Senior Information Security Architect

Job Summary: We are seeking a Senior Information Security Architect with deep expertise in AWS and Information Security principles. This role involves architecting and ensuring the security and compliance of cloud environments based on enterprise cloud security policies, standards, procedures, and industry best practices and frameworks (NIST, OWASP). The position is hybrid, requiring in-office presence once a week, and offers the potential for contract-to-hire after six months.

Job Title: Senior Information Security Architect

Location: Reston, VA (Hybrid - In-office one day a week)

Key Responsibilities:

• Lead the AWS Security architecture program across multiple projects, collaborating with product owners and enterprise architects.
• Architect secure cloud environments, ensuring compliance with enterprise policies and industry standards.
• Conduct threat modeling and implement data security measures (encryption, masking, tokenization, data access controls).
• Develop and maintain security policies, standards, and procedures.
• Monitor and respond to security incidents and vulnerabilities.
• Provide guidance on security best practices and frameworks (NIST, OWASP).

Must Have:

1. Public Cloud: AWS Experience

1. Deep expertise and proven track record in AWS Architecture and AWS Services (Compute, IAM, RDS, Resource Policies, Network, Messaging, Data Storage, CI/CD, AI/ML, ETL, Serverless, ECS/EKS).

1. Experience with AWS security pillars, best practices, and well-designed architecture.

1. Preferable experience in AI/ML.

1. Information Security Architecture

1. Key experience in application security, threat modeling, API security, DevSecOps, pipeline security, infrastructure security, authentication/authorization, encryption, key management, data discovery and encryption, SIEM, CSPM, CWPP, access controls, container security.

1. Familiarity with industry security standards and frameworks (OWASP, NIST CIS, FED Ramp, ISO, SOX).

1. Experience designing architectures based on security standards and threat modeling to identify issues and design mitigating controls.

1. Systems Architecture

1. Key experience in system design, API-driven architecture, open standards, stateless systems, resiliency, high availability, system and SaaS integrations.

Nice to Have:

• AWS advanced certification (Professional, Specialty), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) or equivalent.