Remote Cyber Security Architect

The Remote Security Architect is a senior-level role within the cybersecurity team responsible for designing and implementing  cybersecurity architecture, solutions, and controls. This role plays a critical role in ensuring the confidentiality, integrity, and availability of the systems, networks, and data. This position can be remote.  It will be hybrid if within driving distance of an Operations Center.

ESSENTIAL FUNCTIONS:

Security Architecture Design

• Develop and maintain digital security architecture, including the design principles, standards, and guidelines that govern the implementation of security controls. 

• Collaborate with stakeholders, such as business units, IT teams, and senior management, to understand business requirements and translate them into effective security architectures. 

• Define and document security architecture blueprints, patterns, and reference architectures that guide the implementation of security controls

Security Solutions Design and Implementation 

• Design and implement security solutions, technologies, and tools to protect  systems, networks, and data. 

• Collaborate with other teams, such as network engineering, system administrators, and application developers, to ensure that security controls are embedded throughout the technology stack. 

• Evaluate and select appropriate security products and technologies based on industry best practices, organizational needs, and emerging threats. 

Secure Development Lifecycle (SDLC)

• Collaborate with software development teams to integrate security into the software development lifecycle. 

• Define secure coding practices, standards, and guidelines to ensure that applications are developed with appropriate security controls. 

• Conduct secure code reviews and application security testing to identify and remediate security vulnerabilities. 

Security Assessments and Reviews

• Conduct security assessments and reviews of existing systems, networks, and applications to identify vulnerabilities, weaknesses, and areas of improvement. 

• Perform threat modeling exercises to assess the potential impact of identified threats and develop appropriate countermeasures. 

• Collaborate with other teams to address identified security issues and ensure that necessary security controls are implemented. 

Security Standards and Compliance

• Stay abreast of industry security standards, regulations, and compliance requirements (e.g., PCI-DSS, HIPAA, GDPR)

• Ensure that security solutions and practices align with applicable standards and compliance frameworks. 

• Collaborate with the Security Governance and Risk Management team to support compliance audits and assessments. 

Security Incident and Event Management 

• Collaborate with the Cybersecurity CERT team to ensure that security events and incidents are properly detected, analyzed, and responded to. 

• Provide support during security incidents by analyzing and mitigating security-related incidents, conducting forensic investigations, and implementing necessary remediation measures. 

• Develop incident response plans and playbooks that guide response to security incidents. 

Vendor and Technology Evaluation

• Evaluate and assess the security posture of potential vendors and technologies to ensure that they meet security requirements. 

• Conduct security assessments of third-party vendors, review their security policies and practices, and make recommendations for vendor selection or risk mitigation. 

Education/Experience: 

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field (or equivalent work experience). 

• 3-5 years in a security architecture role, demonstrating expertise in designing and implementing security solutions.

• Professional certifications such as CISSP, CISM, CCSP, or equivalent are highly desirable.

Competencies (as demonstrated through experience, training, and/or testing):

• Strong knowledge of security architectures, principles, frameworks, and best practices. 

• Hands-on experience with security technologies and tools, such as firewalls, intrusion detection/prevention systems, identity and access management, encryption, and vulnerability assessment tools. 

• Familiarity with secure software development lifecycle (SDLC) practices and secure coding principles. 

• Understanding of network and systems architecture, including cloud platforms, virtualization, and containerization technologies.