Security Architect (SecDesign Integrator – Cloud & App Security)
Share
Job Location:
Monthly Salary:
Posted on:
17 hours ago
Vacancies:
1 Vacancy
Job Summary
Security Architect (SecDesign Integrator Cloud & App Security)
Experience: 10 years
Location : Montreal
Hybrid: Required 3 days in office
Job Description
The mission of the SecDesign team is to provide security architecture assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices. The SecDesign Generalist is an internal consultant that is working on multiple security architecture and design assessments spanning multiple classes of technologies. It is an opportunity to get involved in multiple business units and technologies inherent to the mission of SecDesign. The Integrator works with team members (Technology Business Suppliers Stakeholders and Partners) globally to perform SecDesign assessments. To be successful as an Integrator the candidate must have broad technology experience coupled with risk management communication and time management skills. The candidate will also be working with a global team of experts on modernizing the Firms SDLC platform to enable deployment automation to private and public cloud endpoints and SaaS-based tooling. This role affords the opportunity to get in on the ground floor to help build the next generation of development and deployment tooling across a diverse set of tech stacks for the next decade
A SecDesign Generalist has the following responsibilities:
1. Lead SecDesign deep dives with the requestor of the assessment.
2. Prioritize risks identified in relation to business risks.
3. Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
a. Authentication Authorization Auditing
b. Application Security Session Security Vulnerability/Pen Testing items Input Validation
c. Secure data transport and storage
d. Network Security Principles and best practices.
e. Cloud Security Principles and best practices
1. Periodically review security reference architecture (security blueprints) and conduct updates/enhancements.
2. Participate in various Operational and Technology Risk governance processes.
3. Assist in identifying new areas and opportunities of technology investment for the firm.
Skills and Experience
Soft Skills (Required)
1. Excellent communication skills: written oral presentation listening.
2. Ability to influence through factual reasoning.
3. Time management: ability to handle multiple concurrent assessments plan based deliverable management strong follow up and tracking.
4. Strong focus on delivery when presented with short timelines and increased involvement from senior management.
5. Ability to adjust communication of technology risks vs business risks based on the audience.
Security Architecture Skills
1. Required In depth knowledge of application network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers.
2. Required Experience in conducting Information Security IT Security Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.
3. Required Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
4. Required Knowledge of Cloud Service Providers (AWS/Google/Azure) cloud DevOps and CI/CD
5. Required The candidate must have working experience in at least three of the following application/network security domains:
a. Authentication: SAML SiteMinder Kerberos OpenId
b. Entitlements and identity management
c. Data protection data leakage prevention and secure data transfer and storage
d. App Security - validation checking software attack methodologies.
e. Cryptography encryption and hashing
6. Desired - Prior experience administering systems for version control (Bitbucket Github) issue tracking (Jira) continuous integration (Jenkins Github Actions) or release management.
7. Desired Knowledge of standard network model and the risks that present at each layer the functions of network equipment such as switches routers firewalls proxies VPNs and load-balancers and understanding of common network architectures.
8. Desired - The candidate must have working knowledge of the primary operating systems (Unix Windows z/OS Mac OS) the configuration and management of that platform at an enterprise scale the security risks to that platform and how to mitigate those risks.
9. Desired - experience in testing tools at least one of Veracode Fortify OunceLabs AppScan WebInspect Burp
Development Experience
1. Required Even though the SecDesign Integrator role is not a development role the candidate must have previous background in programming design and application architecture.
2. Required In order to be a practical SecDesign Integrator the candidate must have experience implementing complex applications in an enterprise environment.
3. Required working knowledge of programming and scripting languages: Java JavaScript C# C/C Perl Python Ruby
4. Desired In-depth knowledge of web technologies such as Web Browsers Web Servers Web Services
Other Areas of Expertise
1. Frameworks protocols and subsystems: Spring RPC SOAP MQSeries JMS RMI JMX Hibernate.
2. Knowledge of JSP /Servlet/EJB or HTTP/HTTPS Cookies AJAX JavaScript Flex / Silverlight.
3. Database design and programming experience
4. Experience of liaising with 3rd Party Entities (exchanges suppliers regulators)
5. Experience in conducting and / or reviewing penetration tests dynamic vulnerability assessments and static vulnerability assessments.
6. Understanding of geographic regulations and their impact on Security assessments
7. Previous experience in Financial Services is preferred.
8. CISSP or other industry qualification
9. Desired experience working with global organizations.
Key Skills
- CCTV
- Customer Service
- Communication skills
- Computer Skills
- ICD Coding
- Military Experience
- Law Enforcement
- NIST Standards
- Security
- DoD Experience
- RMF
- Writing Skills
