We’re looking for an Enterprise Security Architect to partner with our technology, development and engineering organizations and enable them to build security into Bose technology infrastructure and services. The ideal candidate has strong security and systems experience and has worked with cloud, mobile, and/or SaaS ecosystems in a fast-paced and cross-functional environment. As a trusted technology partner and thought leader, we need someone who brings both technical expertise and a practical, risk-based approach to the job.
This is a highly technical role with approximately 70% as architect/advisor. We’re looking for a contributing team member to mature our overall Information Security program, mentor others, and be a hands-on partner to our technology teams to deliver innovative and secure technology infrastructure, apps and experiences to customers.
Job Responsibilities - In this role you will -
- Establish best practices for the effective avoidance, identification, and resolution of security weaknesses in Bose infrastructure, applications, services, and related processes.
- Champion the implementation of industry leading information security standards and best practices (ISO27001/2, NIST 800-53, CIS Level 1 and 2) across the enterprise.
- Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies to meet external compliance/regulatory requirements.
- Engage with technology teams as both advisor and contributing team member to enable building security into complex systems across the entire enterprise (from design through deployment and use), including conducting security architectural reviews.
- Provide clear architectural blueprints to projects about information security architecture and cloud risk management.
- Coordinate and guide the response to security vulnerabilities that are reported by 3rd party researchers or customers against digital assets.
- Work closely with other security professionals in Information Security or other groups at Bose to execute key functions such as secure code signing, secure manufacturing, and secure digital operations.
- Keep abreast of advances in secure system design and development practices, threats and threat actors, and new attack techniques or areas of security research, and provide guidance to the technology organizations to help them avoid or mitigate future security concerns.
- Contribute to the Bose risk register and risk management process.
- Participate as a senior contributor to the broader Bose information security program, representing security architecture and connecting it into the overall security framework and program.
- Provide application and infrastructure security related coaching and mentoring to elevate security expertise of DevOps teams.
- Direct, hands-on experience designing and implementing security solutions on AWS cloud and one or more of the major cloud platforms (Azure, Google Cloud Platform, Ali Cloud).
- Secure software / systems development lifecycle experience (e.g. Microsoft SDL, OpenSAMM, CMMI-Dev+Secure);
- Demonstrable knowledge and experience in one or more of the following areas:
- System Security Engineering
- Cloud security
- Secured Software Development Lifecycle
- Security Testing / Penetration Testing
- Mobile Application Security
- Experience leading secure architecture, design, and code reviews.
- Experience coding in Java, Python, or Go, and at least one scripting language.
- Knowledge of developer tools and environments, project management and bug tracking systems.
- Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing etc.
- Knowledge of web, mobile, API, Microservices, network and security architectures and design patterns.
- Familiarity with security vulnerability detection and security test automation tools such as Qualys, Nessus, Burp Suite, Metasploit, and Klocwork.
- Security Certifications: Certified Software Security Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP) certification, or equivalent certification
- One or more of the following certifications, or equivalent expertise and experience: AWS Certified Solutions Architect Professional, Microsoft Certified Azure Solutions Architect Expert, GCP Professional Cloud Security Engineer.
- Experience in Waterfall, Agile, DevOps, and/or V-Model development methodologies
- Experience using CIS Security benchmarks or US DISA Security Technical Implementation Guides
- Teaching or technical consultation experience desirable
- Experienced and comfortable making risk-based recommendations and judgments.
- Excellent written and verbal communication skills; must understand and be able to deliver security concepts and challenges to various levels within the organization (e.g. system admins, developers, program management, business leaders).