IT Security Architect, Cloud & Products

Job DescriptionJob Description

Title: IT Security Architect, Cloud & Products
Job Type: FTE
Location: Remote with occasional travel to Cleveland, OH

Job Summary
Wright Technical Services is proud to represent a highly respected Fortune 500 global manufacturer for this role.
This role is a strategic position designed to ensure that security is seamlessly integrated into the lifecycle of cloud infrastructure and product offerings. This role will focus on designing, reviewing, and implementing robust security solutions to protect sensitive data and business logic within a portfolio of products and software applications, including cloud-based and on-premises solutions.

The IT Cyber Security Architect works closely with cross-functional teams to achieve cyber security business objectives. This role supports the implementation of secure development practices, threat modeling, architecture, design, vulnerability assessments and security verification, as well as defining the security standards for a variety of products, cloud applications and infrastructure, security tools and processes.

Qualifications

• Bachelor's degree in Computer Science, Information Technology, or a related field, Information Technology or equivalent through certification and or training.
• CCSP (Certified Cloud Security Professional) and/or security certifications, such as CISSP, CISA, CRISC, and CISM.
• 10+ years of hands-on experience in architecting and solving challenging technical problems, preferably in a multinational corporate security environment in three or more of the following areas:
• product security () or cloud security ()
• application security
• information security
• digital platform security.
• In-depth knowledge of “Secure by Design”.
• Experience with Open Security Architecture (OSA), The Open Group Architecture Framework (TOGAF), Sherwood Applied Business Security Architecture (SABSA), SANS' GAIC.
• Understanding of industry regulatory and compliance requirements like FedRAMP, PCI-DSS, NIST, HIPAA.
• Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF.
• Core Product security and Software development background of 5+ years.
• Ability to articulate security requirements for build and delivery pipelines.
• Strong, hands-on experience in Threat Modeling and Security Architecture Reviews as per industry standards.
• Strong, hands-on expertise in Microsoft Azure, GCP, and AWS to secure cloud applications and SaaS products.
• Strong, hands-on experience in Secure SDLC, PDLC, SAST, SCA, DAST, Container Security and Penetration testing.

Description and Responsibilities

• Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
• Design and implement robust security architecture for cloud environments (AWS, Azure, Google Cloud) and product platforms and implement security solutions and capabilities that are aligned with business, technology, and threat drivers
• Collaborate with cross-functional teams to define security requirements for new and existing products or applications
• Lead threat modeling sessions to identify and mitigate potential security risks
• Perform security architecture reviews, identifies gaps in security architecture across cloud and on-premises solutions, and develops a security risk management plan
• Design and develop secure product and software architecture for various commercial products
• Develop- security product and software strategy plans and roadmaps based on sound enterprise architecture practices for all environments, including cloud and on-premise infrastructure
• Develop- and maintain- security architecture artifacts (e.g., models, templates, standards NFR's, and procedures) that can be used to leverage security capabilities in projects and operations
• Collaborate with development and operations teams to integrate security into the software and product development lifecycle (SDLC & PDLC)
• Provide guidance and training to internal teams on security best practices
• Lead security-related projects and initiatives, ensuring timely and effective delivery
• Partner with development teams to proactively communicate product security requirements and promote control frameworks to ensure secure goals are met
• Explain technical positions/risks to business leaders and business positions/risks to technical leaders to achieve appropriate security outcomes
• Coordinate- with the privacy office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
• Engage with vendors to select solutions and conducting architectural reviews of their offerings as needed
• Track- developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
• Conduct regular security assessments and audits of the platforms
• Stay current with the latest security trends, technologies, and regulatory requirements
• Serve as the primary liaison between the enterprise architect and the systems security engineer and coordinates with system owners and security engineers on the allocation of security controls as system-specific, hybrid, or common controls.

Eligibility: US Citizenship is required for this role.

Wright Technical Services and our client are Equal Opportunity Employers. We celebrate and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to , , , , , , , , or veteran status.