Information Security Architect at Appian Corporation in Dhs, VA

Appian’s information security team is growing and is seeking an Information Security Architect to design, build, and support security architecture components for securing Appian’s Cloud and Corporate environments. This person will work as a subject matter expert in a dynamic information security team collaborating with other departments involving modern cloud computing technologies and multiple security frameworks.

About the Job:

• Work directly with technical teams (e.g. Engineering, Cloud, IT) to conduct secure architecture reviews and to design, analyze, and/or recommend secure infrastructure and tooling
• Lead major projects/initiatives that involve large security tool deployments or engineering efforts
• Implement hands-on infrastructure-as-code and security automation tools to secure our cloud workloads, with a preference for leveraging/creating open-source tools
• Enhance our security engineering infrastructure and systems that are continuously evaluating the threat-landscape for Appian’s operations and service offerings
• Serve as a trusted advisor and expert in security engineering domains to other teams and peers with their use of cloud computing and/or modern technologies
• Serve as a mentor to other engineers on the security team
• Contribute ideas to improve the security posture and detections in our security program
• Help shape our security detection, enrichment, and threat intelligence roadmap
• Stay knowledgeable around the cutting edge of information security, threats, tools, and techniques

About You:

• 7+ years experience with security architecture and design expertise
• 7+ years experience using various security technologies
• 5+ years of software development experience with languages such as Java, Python, Ruby, Go, etc
• 3+ years experience in SaaS, PaaS, IaaS and/or cloud infrastructure development environments (experience with Amazon Web Services is a plus)
• Experience with modern Cloud Native technologies - Kubernetes, Docker, serverless, etc.
• Experience with infrastructure-as-code, open-source security tools, and security tool development
• Experience with UNIX or its variants, such as Linux
• Expert knowledge about networking protocols and technologies - TCP/IP, DNS, SMTP, etc.
• Familiar with common security frameworks such as the Mitre ATT&CK framework and threat hunting concepts to identify IOCs
• Effective communicator of technical designs and vision verbally, visually and/or in writing for small to medium sized technical and non-technical audiences
• Track record of working in a global high-scalable environment
• Excellent at problem solving and a talent for identifying creative solutions