Cloud Security Architect
The information security architect plays an integral role in defining and assessing the organization's security architecture and practices, both on-premise and in a multi-cloud environment. In partnership with the CISO, the information security architect will be required to effectively develop and implement security best practices and processes enabled by security technologies and services.
· Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with the business, technology and threat drivers
· Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
· Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
· Participate in application and infrastructure projects to provide security-planning advice
· Draft security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the CISO
· Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM)
· Develop standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria
· Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
· Ensure a complete, accurate, and valid inventory of all systems, infrastructure, and applications that should be logged by the security information and event management (SIEM) or log management tool
· Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the infrastructure operations team
· Coordinate with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO
· Coordinate with the legal team and the CISO to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
· Validate multi-cloud architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
· Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, SIEM, and anti-malware/endpoint protection systems
· Review network segmentation to ensure least privilege for network access
· Support the testing and validation of internal security controls, as directed by the CISO.
· Review security technologies, tools and services, and make recommendations to the broader the security team for their use, based on security, financial and operational metrics
· Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), endpoint protection, SIEM and log management technology
· Direct, hands-on experience or strong working knowledge of cloud security. Experience designing the deployment of applications into public cloud services.
· Verifiable experience reviewing application code for security vulnerabilities
· Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
· Full-stack knowledge of IT infrastructure:
o Operating systems — Windows, Unix and Linux
o Virtual machines
o IP networks — WAN and LAN
· Direct experience designing IAM technologies and services:
o Active Directory
o Lightweight Directory Access Protocol (LDAP)
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.