Security Architect
Security Architect
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job Title
Security ArchitectJob Description
Job title:
As a Security Architect at Philips you are an integral part of a team that works to develop high-quality solutions for various software applications and products. Drive significant business impact through your capabilities and contributions and apply deep technical expertise and problem-solving methodologies to tackle a diverse array of cybersecurity challenges that span multiple technology domains. The role has a global responsibility in IGT-D and needs to collaborate with all IGT-D stakeholders globally and other Philips cybersecurity departments. You will also be a member of our global architecture team.
Your role:
- Guides the evaluation of current cybersecurity principals processes and controls and leads the evaluation of new technology using existing standards and frameworks
- Regularly provides technical guidance and direction to support the business and its technical teams contractors and vendors.
- Works with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
- Serves as function-wide subject matter expert in one or more areas of focus
- Actively contributes to the engineering community as an advocate of firmwide frameworks tools and practices of the Software Development Life Cycle
- Influences peers and project decision-makers to consider the use and application of leading-edge technologies
- Adds to team culture of diversity equity inclusion and respect.
- Perform and develop strategic cyber security roadmaps for the products and services.
- Conduct threat modeling and architectural assessments of applications to encompass all aspects of information security ensuring security by design.
- Document identified threats and provide corresponding mitigation strategies.
- Evaluate technologies and solutions to enhance security capabilities.
- Identify security gaps and communicate associated business risks to relevant stakeholders.
- Provide solutions aligned with business needs considering security and compliance requirements.
- Verify the effectiveness of security controls in mitigating identified risks.
- Assist engineering projects throughout the Secure Software Development Life Cycle (SSDLC) and collaborate to effectively prioritize product security elements.
.
Youre the right fit if: (4 x bullets max)
- Formal training or certification on Cybersecurity concepts and 10 years applied experience
- Hands-on practical experience high quality threat models and knowledge of MITRE framework STRIDE framework and kill chains.
- Proficient in Cryptographic Security Controls (Key Management Systems).
- Strong knowledge of information security principles security architectures frameworks standards and emerging threats with the ability to implement effective mitigation strategies.
- Deep understanding of network protocols operating systems databases applied cryptography least privilege zero trust principles identity & access management and other core information security concepts.
- Familiarity with regulatory requirements and compliance standards (NIST ISO 27001 GDPR FDA HIPPA).
- Expertise in cloud computing and its associated best security practices covering applications infrastructure storage platforms and data security.
- Hands-on experience in performing threat modeling for applications identifying threats and suggesting optimal mitigation strategies.
- Strong understanding of threat modeling methodologies (e.g. STRIDE DREAD PASTA).
- Proficiency in using threat modeling tools (e.g. Microsoft Threat Modeling Tool Threat Modeler OWASP Threat Dragon).
- In-depth knowledge of common security vulnerabilities (e.g. OWASP Top Ten CVEs) and attack vectors.
- Must have experience in architecting and securing Cloud Computing Platforms such as Azure or AWS.
- Architecture & Networking Identity & Access Management Securing the CI/CD Pipeline Secrets and Data Protection logging and monitoring and Security controls for Containers(e.g. Dockers Kubernetes).
- Excellent communication and interpersonal skills with the ability to interact with stakeholders at all levels and explain complex security concepts in an easily understandable manner.
- Good understanding of relevant laws regulations and industry standards
How we work together
We believe that we are better together than apart. For our office-based teams this means working in-person at least 3 days per week.
Onsite roles require full-time presence in the companys facilities.
Field roles are most effectively done outside of the companys main facilities generally at the customers or suppliers locations.
Indicate if this role is an office/field/onsite role.
About Philips
We are a health technology company. We built our entire company around the belief that every human matters and we wont stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
Learn more about our business.
Discover our rich and exciting history.
Learn more about our purpose.
If youre interested in this role and have many but not all of the experiences needed we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here.
#LI-PHILIPS
Employment Type
Full-Time
