Job Title: Security Architect II
Location: Phoenix, Arizona – Cityscape
We are currently seeking a Security Architect for our client. The Security Architect proactively drives the architecture, design, standards and lifecycle management of our security infrastructure and cloud security services. Working within the architecture team this individual will actively develop a sustainable security architecture in support of business goals. This role requires a vision that will drive the evolution of our security architecture as we grow while working hands-on to ensure that vision is implemented.
Planning and Design Activities
- Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
- Develops and maintains security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects.
- Determines baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM)
- Develops standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria
- Drafts security procedures and standards to be reviewed and approved by executive management
- Tracks developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
- Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
- Validates security configurations and access to security infrastructure tools and vendor provided security services
- Conducts or facilitates threat modeling of services and applications that tie to the risk and data associated with the service or application
- Coordinates documentation data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
- Develops and maintains network segmentation to ensure least privilege for network access
- Supports the testing and validation of internal security controls for assessment and Risk Control Self Assessments
- Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics
- Liaises with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data
- Evaluates the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assesses the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the CISO and vendor management teams
- Liaises with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs
- Participates in application and infrastructure projects to provide security-planning advice
Required Skills/ Qualifications
- 8 years’ SME level work experience in related areas of Information Security Architecture, Security Design, Information Technology
- Bachelor's in computer science, information systems, cybersecurity or a related field or equivalent experience.
- Experience in using architecture methodologies such as TOGAF and COBIT Framework for Security Services.
- Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, web proxy services, web application firewalls (WAFs), Network Access Control (NAC) and cloud managed security services.
- Direct, hands-on experience or a strong working knowledge of vulnerability patching processes and procedures.
- Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
- Experience designing the deployment of applications and infrastructure into public cloud services.
- Full-stack knowledge of IT infrastructure
- Direct experience designing IAM technologies and services
- Strong working knowledge of IT service management
Heitmeyer Consulting is an equal opportunity employer and we encourage all qualified candidates to apply. Qualified applicants will be considered without regard to minority status, gender, disability, veteran status or any other characteristic protected by law.