Senior Information Security Architect

Senior Information Security Architect

Vacancy expired!

Experis - A Manpower Company is engaged with one of the technology client in Sunnyvale, CA. We are looking to help our client to identify

Senior Information Security Architect. It's a Full Time Opportunity. Great company to work with

Position Title: Senior Information Security Architect

Location:

Sunnyvale, CA 94086

Duration: Full-Time opportunity (Direct Hire)

Job Summary:

As a

Senior Information Security Architect, you will play a key role in driving wide security processes such as architecture design, risk management, mitigation planning, compliance with security standards, audits and overall security operations. This role will focus on current security measures, finding opportunities for strengthening infrastructure designs, development practices, guiding teams best security practices, and testing methods in an on-prem and cloud SaaS environment. This includes ensuring that all aspects of company cybersecurity adhere to the adopted cybersecurity framework.you will have the critical responsibility to identify, document and communicate sophisticated security and technical issues, in a simplified, non-technical way to a broad audience ranging from engineering to senior leaders. The successful candidate will be a specialist in the design, use and measurement of secure practices and security testing tools. The ideal candidate will have a proven background in writing detailed technical specifications for security solutions for on-prem and cloud infrastructure.

Responsibilities:

• Analyse information security systems and applications


• Recommend and develop security measures to protect information against unauthorized modifications or loss


• Architect and design security solutions that implement security consistently across internally developed and cloud-based applications.


• Perform security architecture reviews


• Ensure alignment to all regulatory and security standard methodologies (NIST, CIS20)


• Act as an authority to interpret the results from vulnerability scans (SecureWorks, Qualys) and work with the SysAdmin to remedy vulnerabilities.


• Build relationships and collaborate with other engineers across company to ensure all security efforts are aligned


• Collaborate with Information Security to identify and implement best practices appropriate for operational goals


• Monitor and triage vulnerabilities reported by vendors and researchers


• Champion security, privacy and data protection standard methodologies


• Develop and document application security policies and standards


• Conduct infrastructure Penetration Tests as needed


• Evaluate/apply new and emerging security technologies and solutions


• Review security logs on a periodic basis to identify anomalous events and investigate possible breaches to the company's security.


• Supervise and track progress of found vulnerabilities and maintain a historical log


• Supervise and ensure compliance to standards, policies, and procedures by conducting incident response analysis


• Prepare and present reports and metrics to management


• Other security-related projects may be assigned according to skills

Experience:

• Bachelor's Degree in Computer Engineering, Computer Science, Information Technology or equivalent experience


• Minimum of 5+ years of work experience in an IT security role


• Minimum of 5+ years of proven track record in auditing, reviewing and designing security solutions


• Designing and building secure systems, networks, and infrastructure


• Defining enterprise, infrastructure, or application security architecture and security standards


• Experience and knowledge of the following security frameworks and standards: NIST CSF, CIS20


• Proven experience in security integrations using OAuth, OpenID Connect, SAML, and LDAP


• Strong practical knowledge of concepts such as least privilege, zero trust, encryption, network design, access controls, and incident containment


• Advanced-level knowledge of all layers of the OSI model and concepts that can be used to secure each


• Broad knowledge of network and security tools


• Experience with vulnerability scanning tools (e.g., Qualys)


• Excellent verbal and written communication skills


• Ability to connect with employees at all levels of the organization


• Ability to work with multi-functional teams


• Ability to communicate technical concepts to nontechnical users


• Good interpersonal, presentation and facilitation skills


• Independent, problem solver and execution driven

Additional Desirable Knowledge, Skills and Abilities:

• Knowledge of cloud-based infrastructure (AWS) and how they affect security needs


• Solid knowledge of web applications and a level of familiarity with malicious code and common techniques used by hackers


• Cloud hosted knowledge such as GitHub, Artifactory, Jenkins etc. is a plus


• Solid grasp of computer file systems and architecture