Security Architect/Manager

Pyramid Consulting, Inc
Bethesda, MD
Nov 29, 2022
Dec 01, 2022
Full Time
Title: Security Architect/ManagerLocation: MD; Bethesda (100% remote)Duration: 12 months contract with extension JOB SUMMARY:Develops and maintains security strategies, requirements, and standards for applications and platforms. Provides in-depth Technical Security guidance as the Security Subject Matter Expert (SME) for various technologies and project areas. Ensures company security policies, standards and industry standards are communicated to program teams during the Software Development Life Cycle (SDLC) process. Able to identify gaps and work with project teams to improve security while retaining time to market, functionality, and scalability. Reviews and approves Security Accreditation tasks during each phase of SDLC. Serves as a point of escalation for security issues and risks that may arise. Has broad knowledge in areas of Security such as Cloud Computing, Application, IAM, Cryptography, Infrastructure, and Risk.CANDIDATE PROFILEEducation and ExperienceRequired:* Bachelor's or master's degree in computer science, information systems, cybersecurity or a related field or equivalent experience/certification.* 5+ years of Information Security experience in security engineering with experience in three or more of the following areaso Conducting security reviews and identifying risks and gapso Performing security accreditationso Developing security architectures and strategieso Developing Enterprise security patternso Working with development teams and vendor teams for implementing compensating controls* Experience in reviewing and developing Security Architectures and identifying security risks/gaps as well as mitigation strategies* The security architect should have 3+ years combined experience in five or more of the following areas:o Full-stack knowledge of IT infrastructure:ApplicationsDatabasesOperating systems - Windows, Unix, and LinuxIP networks - WAN and LANBackup networks and mediaContainers/Kubernetes and microserviceso Cryptography and current cryptographic standards, including PKIo Direct, hands-on experience or a strong working knowledge of vulnerability management toolso Working knowledge of the OWASP Top 10Preferred:* Strong working knowledge of IT service management (eg, ITIL-related disciplines):o Change managemento Configuration managemento Asset managemento Incident managemento Problem management* Ability to provide Security Requirements for areas including but not limited to; Cloud Computing, Application Development, IAM, Cryptography, and Infrastructure design and standards* Ability to understand large complex integrated solutions and provide the security needed between systems* Experience in developing Enterprise Security Strategies.* Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services* Experience designing the deployment of applications and infrastructure into internal, hybrid, and public cloud services* Ability to conduct independent research* Strong abilities and experience in documentation and written communication for diverse audiences* Experience working with diverse and distributed global teams.* Current information security certification(s), such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISC2 Certified Cloud Security Professional (CCSP), GIAC certifications, ITIL* Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE Telecommunication&CK & CAPAC, STRIDE, NIST 800-53, CIS Benchmarks, etc.* Knowledge of securing technologies such as, but not limited to; SaaS services (ie, O365, Salesforce), Application Design, Container Platforms (ie. Docker, Kubernetes), APIs, Serverless, Network Infrastructure, Operating Systems, Identity and Access Management* Knowledge of SDLC (Waterfall/Agile), DevSecOps, and good understanding of the ITIL Framework* Knowledge of SAFe Agile Methodologies* Strong negotiating, influencing and problem resolution skills* Ability to effectively prioritize and execute tasks in a high-pressure environment* Ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of actionCORE WORK ACTIVITIESStandards & Business Partnership* Contributes to, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization's information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.* Defines strategy and roadmap, provides guidance, creates standards and guidelines, and reviews architectural designs. Ensures standards and guidelines incorporate legal and regulatory requirements.* Conducts security and privacy technology research, assessments, and integration processes; provides and supports a prototype capability and/or evaluates its utility* Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards* Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain* Applies knowledge of priorities to define an entity's direction and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements* Works with the Security Architect Analysts to monitor ongoing project activities, intake of new projects and monitoring of the Security Engagement Process including but not limited to: Data Classification, Security Controls, Threat Models, Architecture Review Boards, Authority to OperateMANAGEMENT COMPETENCIESLeadership* Communication - Conveys information and ideas to others in a convincing and engaging manner through a variety of methods.* Leading Through Vision and Values - Keeps the organization's vision and values at the forefront of employee decision making and action.* Managing Change - Initiates and/or manages the change process and energizes it on an ongoing basis, taking steps to remove barriers or accelerate its pace; serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges.* Problem Solving and Decision Making - Identifies and understands issues, problems, and opportunities; obtains and compares information from different sources to draw conclusions, develops and evaluates alternatives and solutions, solves problems, and chooses a course of action.* Professional Demeanor - Exhibits behavioral styles that convey confidence and command respect from others; makes a good first impression and represents the company in alignment with its values.* Strategy Development - Develops business plans by exploring and systematically evaluating opportunities with the greatest potential for producing positive results; ensures successful preparation and execution of business plans through effective planning, organizing, and on-going evaluation processes.Managing Execution* Building a Successful Team - Uses an effective interpersonal style to build a cohesive team; inspires and sustains team cohesion and engagement by focusing the team on its mission and importance to the organization.* Strategy Execution - Ensures successful execution across of business plans designed to maximize customer satisfaction, profitability, and market share through effective planning, organizing, and on-going evaluation processes.* Driving for Results - Sets high standards of performance for self and/or others; assumes responsibility for work objectives; initiates, focuses, and monitors the efforts of self and/or others toward the accomplishment goals; proactively takes action and goes beyond what is required.Building Relationships* Customer Relationships - Develops and sustains relationships based on an understanding of customer/stakeholder needs and actions consistent with the company's service standards.* Global Mindset - Supports employees and business partners with diverse styles, abilities, motivations, and/or cultural perspectives; utilizes differences to drive innovation, engagement and enhance business results; and ensures employees are given the opportunity to contribute to their full potential.* Strategic Partnerships - Develops collaborative relationships with fellow employees and business partners by making them feel valued, appreciated, and included; explores partnership opportunities with other people in and outside the organization; influences and leverages corporate and continental shared services and/or discipline leaders (eg, HR, Sales & Marketing, Finance, Revenue Management) to achieve objectives; maintains effective external relations with government, business and industry in respective countries; performs effectively as a liaison between locations, disciplines, and corporate to ensure needed resources are received and corporate strategies are understood and executed.Generating Talent and Organizational Capability* Developing Others - Plans and supports the development of others' skills and capabilities so that they can fulfill current or future job/role responsibilities more effectively; provides high visibility to individuals with potential; offers challenging assignments that build confidence and credibility and provides such individuals with a personal vision for their future.* Organizational Capability - Evaluates and adapts the structure of assignments and work processes to best fit the needs and/or support the goals of an organizational unit.Learning and Applying Professional Expertise

Similar jobs