|Date Posted||October 5, 2019|
IT Security Architect
We are currently looking for an IT Security Architect to start ASAP for our client on the Southside of Jacksonville. Our client is growing/expanding and looking for an IT Security Architect to come on board for a contract to hire. Please do not apply if you are needing sponsorship OR a C2C.
- Work with minimal supervision to develop architecture solutions, standards, best practices and the governance process that enables the enterprise to develop and implement security solutions and capabilities that are aligned with business and technology strategies. This includes designing a security architecture for application development projects, infrastructure solutions projects, as well as evaluating and recommending security software and solutions.
- Develop, publish and present appropriate security architecture principles and standards, position papers, best practices, patterns, and frameworks
- Determine baseline security configuration standards for networks, operating systems, web and application stacks.
- Develop and maintain security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
- Partner with Infrastructure, Architecture and IT Operations teams to drive secure-by-design standards and practices, including baseline security configuration standards for networks, operating systems, web, and application stacks.
- Collaborate with Information Security Management to document identified issues and risks, and appropriate remediation plans.
- Bachelor's Degree in Information Technology, Information Security, Information Assurance, Information Management or equivalent related work experience
- 7+ years of experience in cybersecurity, information security, information technology, systems architecture, systems engineering
- Must have participated in developing the security technology architecture for multiple projects using industry-standard methodologies such as SABSA, Zachman and/or TOGAF
- Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, and log management technology
- Experience reviewing application code for security vulnerabilities preferred
- Direct, hands-on experience or strong working knowledge of vulnerability management tools
- Experience with and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
- Strong working knowledge of IT infrastructure, applications, databases, operating systems, hypervisors, IP networks, storage networks, backup networks, and media
- Strong working knowledge of cloud infrastructure and security best practices, such as Amazon Web Services, Microsoft Azure, etc.
- Strong working knowledge of IAM technologies and services such as Active Directory, Lightweight Directory Access Protocol (LDAP) and Amazon Web Service (AWS) IAM
- Strong working knowledge of IT service management (e.g., ITIL-related disciplines) such as Change management, Configuration management, Asset management, Incident management, Problem management
- Experience designing the deployment of applications and infrastructure into public cloud services.
- Certification in one or more security disciplines: Certified Information Systems Security Professional (CISSP), CISSP-Information Systems Security Architecture Professional (ISSAP), Certified Cloud Security Professional (CCSP)
SKILLS AND KNOWLEDGE:
- Strong team skills and ability to listen, build consensus, and collaborate with business, IT and security groups
- Strong and effective interpersonal skills with the ability to relate to all levels of management
- Excellent written and verbal communication, organizational, problem-solving, and decision-making skills
- Strong analytical and quantitative skills
- Possess strong knowledge and understanding of various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, Information Technology Architecture, Incident Response, and Information Technology Monitoring and Controls
- Strong knowledge in identifying and assessing Information Security risk and development of appropriate approaches to mitigate risk
- Good knowledge and understanding of Information Security regulatory requirements and security awareness
- Possess strong knowledge and understanding of standards and frameworks such as Control Objectives for Information and Related Technology (COBIT5), International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST) and Information Technology Infrastructure Library (ITIL) and other industry-related information security/assurance frameworks
- Familiar with a variety of the fields concepts, practices, and procedures
- Strong knowledge and understanding of Information Security risk and controls
- Strong ability to write security reports, effectively communicates security metrics concepts into business language, and present to audiences of varying technical skill levels