What are the responsibilities and job description for the Information Security Architect position at SIDRAM TECHNOLOGIES?
Role: Information Security Architect
Location: Boston, MA 2 days onsite
Job Description
Security Architect is “responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes.” [Source: NIST SP 800-37 rev.1]
Mass DOT’s Security Architects regularly perform the following types of work:
Systems Requirements Planning
Location: Boston, MA 2 days onsite
Job Description
Security Architect is “responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes.” [Source: NIST SP 800-37 rev.1]
Mass DOT’s Security Architects regularly perform the following types of work:
- Document designs for configuration and controls to reduce cyber and information security risk for applications, infrastructure, and data.
- Guide implementation of security configuration and controls and help test the effectiveness of the implementation.
- Discuss proposed IT changes (including but not limited to new technology) with subject matter experts and implementers so that security risks are identified before implementation.
- Discover and document the current state of configuration and controls protecting applications and infrastructure to help the IT teams understand where there are gaps or weaknesses and how the cyber risk context may have changed since initial implementation.
- Take an active role on the Cyber Incident Response Team (CIRT) when there are investigations, incidents, or practice exercises.
Systems Requirements Planning
- Develop and document secure system designs by applying the principles of Zero Trust, micro-segmentation, and other approaches for reducing cyber risk.
- Provide subject matter expertise to the Information Security Risk Management Team as they are assessing risk for new technologies or use cases.
- Guide technology teams by applying your knowledge of cloud services, solution platforms, data center hosting environments, and IP networking to all proposed solution architecture to help them apply secure configurations and conform to the Commonwealth’s security standards.
- Systems Security Architecture
- Serve as a security representative on technology project teams to provide guidance and support during the project lifecycle.
- Ensure that security controls are designed, implemented, and documented.
- Advise on the criticality and remediation of known software and firmware vulnerabilities.
- Create and document solutions using a risk-based approach, that considers the business requirements, compliance requirements, and cyber risk across all functions in the NIST Cyber Security Framework.
- Serve as a member of the Cyber Incident Response Team.
- Design, document, build, implement, and support enterprise-class security tools and systems.
- Perform or supervise security assessments on critical and important technology infrastructure and applications.
- Maintain current knowledge of global cyber threat information, including tactics and techniques, and how they may pose new risk to MassDOT’s networks, systems, and applications.
- Function as a subject matter expert who can explain highly technical topics to those without a technical background.
- Continuously provide feedback and recommendations for the protection of user accounts, employee information, and constituent data.
- Possess and utilize professional communication skills.
