Senior Cloud Security Architect

Senior Cloud Security Architect

PURPOSE OF THE POSITION

Responsible for defining the Technical Security Architecture and designing appropriate measures and controls in accordance with best of breed Enterprise Architecture methodologies and frameworks. Contribute to the long-term information security strategy of the business to ensure technical security architecture supports business success.

KEY RESPONSIBILITIES AND DELIVERABLES

• A key team member on strategic or enterprise-wide technology projects or issues, develops security metrics needed to communicate capability levels when comparing different enabling technologies

• Design and develop cloud security architectures and perform architecture design reviews

• Develop service security and compliance requirements for PaaS/SaaS multi-tenant systems.

• Design and develop frameworks and solutions to secure CI/CD pipelines

• Plan and control deployment of security controls in various cloud-based systems by evaluating applicable network and application level controls; developing requirements for cloud security infrastructure components and other cloud based service models PaaS, SaaS, CaaS.
• Responsible for management and verification of deployment of new enabling technology to achieve the defined security architecture goals
• Provide Expert level view in the design and implementation of security solutions to deliver expected business outcomes in projects or other ordinary activities
• Subject matter expert for cloud security technologies and security solutions.

• Perform risk assessment of proposed and existing system architecture for compliance with security best practices, recommending technical, administrative and physical controls to mitigate identified risks

• Address the identified risks, develop and execute proposals for action/treatment plans; supervision and tracking of the remediation process.
• Determine and adjust security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues

• Leading compliance efforts based on selected industry frameworks and compliance standards, including but not limited to CSA, CIS, and ISO27017.

• Implement, maintain and improve existing industry best practices of operational security controls such as:

• Prepare and deliver training and security awareness activities to the Engineering teams

• Acquire relevant knowledge, remain up to date, attend security conferences and be involved with the security community

• Drive and lead security processes, tools, methods, and knowledge and security enhancements

COMPETENCY REQUIREMENTS

Education

• Masters Degree in Computer Science or related field

Experience

• 3+ years of experience with software security (security researcher, security engineer, security architect).
• Strong hands-on experience in either: Linux/Unix and Windows OS or Network architecture and security configurations
• Experience doing code review for configuration management tools and scripting languages

Competencies

• Knowledge of
• Infrastructure security, security SDLC, and secure SaaS practices
• Risk assessment and management, and threat modeling
• Security reviews for code/design/architecture and requirements
• Security compliance and frameworks such as CSA CCM
• Hardening procedures
• Network administration and security
• Identity management and authentication systems and protocols (Active Directory, LDAP, SAML, OAuth)
• Excellent communication skills
• Strong attention to detail
• Strong understanding of Information Security in various environments
• Demonstrated ability to assume sole and independent responsibilities
• Ability to keep track of numerous detail-intensive, interdependent tasks and ensure their accurate completion
• Very good command of English