Security Architect
Apply on
Role: Security Architect
Location: 100% Remote
Duration: 12 month(s)+
Experience and Skills Required:
Contributes to and maintains security strategies, requirements, and standards for applications and platforms. Provides in depth Technical Security guidance as the Security Subject Matter Experts (SME) for various technologies and project areas, with a heavy focus on API integration and tokenization. Ensures company security policies, standards and industry standards are communicated to program teams during the Software Development Life Cycle (SDLC) process. Able to identify gaps and work with project teams to improve security while retaining time to market, functionality and scalability. Reviews and approves Security Accreditation tasks during each of phase of SDLC. Serves as point of escalation for security issues and risks that may arise. Has a broad knowledge in areas of Security such as Cloud Computing, Application, IAM, Cryptography, Infrastructure, and Risk.
CANDIDATE PROFILE
- 7+ years overall Information Technology experience with:
- 5+ years of Information Security experience in security engineering with experience in three or more of the following areas
- Conducting security reviews and identifying risks and gaps
- Performing security accreditations
- Developing security architectures and strategies
- Developing Enterprise security patterns
- Working with development teams and vendor teams for implementing compensating controls
- Experience in reviewing and developing Security Architectures and identifying security risks/gaps as well as mitigation strategies.
- Strong experience in APIs, integrations, and tokenization. This role requires SME level knowledge for these technologies.
- The security architect should have 3+ years combined experience in five or more of the following areas:
- Full-stack knowledge of IT infrastructure:
- Applications
- Databases
- Operating systems Windows, Unix, and Linux
- IP networks WAN and LAN
- Backup networks and media
- Containers/Kubernetes and microservices
- Cryptography and current cryptographic standards, including PKI
- Direct, hands-on experience or a strong working knowledge of vulnerability management tools
- Working knowledge of the OWASP Top 10