Information Security Architect

Advantage Tech is seeking candidates for an Information Security Architect for one of our clients in the Kansas City area.

 

Architects and designs technical security architectures and roadmaps of large system implementations of high complexity, involving multiple technologies, with varied scope. Designs and implements security practices in alignment with industry and organizational standards, patterns and best practices.  Develops architecture solutions that provide secure environments in support of achieving business strategies. This role requires working as part of an Information Security Architect team, sharing knowledge, skills and experience in securing and delivering security solutions in a large and complex environment which meets security and compliance requirements in-line with industry standards and benchmarks.  Senior Information Security Architects orchestrate the implementation of proposed security patterns and solutions within large sized projects, coordinating with appropriate IT service providers in the fulfillment of that architecture. Strategically plans the evolution of protective and detective threat mitigation and response capabilities to meet the ever evolving threat landscape. Partners with, establishes trust, and fosters strong relationships with a broad audience of customers, business areas, service providers, vendor partners, technical peers, senior managers and officers to create effective solutions. Ensures the delivery of effective solutions that perform as expected. Is respected as an authoritative source in multiple defined technical domains. Mentors less experienced information security staff in planning efforts. Provides consultation, and training to staff on security architecture, risk mitigation tactics, frameworks, patterns, secure software coding practices, and Internet/intranet technologies with an emphasis on cloud security technologies in a DevSecOps delivery environment. Accepts ownership for accomplishing new and different types of security challenges and requests.

 

Key Activities:

 

  • As part of a team or as an individual contributor, applies working knowledge and experience securing application environments throughout all phases of the SDLC. 

  • Able to conceptualize, develop, implement, and/or maintain a holistic view of various security control frameworks, such as NIST, FEDRAMP, AWS Well Architected Foundation, CIS and others as they relate to securing on-premises, hybrid and cloud application implementations.

  • Experience architecting secure environments supporting commercial software packages and custom developed applications in on-premises, hybrid and cloud environments.

  • Able to apply expertise in recommending remedial techniques and solutions with respect to application scan findings. 

  • Working knowledge of architecture tools to create enterprise level diagrams.

  • Working knowledge with a variety of programming languages and scripting tools

  •  Ensures that program and project level reporting information is accurate with respect to IS architecture activities.

  • Assumes the role of subject matter expert regarding IS Architecture services, security patterns, application of secure design practices, and project specific contributions and/or leadership.

  • Works with other IS Architects to create and implement appropriate metrics and reporting analytics includes regarding IS program effectiveness, project progress, and financial information relevant to measuring performance.

  • Travel is expected to be minimal (<10%).

Qualifications:

 

  • At least 10 years of progressive information technology experience directly as part of a team in an IT Architecture role with at least 5 of those years related directly focused on information security functions. 

  • Strong familiarity or hands-on experience with threat-modeling tools and techniques.

  • Bachelor’s degree specializing in Computer Science, Management Information Systems, or related field, or equivalent combination of education and related experience required.

  • CISSP Certification is required, additional relevant architecture and security certifications are highly desirable.

  • Experience interfacing with project/program management, risk management, application development, and compliance related work functions.

  • Expert knowledge of information security, IT controls, and protection strategies is required.

  • Working knowledge in the application of risk management techniques in performance of job responsibilities.

  • Ability to understand highly complex environments, concepts, or problems from the business perspective to effectively guide the development of requirements and solutions.

  • Applies strong critical thinking, analytical, and problem-solving skills to assimilate and integrate complex technology solutions.
    Top Skillset needed in order are:
    • Cloud (any)
    • Compliance framework (NIST, PCI, HIPPA, etc.)
    • Threat Modeling
    • DevSecOps
    • Learn new things quickly and apply knowledge (example).
    • Project initiation/completion example (to show motivation level).
    • Risk prioritization example (to show how they understand how to prioritize security issues).
    • Team participation example
    • Communication (organized, presentations, documentation, diagrams, etc.
    Additional skills that would be beneficial but not required include
     Programming languages and scripting tools –
    b. Architecture tools – Identification and use of an EA tool may be an uplift for the ISA service offerings. .
    c. Secure software coding – a future proficiency need, ISA’s become proficient in working more with the EA team and SSAP program in performing software code reviews so a development background is viewed as a plus.

Certain eligibility requirements apply.

Submit Resume