The Security Architect is responsible to ensure appropriate security controls are designed, implemented and maintained across our client' s products and systems. The individual will work with a variety of stakeholders from the business, marketing, product development, IT and security teams. This role requires both the skill set of working through high level design concepts to the engineering technical details.
• Work with project stakeholders to ensure secure solutions are designed and implemented across the enterprise.
• Define security requirements and propose effective solutions to address business requirements securely.
• Conduct security audits, vulnerability assessments, and periodic access reviews on applications and infrastructure.
• Conduct secure code reviews and providing appropriate security remediation to the development team.
• Define and maintain security standards and controls for enterprise applications, network, infrastructure and products.
• Understand compliance/regulatory requirements and translate them to effective security controls.
• Analyze potential impact of new threats and exploits. Determine solutions to mitigate the threats and communicate risks to relevant stakeholders.
• Support the Vulnerability Management process by running scans, triaging results and support remediation/mitigation efforts.
• Support Incident Response team on an adhoc basis.
• Assist in prioritization, guidance and efforts to fulfill the Information Security vision.
• Communicate status of projects/tasks effectively.
Requirements for the Role:
• 5+ years of Network, System and Application Security experience.
• Expertise in designing secure networks, systems, application and IoT architectures.
• Ability to conduct Threat Modeling Exercises
• Experience working with Regulations/Compliance/Security Policies
• Knowledge of SDLC practices, current technologies, programming languages and frameworks.
• Knowledge of Networking, web applications, web services, infrastructure
• Thorough knowledge of security concepts and best practices.
• Experience configuring/running/reviewing security scanning technologies.
• Knowledge of Identity and Access Management solutions and integrations.
• Thorough knowledge of attack vectors on web applications, mobile applications and cloud services.