Being the cybersecurity partner of choice, protecting our digital way of life.
Your Impact
- Work alongside the engineering teams, providing expert guidance, leadership, and advice on secure architecture, design, and implementation
- Help proactively assess security risk through a deep understanding of current and future states of our products and services, threat modeling, requirements, architecture, design, and implementation reviews
- Develop security architecture standards, frameworks, guidelines, and design patterns spanning all layers of security in the cloud from the host, server, and network to application and data security
- Provide recommendations and implementation guidance for high-security and high-availability applications
- Identify opportunities for security tooling and automation with the goal of translating security standards into Policy-as-Code (PaC) and Infrastructure-as-Code (IaC) that is secure by default
- Lead with code, automation, and data in everything you do
- Review and enhance security policies and operational procedures that provide continuous security for our products
- Ensure security standard methodologies are identified and integrated into all facets of projects including network, system designs/configuration, and implementations
- Use tools and experience to review architecture and deployments and identify misconfigurations and vulnerabilities in cloud environments
- Make recommendations on secure integration strategies, global enterprise architectures, and application infrastructure based on best practices
- Analyze business impact and risks based on emerging security threats and vulnerabilities, recommend mitigating solutions
- Partner with internal teams to ensure the success of security and compliance programs aligned with client expectations and regulatory requirements
Your Experience
- 4+ years of experience in Security Architecture, application security, threat modeling, security assessments, and security reviews
- Fluent in communicating technical security risks and security architecture impact to business leaders
- Excellent team player, experience in Agile methodology while achieving common ground with the team in proposing pragmatic solutions - Ability to collaborate across organizational boundaries, and cross-functional teams, build relationships, and achieve broader organizational goals
- Comfortable in navigating ambiguity and the ability to decide on a working solution - Constantly executing on solving problems with incremental improvements
- The ability to conduct decomposition, analysis, and high-level threat modeling of applications and systems - Capability to prioritize the high-risk threats based on experience and the current threat landscape
- Thorough understanding of computer networking, routing, cryptography, and protocols
- Working knowledge and experience with the phases of the Secure Software Development Lifecycle (S-SDLC)
- Working knowledge and experience with IT security and privacy risk assessments, as well as mapping of security controls
- Working knowledge and experience with structured secure enterprise architecture practices, large-scale web applications, and cloud environments
- Knowledge and experience working with virtual machines and containers (Docker, Kubernetes)
- Working knowledge of infrastructure and application security concepts including firewalls, network security, intrusion detection/prevention systems (IDS/NIPS), application security, microservices security, password management, secrets management, access provisioning, IAM, RBAC, ABAC, endpoint security, SIEM, and OWASP
- Knowledge and experience with common vulnerability scanning and penetration testing tools
- Knowledge of common computer security issues, including systems, network, and application vulnerabilities
- Experience in selecting, operating, and rationalizing security tooling for common security processes, including CSPMs, vulnerability scanners, etc.
- Working knowledge and experience in devising and creating security architecture design patterns and security guidelines
- Working knowledge and experience in threat modeling, security reviews, and Infrastructure-as-Code to identify security flaws and propose actionable mitigations
- Working knowledge and experience in Mitre ATT&CK, Mitre CAPEC, Mitre CWE, HITRUST Threat Catalog, Security Technical Implementation Guides (STIGs), OWASP
- Eagerness to research and learn the state of the art in securing applications and systems for continuous improvement
- Bachelor's degree from four-year college or university or equivalent training, education, and experience in information / cyber security, computer systems, IT, etc. or equivalent military experience required
All your information will be kept confidential according to EEO guidelines.