Requires ability to communicate complicated technical issues and the risks they pose to R&D programmers, network engineers, system administrators and management.
• Requires excellent communication skills, ability to multitask and complete assigned projects with minimal oversight

Equal Opportunity Employer (EOE)
Minority/Female/Disabled/Veteran (M/F/D/V)
Drug Free Workplace (DFW)