Tuesday, June 27, 2017

Security Architect

Position: Security Architect
Client: Pharmacyclics
Duration: Full Time & Permanent
Location: Sunnyvale, CA

Job Description:
Required Experience:

The Security Architect will be responsible for strategy, architecture, and security technology evaluations leveraging a deep comprehension of general information technology and a thorough understanding of the Firm's technologies and systems. The Security Architect must be able to recommend ways to improve upon identified weak points via policies, procedures, and technologies. When implementing new security technology, the Security Architect will be responsible for managing all stages of the technology development lifecycle including determination of security requirements, leading proof-of-concepts, implementation, testing, and documentation.

Essential Job Functions:
·         Contribute to the development of the Security Engineering roadmap (1, 3 & 5 years)
·         Ensure adherence to the company's network security design principles and information protection policies as well as meeting all applicable industry regulations (e.g. PCI, HIPAA, etc.), best practices and contractual obligations.
·         Act as a technical security lead for complex infrastructure projects
·         Act as a champion for the Security Engineering organization by practicing outreach to other technical and business areas, working cross functionally with other Sr. Architects and Technologists, attending VP staff meetings to present details of new designs and initiatives and working closely with the CTO organization to ensure alignment with the broader technology vision
·         Identify and recommend opportunities to improve existing capabilities and introduce new capabilities in order to reduce overall attack surface and provide increased security monitoring for network and endpoint systems to the SOC and incident response functions
·         Research, develop, and documents security designs, network diagrams, and technical security controls
·         Develops a metrics framework in order to effectively measure the impact of security designs, capabilities and improvements against stated requirements
·         Research, develop, and documents security standards for Security Infrastructure Management (SIM) team (e.g. standard configurations and hardening, lifecycle management, security controls, etc.)
·         Consults with application development teams on security related designs and architecture
·         Works closely with the Information Risk Management organization on security related issues (e.g., incident response, vulnerability management, regulatory audits, etc.)
Qualifications & Requirements Experience
·         Minimum of 7-10 years of strong experience in network and endpoint security architecture, design principals and tools
·         Understanding aligning projects to business priorities
·         Should have some industry standard security certifications (e.g. CISSP, CEH, etc.)
·         The Applicant must demonstrate strong working knowledge of many of the following technologies and concepts
·         Familiarity with cloud security configurations, capabilities, designs and concepts
·         Familiarity with software defined network security configurations, capabilities, designs and concepts
·         Application delivery and load balancing technology (configuration, design, troubleshooting, etc., F5 experience a plus)
·         Firewall and DMZ environments (design, setup, troubleshooting, policy design and administration, Check Point experience a plus)
·         VPN technology (remote access, site to site, IKE/IPSEC lifecycle, troubleshooting, concepts, etc.)
·         E-mail and SMTP security (SPAM, phishing, URL and attachment defense, imposter emails, spoofing, etc.) Proofpoint experience a plus
·         DNS, DHCP & IPAM (DDI) protocols and security (DNS tunneling and exfiltration techniques, RPZ, DNS firewall, etc.). Infoblox experience a plus
·         HTTP/S proxy servers and security (web proxying, mobile code inspection, web security, filtering/authentication, tunneling mitigation, etc.) Bluecoat experience a plus.
·         WAF (Web Application Firewall) systems and concepts (application onboarding, latest application level attacks, OWASP, etc.) Imperva or ASM experience a plus
·         DLP (Data Loss Prevention) technology and concepts (endpoint, network, SMTP, web, DB, etc.) Websense/Forcepoint DLP a plus
·         Security Discipline (network security, secure network and application design, risk assessment, configuration/hardening, etc.)
·         Familiar with risk management and governance concepts such as digital forensics, incident response, threat and vulnerability management and support for regulatory audits
·         TCP/IP based networking (addressing/sub netting, designing, troubleshooting, routing, OSI model, etc)
·         Packet capturing and protocol analysis (TCP, UDP, ICMP, packet dissection, etc)
·         Basic administrative experience with Unix/Linux operating systems
·         Demonstrated ability to develop customized solutions to meet security requirements
·         Advanced problem-solving skills and the ability to work collaboratively with other functions to resolve complex issues with innovative solutions
·         Demonstrated ability to handle multiple projects and initiatives prioritizing work as needed
·         Familiarity with health care or PBM industry helpful


Aravind Kumar, IT Recruiter
Tellus Solutions
3350 Scott Blvd, Bldg 34A, Santa Clara, CA 95054