We seek an Information Security Architect to maintain and improve our security practice with system integration, software development, and application deployment pipelines.
The Information Security Architect is responsible for the definition, standardization, and reuse of practical security architecture patterns for internally developed applications, integration of third-party applications and the supporting infrastructure. This role is responsible for ensuring that solution security patterns are in alignment with Enterprise Architecture, Infrastructure, and Information Security strategies, as well as with company’s business strategies and product roadmaps.
The successful Information Security Architect will work across the global corporate organization to translate business requirements into security architectures and requirements, build security blueprints and roadmaps, provide long-range guidance on technology selection and implementation within one or more shared systems, and will assume a technical leadership and mentoring position on large development initiatives.
- Information Security Architect specializing in Sec DevOps or Dev SecOps
- More software development side not infrastructure
- Something to note: a lot of Info Sec comes from the infrastructure side/background, but they are looking for this individual to come from a Software Dev space
- Understanding of/background in software development pipelines and checkpoints (not network/server-build background)
- Not afraid to look at code
- Excellent communication skills and can adjust to different levels of customers they are speaking with
- Jump in and understand needs; ability to fit well in a collaborative environment
- Work well with the business teams to solution i.e. “We won’t be able to do that because of this risk, BUT let’s try and look at it with this angle”
- Strong understanding of secure software development practices and technologies, including vulnerability detection/identification/remediation.
- Intimate knowledge of threat modeling (OWASP, MITRE).
- General knowledge of security frameworks (ISO, NIST, HIPAA, etc.)
- Demonstrate strong business and technical skills in the planning, administration, and management of information systems, administrative and technical security controls, and security risk analysis, threat modeling and management.
- Demonstrate strong interpersonal and organizational skills; demonstrated success in working both independently and in a team environment. Above average written and oral communication skills. Demonstrated strong analytical and creative problem solving, and the ability to manage multiple and rapidly changing priorities.
- Demonstrate excellent written and oral presentation skills. Excellent facilitation, collaboration, and negotiation skills.
- Bachelor’s degree in computer science, management information systems, or related field. However, upon evaluation, equivalent related experience and/or education may be substituted for the degree.
- 8 years of Information Security experience with responsibilities spanning many Information Security disciplines.
- Previous healthcare experience, but it is more important that they fit well with the highly collaborative environment
- SAST and DAST scan tools
- GitLab; familiarity with a similar tool works as well
- Familiarity with cloud technologies – they specifically use AWS
- Experience looking at code
- At least one Information Security industry certification (e.g., CISSP, GIAC, CISM) is strongly preferred.
- Cloud security and risk assessment experience preferred.
- Experience with SAML and/or OAuth technologies a plus.