Cyber Security Architect
Company: VanderHouwen
Location: Portland
Posted on: August 7, 2022
|
|
Job Description:
Cyber Security Architect Responsibilities Determine security
requirements by evaluating business strategies, researching cyber
security standards, conducting risk assessments, and identifying
integration issues.Train, and mentor Information Security team,
guaranteeing a high level of understanding among entire
team.Evaluate existing security strategies and implement
improvements.Lead Information Security contributions in evaluation
of new application features and Architecture Review Board. Provide
input on security requirements to be included as a part of
technology and service procurement activities, promote awareness of
security issues with focus on app security and promoting the
program.Create system reports for presentation with board members
and SMT.Ensure and assist with the proper deployment and management
of solutions that support information security including
vulnerabilities management, vendor management, application security
(code/platform), AV/malware detection, coding and code review, IAM,
orchestration, intrusion detection and prevention systems, WAF/
firewalls, and other security solutions.Provide accurate and timely
support of security tools, network-based security configurations,
and appliances. Monitor/tune logging, monitoring, firewall, and
vulnerability assessment tools.Generate reports and track
remediation items for events and alarms triggered within the
monitoring and assessment tools.Research and evaluate current or
emerging security technologies to support organizational cyber
security objectives. Evaluate, recommend, and integrate new
security technology and tools by conducting feasibility studies and
proof of concepts.Ensure that acquired or developed systems and
architectures are consistent with the organization's security
architecture guidelines.Design and document executable steps to
enable consistency and sustainability of actions, with a particular
focus on enabling through automation.Enforce compliance with all
processes, procedures, and standards applicable to the position
including (but not limited to): HIPAA/HITECH, COBIT, ISO 27001,
NIST 800-53, SOC 2, SOC 3, etc.Ownership of and maintaining a
Security Awareness Program with automated tasks, integration with
email and SSO.Ability to work a 24 x7 on-call schedule.Complete all
other duties as assigned.
Cyber Security Architect QualificationsAdministration and hardening
of Linux/UNIX systems.Administration and hardening of Windows
server and client systems including Active Directory and related
components.Administration and hardening of cloud environments such
as AWS or Azure.IDS/IPS, WAF, NetFlow, and protocol collection and
analysis tools.DNS security.DLP concepts and tooling.Identity and
Access Management concepts and tooling.Working knowledge of TCP/IP
or OSI network protocol stack, including major protocols such as
IP, ICMP, TCP, UDP, SMTP, HTTP, and SSH.Working knowledge of
popular cryptographic algorithms and protocols such as RSA, SHA,
Kerberos, and TLS.Experience administering and automating
centralized logging architectures and SIEM tools.Static and dynamic
code review tooling.OWASP security concepts.Experience with
vulnerability assessment and penetration testing tools.Experience
with programming and scripting languages and text manipulation
tools (RegEx, Java/PHP, Python, Powershell).Knowledge of Automation
techniques (Terraform, Jamf, GPO, SSCM).Strong problem-solving
skills and ability to work under pressure with limited
supervision.Ability to lead the definition of project plans and
projects.Strong ability to multi-task and prioritize multiple
projects.Be a team leader and facilitate brainstorming sessions.5
years of related Information Security experience.2 years of
relevant Information Technology experience (such as system admin or
network engineering).Specific experience within some, or all, of
the following: application security architecture, computer
networking, cryptography, security engineering and architecture,
programming, vulnerability assessments, and operating
systems.Configuration of SIEM tools including log aggregations,
alarm management, and integration into an incident management
process.Administration of a vulnerability scanning tool for both
internal and external scans. Includes experience managing scan
results and driving resolution within multiple organizations.
Preferred Experience & EducationWorking knowledge of security best
practices and standards such as ISO27001, HIPAA/HITECH, HITRUST
CSF, NIST 800-53.Previous Healthcare industry experience.4 year
degree in Computer Science, Information Security, or related
field.Experience automating recovery or investigation activities
using a scripting language such as PowerShell, Python,
etc.Experience running projects including setting meetings and
managing action items.Experience working with external auditors as
well as executing tasks related to internal audits.Administration
experience in an Active Directory based identity environment
including experience integrating Active Directory with SSO tooling
(Okta, Ping Identity, etc).Configuration and operation of tooling
to support a Vendor Management process (OneTrust, TrustARC, etc).
Design and maintenance of questionnaire forms in the tool as well
as ability to process results and assess risk of vendor
responses.Experience designing, executing, and reporting on
security awareness programs including simulated phishing
attacks.Knowledge of Intrusion Detection and/or Intrusion
Prevention Systems. Experience scoping, implementing, and
maintaining.Experience working with security tooling in public
cloud environments (AWS, Azure).Experience with Identity and Access
Management concepts and tooling (Cyberark, Thycotic, Sailpoint,
LDAP, AD).
Keywords: VanderHouwen, Portland , Cyber Security Architect, Professions , Portland, Oregon
Click
here to apply!
|