Information Security Architect

Reputationcom   •  

Tempe, AZ

Industry: Technology

  •  

8 - 10 years

Posted 39 days ago

Responsibilities:

  • Contribute to the security planning, assessment, risk analysis, risk management, and awareness activities for systems and platforms
  • Identify and document information security controls and patterns that support risk assessments and the development of secure architectures
  • Integrate security requirements into technology lifecycle management and contributes to multiple large, complex application projects with cross functional teams and business users
  • Responsible for threat analysis of architecture, design and development for critical solutions
  • Provide cross-functional and operational support to analyze and resolve key security vulnerabilities
  • Analyze and recommend strategy and direction to mitigate security risks within the across the organization
  • Responsible for security of SaaS Infrastructure including network
  • Identify security related gaps/deficiencies and formulate remediation plan and drive resolution
  • Perform Security Audits, Penetration Testing (Applications and OS), Vulnerability Scanning and Management
  • Advise project/products teams on security design, network, system hardening and implementation
  • Assist in reviewing third party services for security for compliance and security posture
  • Assist in the Risk Analysis/Management process
  • Assist in the development of policies and procedures which enable best practices in security for the organization
  • Helps Coordinate responses to information security incidents.
  • Coordinates and executes security architectures around IT and security projects
  • Participates in company-wide data classification assessment and security audits and manage remediation plans
  • Assists in the management and maintenance of user security awareness training
  • Is an escalation point and provides on-call support as required to assist in security related incidents as per the Incident Response Plan
  • Provides security positioning statements and consultation as it relates to company and SaaS environment for RFP's and Sales opportunities
  • Manages security tools, hardware and vulnerabilities scanning tools to ensure they meet compliancy requirements

Qualifications:

  • 8+ years of experience in creating and managing enterprise information security architectures and solutions across multiple disciplines (network, cloud, endpoint, software development, etc.)
  • Experience with the software development lifecycle (SDLC) of enterprise applications deployed in a multi-tier environment.
  • Working knowledge and experience with Web Application Security and addressing security vulnerabilities
  • Demonstrated experience designing, implementing and analyzing large-scale web-based client/server applications with a focus on security, performance and scalability, reliability, stability and ease of deployment.
  • Solid understanding of security protocols, cryptography, key management, authentication, authorization
  • Experience implementing multi-factor authentication, single sign-on (SSO), identity access management (IAM) or related technologies
  • Ability to work on complex technical problems and provide solutions that are highly innovative
  • Demonstrated experience supporting Web application security "best practices", including the OWASP top ten and CWE/SANS Top 25, security risks and performing DAST vulnerability testing.
  • Experience with SAST tools such as Veracode, Synopsis (Coverity), SonarQube etc.
  • Experience with DAST tools such as Nessus, Nexpose, QualysGuard etc.
  • Strong background and knowledge of SaaS applications, Proxy/API architecture, Cloud security
  • Strong experience with one or more security frameworks such as SOC 2, ISO 27001, NIST, CIS, HITRUST CSF
  • Familiarity with HIPAA and GDPR compliance
  • The ability to work collaboratively – to seek input and ideas from others, with a willingness to change.
  • Excellent networking knowledge (TCP/IP, firewalls, routers, etc.)
  • Advanced industry certification a plus (CISSP, CSSLP, CISM, CISA, PCIP, CEH, GCIH, GPEN, CCSK, Security+)
  • Excellent communication skills, both written and verbal