Experience: • 7+ years in security architecture
• 10+ years in information security (engineering, analyst, incident response)
• 10+ years working with computer systems
• 10+ years working with application architecture & application development
• 10+ years working with network software & hardware, data or voice as well as experience with open & proprietary software and hardware.
Required:
• Experience in an enterprise level technology environment with a mature security department
• Demonstrates practical experience in application security
• Practical experience consulting with project teams and solutions providers
• Demonstrates practical experience and in-depth knowledge of security controls (e.g. NIST and CIS Top 20)
• Demonstrates practical experience in Enterprise Architecture Frameworks such as TOGAF or related
• Demonstrates practical experience in Open Web Application Security Project (OWASP)
• Demonstrates practical experience and in-depth knowledge in Static and Dynamic Application Security Testing (using scanning tool such as IBM AppScan)
• Demonstrates practical experience in identity and access management (IAM)
• Demonstrates practical experience and in-depth knowledge with Application Security of Development (.Net, Java, Apex, PHP, Node.js, Ruby on Rails)
• Experience working with current and emerging developmental methodologies (Waterfall, Agile, Extreme Programming and related)
Highly Desired:
• Demonstrates practical experience and in-depth knowledge of security frameworks (e.g. ISO27001)
Desired:
• Demonstrates practical experience and in-depth knowledge of regulatory security controls (PCI, HIPAA, CJIS, FISMA)
Description:
• Establish the target security/infrastructure architecture for security platforms (specific to applications/systems security)
• Acts as consultant and subject matter expert to leadership and project sponsor in defining the vision, objective and scope of major security related work projects and programs.
• Consults with project delivery teams and solution providers to implement security architecture frameworks and solutions.
• Consults and researches with vendor product specialists/sales, independent research organizations, on-site support engineers and fellow architects and administrators on best-fit technologies and ensure compliance to department policies & standards and technology roadmap.
• Coordinate with the team for technology validation or suggestions for alternative solutions. If necessary, initiate Solution Assessments, Infrastructure Service Requests, and any applicable required documentation to implement the new technology.
• Advocates the use of emerging cyber security best practices, technologies, developing standards and procedures, promoting the usage of automated tools, developing strategies, and aligning practices with strategic initiatives.
• Authors requirements, including definition of dependencies on infrastructure consolidation efforts.
• Authors design related artifacts (Functional Design, System Design, Security Architecture)
• Produce architectural framework documents i.e., white papers, guidance documents, best practices, technical reports, etc.
• Performs security architecture and general security reviews for new infrastructure and system implementations
• Define Security/Information Assurance requirements (and dependencies).
• Specify key architectural aspects of the architecture view and identify other aspects that need definition.
• Project contributor representing security and participates in project plan development
• Provides project estimates based on past experience with security implementation-based projects and programs
• Leverage broad-based understanding of technology areas and end-to-end knowledge of current installations to craft architectural solutions or standards that can be applied across the enterprise.
• Provide strategic and architectural support for cyber Security as a Subject Matter Expert.
• Provide support and subject matter expertise with respect to adherence to security controls (e.g. NIST 800, CIS, and related)
• Provide support and subject matter expertise with respect to adherence to Enterprise Architecture Frameworks (e.g. TOGAF or related)
#J-18808-Ljbffr
