Cyber Security Architect

Company: VanderHouwen
Location: Portland
Posted on: August 7, 2022

Job Description:

Cyber Security Architect Responsibilities Determine security requirements by evaluating business strategies, researching cyber security standards, conducting risk assessments, and identifying integration issues.Train, and mentor Information Security team, guaranteeing a high level of understanding among entire team.Evaluate existing security strategies and implement improvements.Lead Information Security contributions in evaluation of new application features and Architecture Review Board. Provide input on security requirements to be included as a part of technology and service procurement activities, promote awareness of security issues with focus on app security and promoting the program.Create system reports for presentation with board members and SMT.Ensure and assist with the proper deployment and management of solutions that support information security including vulnerabilities management, vendor management, application security (code/platform), AV/malware detection, coding and code review, IAM, orchestration, intrusion detection and prevention systems, WAF/ firewalls, and other security solutions.Provide accurate and timely support of security tools, network-based security configurations, and appliances. Monitor/tune logging, monitoring, firewall, and vulnerability assessment tools.Generate reports and track remediation items for events and alarms triggered within the monitoring and assessment tools.Research and evaluate current or emerging security technologies to support organizational cyber security objectives. Evaluate, recommend, and integrate new security technology and tools by conducting feasibility studies and proof of concepts.Ensure that acquired or developed systems and architectures are consistent with the organization's security architecture guidelines.Design and document executable steps to enable consistency and sustainability of actions, with a particular focus on enabling through automation.Enforce compliance with all processes, procedures, and standards applicable to the position including (but not limited to): HIPAA/HITECH, COBIT, ISO 27001, NIST 800-53, SOC 2, SOC 3, etc.Ownership of and maintaining a Security Awareness Program with automated tasks, integration with email and SSO.Ability to work a 24 x7 on-call schedule.Complete all other duties as assigned.
Cyber Security Architect QualificationsAdministration and hardening of Linux/UNIX systems.Administration and hardening of Windows server and client systems including Active Directory and related components.Administration and hardening of cloud environments such as AWS or Azure.IDS/IPS, WAF, NetFlow, and protocol collection and analysis tools.DNS security.DLP concepts and tooling.Identity and Access Management concepts and tooling.Working knowledge of TCP/IP or OSI network protocol stack, including major protocols such as IP, ICMP, TCP, UDP, SMTP, HTTP, and SSH.Working knowledge of popular cryptographic algorithms and protocols such as RSA, SHA, Kerberos, and TLS.Experience administering and automating centralized logging architectures and SIEM tools.Static and dynamic code review tooling.OWASP security concepts.Experience with vulnerability assessment and penetration testing tools.Experience with programming and scripting languages and text manipulation tools (RegEx, Java/PHP, Python, Powershell).Knowledge of Automation techniques (Terraform, Jamf, GPO, SSCM).Strong problem-solving skills and ability to work under pressure with limited supervision.Ability to lead the definition of project plans and projects.Strong ability to multi-task and prioritize multiple projects.Be a team leader and facilitate brainstorming sessions.5 years of related Information Security experience.2 years of relevant Information Technology experience (such as system admin or network engineering).Specific experience within some, or all, of the following: application security architecture, computer networking, cryptography, security engineering and architecture, programming, vulnerability assessments, and operating systems.Configuration of SIEM tools including log aggregations, alarm management, and integration into an incident management process.Administration of a vulnerability scanning tool for both internal and external scans. Includes experience managing scan results and driving resolution within multiple organizations.
Preferred Experience & EducationWorking knowledge of security best practices and standards such as ISO27001, HIPAA/HITECH, HITRUST CSF, NIST 800-53.Previous Healthcare industry experience.4 year degree in Computer Science, Information Security, or related field.Experience automating recovery or investigation activities using a scripting language such as PowerShell, Python, etc.Experience running projects including setting meetings and managing action items.Experience working with external auditors as well as executing tasks related to internal audits.Administration experience in an Active Directory based identity environment including experience integrating Active Directory with SSO tooling (Okta, Ping Identity, etc).Configuration and operation of tooling to support a Vendor Management process (OneTrust, TrustARC, etc). Design and maintenance of questionnaire forms in the tool as well as ability to process results and assess risk of vendor responses.Experience designing, executing, and reporting on security awareness programs including simulated phishing attacks.Knowledge of Intrusion Detection and/or Intrusion Prevention Systems. Experience scoping, implementing, and maintaining.Experience working with security tooling in public cloud environments (AWS, Azure).Experience with Identity and Access Management concepts and tooling (Cyberark, Thycotic, Sailpoint, LDAP, AD).

Keywords: VanderHouwen, Portland , Cyber Security Architect, Professions , Portland, Oregon