01 Mar
Security Architect
Vacancy expired!
Tabner Inc is looking for a Security Architect and below is the Job description.
Responsibilities:- Lead and/or contribute to security design of various Cloud and Mobile applications and environments, at both application level as well as the virtual infrastructure level.
- Collaborate with other teams and departments to fit security requirements with other constraints, such as business requirements or technology limitations.
- Educate and mentor project team members in areas of security best practice and company security policies.
- Create and maintain architecture design artifacts such as diagrams and documentation.
- Interpret output of activities such as penetration tests and application security scans, translating into actionable remediation requirements.
- Maintain and expand knowledge of best practices and emerging trends in both general information security as well as key specialty areas such as cloud and mobile security.
- Provide feedback and approval for system and application designs and architectures as relates to adherence to security principles and company security policies.
- Plan and implement proof-of-concept, pilots, and reference architectures.
- Other duties as assigned - we operate a small team and require flexibility and adaptability from everyone.
- 10+ years of experience; Security Architecture, Security Operations, Forensics, Data Security/Privacy, Automotive Cybersecurity, Auditing.
- Bachelor’s Degree or a combination of formal education and work experience equaling a Bachelor’s Degree.
- Certified Information Security System Professional (CISSP) or other relevant certification, Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH)
- Background in securing services, and/or architecting separation controls in various systems.
- Strong experience with design tools and architecture design concepts.
- Work with development and operations team to implement security strategies.
- Excellent verbal, written, presentation and other interpersonal communication skills-ability to convey complex technical concepts effectively to a variety of audiences to effectively convey goals and initiates to staff and management.
- Solid analytical/problem solving skills with capability to identify solutions to unusual and complex problems.
- Excellent planning and organization, project management, time management skills, outstanding team, collaboration skills.
- Ability to inform, educate and influence managers and employees to support goals and initiatives.
- Ability to work independently with minimal supervision.
- Conceptual thinking skills.
- Knowledge of Security Assessment and Authorization process.
- Influencing and negotiation skills.
- Proven experience leading development teams (design-implementation).
- Acted as development mentor to technical teams.
- Experience leading technical troubleshooting including bug fix remediation.
- Outstanding team and collaboration skills.
- Ability to work independently with minimal supervision.
- Integration - joining people, processes or systems.
- Background in securing cloud systems in theory and practice, including security architecture design concepts.
- Understanding of DevOps principles and "shift left" philosophy.
- Strong experience with common web application security concepts, such as the OWASP Top 10, and their practical implementation.
- Experience with multi-factor authentication, single sign-on, identity management and related technologies.
- Experience with vulnerability management methodologies and implementations.
- Solid understand of intrusion detection and prevention solutions and techniques.
- Experience with encryption technology and industry best practices for practical implementation.
- Understanding of application development secure coding techniques.
- Hands-on experience implementing modern security architectures.
- Knowledge and practical experience of TCP/IP networking fundamentals and related network security concepts.
- Solid analytical/problem solving skills with capability to identify solutions to unusual and complex problems.
- Excellent planning, organization, and time management skills.
- Ability to inform, educate and influence managers and employees to support goals and initiatives.
- Ability to work independently with minimal supervision.
- Excellent verbal, written, presentation and other interpersonal communication skills.
- Ability to convey complex technical concepts effectively to a variety of audiences.
- Security architecture such as NG Firewalls, IDS/IPS FireEye.
- Knowledge of cryptography and cryptographic key management concepts.
- Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
- Authentication/Authorization (Single Sign On, SAML, OAuth).
- Experience with multiple security technologies such as Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, CASB, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies.
- Experience in implementation methodologies of enterprise architecture.
- Software Development Life Cycle (SDLC) understanding and experience.
- Security Certified Network Architect (SCNA), CISSP, CEH.
- Experienced with IAM technologies Oracle IAM, SailPoint IGA, PAM, API Management, GRC Tools, OpenSSO, Active Directory/ADAM, Role Based Access, and CyberArk.
- Knowledgable in vulnerability management, pen testing, compliance with HIPAA, HITRUST, SOC II Type 2, other frameworks.
- Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
Vacancy expired!