Security Architect - Information Domain - IT (8-10 yrs)
About the role-
We are looking for a technically sound Security Architect to be responsible for the design, building, testing, and implementation of security systems within our IT network. The Security Architect's responsibilities include reviewing our current security measures, recommending enhancements, identifying areas of weakness, and responding promptly to possible security breaches. You will also be responsible for conducting regular system tests and ensuring the continuous monitoring of the network's security.
To be a successful Security Architect, you should be experienced in information security and IT risk assessment, with a strong understanding of security protocols, authentication, and security. You should also possess strong interpersonal and communication skills, and be able to work with a wide variety of people.
Key technical skills include:
Eight or more years- experience in:
- Security architecture, demonstrating solutions delivery, principles and emerging technologies
- Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
- Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
- Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
- Identity and access management (IAM) - the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
Job Role :
- Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation.
- Verifies security systems by developing and implementing test scripts.
- Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
- Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
- Prepares system security reports by collecting, analyzing, and summarizing data and trends.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
- Testing the final security system and updating and upgrading it as needed.
- Establishing disaster recovery procedures and conducting security breach drills.
- Responding quickly and effectively to all security incidents and providing post-event analyses.
- Monitoring and guiding the security team, cultivating a sense of security awareness, and arranging for continuous education.
- Remaining up to date with the latest security systems, standards, authentication protocols, and products.
Experience with and knowledge of:
- VB.NET, Java/J2EE, ColdFusion, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle. These are some of the technical elements needed to build security into an organization.
- Relevant National Institute of Standards and Technology (NIST) standards. A system that is not in compliance with the standards set by NIST, along with ISO27001, COBIT and COSO (below), will lack both compliance and adequate security architecture.
- ISO27001 - specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization's risk management
- Control Objectives for Information and Related Technologies (COBIT)
- Committee of Sponsoring Organizations (COSO) of the Treadway Commission, a joint initiative to combat corporate fraud
- Windows, UNIX and mainframe