Enterprise Security Architect

Job Description

Position: Enterprise Security Architect
Duration: Full Time
Location: Pittsburgh PA
Interview mode: Inperson
Brand new role

Overview:
Serve as a member of the enterprise architecture team, providing technical security insight that aligns with business objectives and security requirements. Establish and evangelize the security architecture (principles, policies, standards and patterns) to development groups, business groups and other stakeholders; Govern adherence to the architecture golden rules. Analyze gaps between current and target security architecture and develops plans to close the gaps.

Responsibilities:

• Works with IT departments, information security architects, technical architects, data custodians, and governance groups to develop and update Client security policies, standards, procedures, and solutions for secure application architecture. Ensures that security practices are aligned with Client’s overall business strategies.
• Advises and drives the security maturity of the development lifecycle including secure coding and system security for operations. Recommends and implements changes in security procedures and practices using best-in-class information to ensure that Client is maintaining best-in-class security practices.
• Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs. Conducts Penetration Test, Vulnerability, and Risk assessments to improve the security architecture and security product toolset.
• Prepares system security reports by collecting, analyzing, and summarizing data and trends. Executes validation by external vendors.
• Verifies security systems and network configurations by developing and implementing test scripts while monitoring adherence to standards in architecture, application design, development, and testing frameworks.

Qualifications

Qualifications:

• Bachelor degree with Master preferred. Security certification required.
• 7 to 10 years of experience operating in a cloud environment (e.g. Azure, AWS, Rackspace) along with at least 5 years working in a dedicated information security role with a focus on Security Architecture for at least 3 years.
• 7 to 10 years of experience with PaaS, IaaS, SaaS, and/or mobile architecture
• Solid experience with security hacking tools and techniques.
• Solid understanding in application architectures and technology including web applications, mobile technology, identity and access management, security event and incident management as well as web security controls (e.g. Web Application Firewall, Database Activity Monitor, Distributed Denial of Service controls, etc.)
• Extensive working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10.
• Experience with compliance standards such as HIPAA, CMS, SOX, GLBA; as well as security frameworks such as SANS 20 CSC, CoBIT, or NIST.
• Previous involvement with developing and/or maintaining an Enterprise Security Architecture. Familiarity with TOGAF is a plus
• Strong understanding and experience of software development methodologies and life cycles
• Excellent written and verbal communications skills required, with the ability to explain advanced concepts to audiences of varying levels
• Can be counted on to exceed goals successfully, very bottom-line orientated while steadfastly pushes self and others for results.
• Has working knowledge of web application security best practices to include, but not limited to, Cloud Security Alliance controls matrix, OWASP Top 10.
• Demonstrated ability to make sound decisions using a mixture of analysis, wisdom, experience, and judgement coupled with a strong ability to learn on the fly (quickly learns new tasks, open to change).
• Certifications, licenses or registrations: Security , CISSP, CISA, CEH
• Proven ability to organize/manage multiple priorities coupled with the flexibility to quickly adapt to ever-changing business needs.

Additional Information

All your information will be kept confidential according to EEO guidelines.