Wednesday, October 25, 2017

Security Architect

Position: Security Architect 
Location: Costa Mesa, CA
Duration: 6 months +
 
 
Essential Responsibilities: 
  • Provide application security design leadership for application developers by defining, coordinating, and identifying security requirements, patterns and architectures. 
  • Provide expert technical security guidance and hands on validation of applications during the design, development, and testing of systems. 
  • Provide expertise in designing next generation application level encryption to secure data in transit, at rest and in motion. 
  • Validate application security architectures and controls through static and dynamic security analysis and architecture reviews to ensure adherence with the company security standards and industry best practices. 
  • Understand highly scalable and highly available enterprise class application architectures to apply sound security design within them 
  • Evaluate, recommend and integrate new security technology and tools to meet business needs. 
  • In addition to security-centric roles, contribute to application architecture including prototyping and identification of implementation patterns as needed. 
  • Contribute as a key stakeholder in defining and assessing the organization's security strategy, architecture and practices. 
  • Effectively translates business objectives and risk management strategies into specific security processes enabled by security technologies and services. 
  • Leads project teams in security design, defining security requirements, identifying suitable controls, documenting and implementing technical designs and provides oversight and guidance to others. 
  • Works with the Information Security Manager and others to define metrics and reporting strategies that effectively communicate successes and progress of the security program. 
  • Creates security strategy and roadmaps and provides insight into latest security trends, risks, threats and attack methods. 
  • Develops Cloud Security Strategy and defines the transition to and adoption of secure cloud services. 
  • Acts as 2nd or 3rd line support to assist in troubleshooting and problem resolution as required and called upon from time to time including out of hours support when necessary. 
  • Ensure that an accurate inventory of all systems and infrastructure is maintained and that should be logged by the security information and event management (SIEM) or log management tool. 
  • Validate IT infrastructure and other reference architectures including Cloud security architectures for security best practices, and recommend changes to enhance security and reduce risk where applicable. 
  • Validate security configurations and access to security infrastructure tools. 
  • Validate that security and other critical patches to are configured and deployed. 
  • Liaise with the business continuity team to validate security practices for both disaster recovery planning (DRP) and business continuity management (BCM) testing and  Document data flows of sensitive information within the organization (e.g., PII or PCI) and recommend controls to ensure this data is adequately secured. 
  • Liaise with the internal audit team to review and evaluate the design and operational effectiveness of security related controls. 
  • Create security documentation including requirements definitions, risk assessments, high level and detailed design documents and risk and recommendation documentation. 
  • Lead the efforts to migrate or integrate security services in Cloud SaaS and IaaS services 
  • Host and conduct presentations to the security group, Product development and business users as required. 
  • Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software. \Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools. 
  • Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations. 
  • Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks. 
 
Qualifications: 
  • A minimum of seven years in an information security role of which at least 3 must have been in a security design, architecture or consultancy capacity. 
  • A bachelor's degree in information systems or equivalent work experience in Information Security is preferred. Professional certifications such as CISSP, CISM are highly regarded and must have knowledge of security standards and best practice such as ISO 27001 and NIST. 
  • Strong analytical skills to analyze security requirements and relate them to appropriate security controls. 
  • Strong leadership skills and the ability to work effectively with business managers, Engineering and IT operations staff. 
  • Excellent verbal, written communication skills. Must be able to communicate effectively with the IT organization, project and application development teams, management and business personnel. 
  • In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies. 
  • Builds on and applies existing knowledge. Tries new approaches and broadens the scope of work to learn from work assignments. 
  • Demonstrates flexibility within a variety of changing situations, while working with individuals and groups. Multitasks when required and can work with minimal supervision. 
  • Experience with software development practices and rolling out new software technologies and solutions. 
  • Experience designing and implementing scalable, high performance enterprise applications for mission critical solutions. 
  • Expertise in Agile methods, software development lifecycle management, continuous integration, build and release management and managed environments. 
  • Experience creating and delivering technical collateral including case studies, best practices guides, whitepapers and reference architectures needed for driving adoption. 
  • Strong commitment and understanding of software quality processes appropriate for high-availability, mission-critical systems. 
  • Experience developing secure applications for API, mobile platforms is a plus.