Security Architect

POSITION LOCATION

This position is eligible for a hybrid work arrangement. Currently 5 days of on-site work per month are required.

POSITION PURPOSE

DUTIES & RESPONSIBILITIES

• Design and implement security controls for cloud on-premises and hybrid environments (e.g. AWS Azure GCP).
• Monitor and review cloud service provider security policies to help ensure compliance with organizational requirements.
• Partner with Enterprise Architects and Development teams to ensure security best practices and principles are embedded in their workflows.
• Conduct security assessments and risk analysis to identify vulnerabilities and propose mitigation strategies within the Zero Trust framework.
• Design and implement Zero Trust principles and frameworks to enhance the security posture of our systems and networks.
• Design and maintain robust CI/CD pipelines with integrated security checks to shift security left ensuring vulnerabilities are identified early in the development process.
• Collaborate with cross-functional teams to define access policies user authentication mechanisms and secure connectivity across various environments.
• Design and collaborate with cross-functional teams to deploy secure SSO solutions with identity providers (IdPs) directory services and third-party applications for seamless and centralized authentication and authorization across multiple applications and systems.
• Collaborate with stakeholders to understand business requirements and translate them into effective security controls and solutions.
• Make recommendations to reduce risks.
• Supports administration of the enterprise security infrastructure including but not limited to the systems supporting: network security monitoring two-factor authentication web application firewalls vulnerability management endpoint detection and response data loss prevention and enterprise logging.
• Supports incident response processes.
• Compiles metrics for leadership.
• Assists in installing implementing and maintaining security software.
• Maintains the availability patching and operational functionality of assigned security systems.
• Evaluates new security tools products and solutions for applicability to security needs.
• Makes recommendations regarding purchase of security products.
• Ensures MDTs reputation is maintained internally and externally.
• Ensures appropriate levels of security and confidentiality are always maintained.
• Acts as a representative of MDT with business and professional organizations and external IT contacts.
• Keeps management informed of area activities and any significant concerns.
• Attends and participates in meetings as required.
• Completes accurate tickets reports records and other documentation as necessary.
• Stay up to date with industry trends emerging technologies and security best practices to proactively identify potential threats and vulnerabilities.
• Responsible for working with the security team and other departments to ensure work is flowing effectively and timely throughout the organization.
• Assists in setting department and company standard practices and procedures.
• Responsible for working with company vendors to ensure the delivery of products or services is successful.
• Acts as a subject matter expert for co-workers and fosters a culture of continuous learning and cross-training.
• Assigned to the on-call rotation to support security operations.
• Stays informed of trends and changes in the information security field.
• Completes special projects and research studies as required.
• Keeps work area clean secure and well maintained

EDUCATION & EXPERIENCE REQUIREMENTS

• Bachelors degree in Computer Science or a related field or an equivalent combination of training and experience in Computer Science.
• Professional certifications such as CISSP CISM CCSK or CCSP are highly desirable.
• Ten years of experience as a Security Architect or similar role with a focus on cloud security and Zero Trust architecture.

REQUIRED KNOWLEDGE

• Strong knowledge of cloud platforms (e.g. AWS Azure Google Cloud) and associated security controls.
• Experience designing and implementing Zero Trust architectures including network segmentation secure access controls and strong authentication mechanisms.
• Experience with designing and implementing Secure Access Service Edge (SASE) and Software-Defined Wide Area Network (SD-WAN).
• Experience with the design and integration of security into the SDLC by implementing secure coding standards automated security testing (SAST DAST) and vulnerability scanning.
• In-depth understanding of SSO protocols and standards (e.g. SAML OAuth OpenID Connect) and their implementation.
• Technical understanding of threat actor attack techniques.
• Familiarity with security frameworks and standards (e.g. NIST Cybersecurity Framework ISO 27001 CIS Controls).
• Excellent analytical and problem-solving skills with the ability to assess complex security requirements and recommend appropriate solutions.
• Effective communication and interpersonal skills to collaborate with cross-functional teams and communicate security concepts to non-technical stakeholders.
• Self-motivated and ability to meet deadlines with minimal supervision.
• Well organized and attentive to detail.
• Strong leadership abilities.
• Project management skills.
• Ability to maintain confidentiality.

WORKING CONDITIONS

Special

• No hazardous or significantly unpleasant conditions (such as in a typical office).
• Additional hours including on-call with Saturday/Sunday support as required.
• Long duration of computer workstation usage.

INTENT AND FUNCTION OF JOB DESCRIPTIONS

Job descriptions assist organizations in ensuring that the hiring process is fairly administered and that qualified employees are selected. They are also essential to an effective appraisal system and related promotion transfer layoff and termination decisions. Well-constructed job descriptions are an integral part of any effective compensation system.

All descriptions have been reviewed to ensure that only essential functions and basic duties have been included. Peripheral tasks only incidentally related to each position have been excluded. Requirements skills and abilities included have been determined to be the minimal standards required to successfully perform the no instance however should the duties responsibilities and requirements delineated be interpreted as all inclusive. Additional functions and requirements may be assigned by supervisors as deemed appropriate.

In accordance with the Americans with Disabilities Act it is possible that requirements may be modified to reasonably accommodate disabled individuals. However no accommodations will be made which may pose serious health or safety risks to the employee or others or which impose undue hardships on the organization.