Perform architecture security reviews and provide defense in depth controls and consulting on securing SaaS, PaaS, or IaaS cloud services.
Collaborate with other Security Architects on design, develop, research, and implement security architectures and process enhancements.
Lead security initiatives and principles toward adoption within the organization.
Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies, services, solutions, and knowledge of security industry best-practices.
Working knowledge of information security controls, guidelines, and standards (e.g., ISO27000 series, OWASP, CSA CCM, CIS 20 Critical Security Controls, SOC 2, and NIST).
Experience with a range of security technologies, processes and tooling around vulnerability management, container security, web application security, secure network design, identity and access management, database security, authentication methods, logging, security testing, cryptography, secure storage design, and data protection.
Professional experience with modern technologies such as public and hybrid cloud (IBM, AWS, GCP, Azure, etc.), containerization and orchestration (Kubernetes), & microservice architectures.
Optional skills
Experience on patching and benchmarking (CIS L1 for example) automation via in-house scripting or enterprise tooling.
Experience as an admin or superuser on Security Tools such as: SIEMs, SOAR platforms, vulnerability scanning, DAST, SAST, Privileged ID mgmt., AuthZ solutions, enterprise logging analysis, EDR, any zero trust tools (otherwise known as trusted execution or application whitelisting).
Experience with provisioning & provision automation in AWS, Azure, IBM Cloud, Oracle, or Google Cloud (experience can be with compute nodes, storage, database, any of the “as a Service” offerings, integration with on-prem systems for Hybrid cloud, or bare metal systems).
Red Team (White hat) pen tester team experience (Kali, Cobalt Strike, Nmap, BurpSuite, etc.).
Experience with secure coding practices and testing to prevent and avoid attacks, such as, http state handling, XSS, OWASP Top 10 risks/vulnerabilities/solutions and frameworks, etc.
Proficient in software design and at least one or more programming languages (Python preferred with 2-4 years of experience).
Technical expertise throughout the software development lifecycle including design, implementation, and delivery (DevOps processes in a Cloud environment).
Preferred Technical and Professional Expertise
Bachelor’s or master’s degree in computer science, information security or a related field; professional certification (e.g., CISSP, CCSP).
FedRAMP experience or knowledge.
Soft skills – excellent written and verbal communication, explaining vulnerabilities, writing internal guidance documents, coordinating with other teams.
10 years’ experience with Security Architecture and/or Engineering required.