Description

The Security Architect, Cloud will provide technical leadership, design, implementation, integration, and oversight of the Firm’s cloud-based security solutions and systems, with an emphasis on securely facilitating business operations. The Security Architect, Cloud will utilize an extensive IT background, advanced security knowledge, an appreciation for compliance and risk management principles, and excellent communication skills to develop and promote effective and sustainable solutions; educate constituents and champion such solutions directly and in concert with Firm leadership. The Security Architect, Cloud will protect the confidentiality, integrity, availability, and recoverability of information, systems and facilities in compliance with organizational policies and standards; and seek continual improvement and growth relative to a cloud capability maturity model (CMM).

Responsibilities:

  • Provide advanced technical support of key cloud security systems and technologies, such as CASB, IAM/MFA/PIM, and AWS/Microsoft/Google, including development and maintenance of supporting tools, scripts, dashboards, and metrics
  • Architect, implement, and support event management and logging solutions identified as necessary for the protection of Firm assets
  • Integrate and connect disparate systems to achieve synergistic incident detection, reporting, and response outcomes
  • Seek new opportunities for the application of SOAR technologies, principles, and concepts across technical teams, processes, and systems
  • Provide input, create documentation, and review information security policies and procedures
  • Utilize common security toolsets (SIEM, IAM MDM, CASB, etc) to identify issues and analyze compliance with existing policies and procedures
  • Monitor control systems to ensure that appropriate information access levels and security clearances are maintained
  • Stay abreast of the threat, capability, and technology landscape
  • Participate in the definition of the organization’s IT disaster recovery and continuity plans for cloud security systems
  • Serve as an internal information security consultant and mentor regarding cloud security event concepts to the Security Team and other constituents by monitoring information security technologies and trends, providing expert guidance, and assisting with knowledge development/mentoring activities
  • Serve as a 3rd-level support resource for the purposes of ticket resolution and change management activities
  • Analyze, recommend, and implement controls as determined necessary by management
  • Support Firm standard security applications, utilities, and processes. Utilize remote control and remote access software in the performance of duties
  • Critically analyze proposed and existing solutions for adherence to the Firm's design requirements, including requirements resulting from the ISMS Policy, client contracts, the regulatory environment, and professional obligations
  • Provide expert counsel to constituents regarding their information security obligations and facilitate an acceptable outcome based upon the tenets of the Firm's Risk Management Framework

Skills and Experience:

  • Computer Science Bachelor’s degree or substantial equivalent experience
  • Extensive experience with advanced information IT and security systems, including TCP/IP networking, scripting, and incident handling
  • Strong experience of designing and implementing cyber security solutions in a large enterprise
  • Good demonstrable experience managing Microsoft Azure cloud platforms
  • Some exposure to AWS and/or Google cloud platforms
  • Experience of using scripts or other development tools to automate and integrate diverse systems
  • Proven experience acting in a security advisory capacity to multiple constituencies
  • CCSP and CCSK preferred
  • Experience of Microsoft Azure Cloud Architect or Engineer is preferred
  • Experience of CISSP, SSCP, CRISC, or CGEIT would be beneficial
  • Expert knowledge of key Microsoft cloud technologies, including Azure: MFA, Advanced Threat Protection, Cloud App Security, Key Vault, AD, storage, monitoring, access control, policy management, and Resource Manager
  • Familiarity with common cloud automation, management, and deployment tools such as Pivotal, Jenkins, Ansible, Docker, Kubernetes, etc.
  • Expertise with integrating and deploying IAM solutions for both cloud and on-prem scenarios
  • Authoritative knowledge and experience with cloud deployment and integration activities
  • Working knowledge of information security frameworks such as ISO27001, NIST, and CIS
  • Authoritative understanding of security threats, qualitative and quantitative risk valuation models, and effective tools, tactics, and techniques for risk reduction
  • Working knowledge of SOAR concepts and toolsets, including how to architect, automate, and integrate cloud systems with logging, event correlation, and incident response platforms
  • Authoritative understanding of data communications and information systems hardware, software, and design principles, such as VPN, segmentation, WAF, access control, CASB, etc
  • Working knowledge of the principles, theories, techniques, and methods of information system analysis and programming, particularly secure coding practices
  • Working knowledge of encryption technologies and standards, both at-rest and in-flight
  • Expert analytical skills, including the gathering and analyzing of facts, formulating objective conclusions modified by subjective and experience-based qualifiers when appropriate, defining problems, and promoting solutions
  • Ability to adapt, integrate, and modify existing programs or vendor-supplied package programs for use with existing information systems
  • Proficient in oral and written English
  • Ability to be productive and maintain focus without direct supervision