The Associate Security Solution Architect provides in depth technical security guidance and is identified as the security subject matter experts (SME) for various technologies and project areas.
Responsible for creating and developing capability-focused security solution architectures that are aligned to business and technology needs.
Assists with maintaining security strategies, requirements, and standards for applications and platforms.
Ensures architectures and patterns are aligned to company security policies, standards and industry standards.
Able to identify gaps and work with project teams to improve security while retaining time to market, functionality and scalability.
Assist with any reviews and approvals for Security Accreditation tasks during each phase of SDLC.
Serves as project/program point of escalation for security issues and risks that may arise.
Has a broad and deep knowledge in security areas such as application security, IAM, infrastructure, network, and security vulnerability management.
This position may work as a dedicated embedded solution architect team member or across multiple projects/programs as may be required
CANDIDATE PROFILE
Education / Experience
Required:
Bachelor or Associates degree in computer science, information systems, cybersecurity or a related field or equivalent experience/certification.
5-7+ years of Information Technology experience including 5+ years security experience in conducting security reviews and accreditation.
2+ years experience developing Security Architectures and Solutions.
2+ years experience reviewing and identifying security risks/gaps.
The Associate Security Solution Architect must have at least two years experience with some or all of the following:
Experience in using architecture methodologies such as TOGAF, SABSA, Zachman, etc
Direct, hands-on experience or a strong working knowledge of vulnerability management tools.
Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
Experience securing CI/CD pipelines.
Experience in public cloud security such as - AWS, Azure, Alibaba Cloud, Oracle Cloud
Full-stack knowledge of IT infrastructure
Could infrastructure and technologies
Databases
Operating systems - Windows, Unix and Linux
Hypervisors
IP networks - WAN and LAN
Storage networks and technologies
Backup networks and media
Containers/Kubernetes
Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
Change management
Configuration management
Asset management
Incident management
Problem management
Additional Experience and Skills
Experience in conducting independent research
Direct interaction with cross functional, sourced, or matrixes teams
Preferred
Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
Experience in providing input to or developing Enterprise Security Strategies.
Verifiable experience reviewing application code for security vulnerabilities.
Current information security certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISACA's CISA, The Open Group's TOGAF, SANS' GAIC
Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK & CAPAC, STRIDE, CIS Benchmarks etc.
Proven ability to provide Security Requirements for areas including but not limited to; Cloud Computing, Application Development, IAM and Infrastructure.
Knowledge of how to secure technologies such as but not limited to; SaaS services (ie. O365, Salesforce), Application Design, Container Platforms (ie. Docker, Kubernetes), Serverless, Big Data, Network, Operating Systems, Identity and Access Management.
Knowledge of SDLC (Waterfall/Agile), DevSecOps and good understanding of ITIL v3 Framework.
Proficient in performing quantitative risk management analysis.
Using ServiceNow to track activities, tasks, approvals, etc.
Strong negotiating, influencing and problem resolution skills.
Proven ability to effectively prioritize and execute tasks in a high-pressure environment.
Experience in business systems and process planning.
Knowledge of business environment, service requirements and hospitality culture.
Ability to translate information security objectives into mutually beneficial business strategies for the client organizations.
Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action.