Senior Security Architect

Summary

The Senior Security Architect is a senior-level, technology-oriented role focused on safeguarding the confidentiality, integrity, and availability of information systems and data for employees, partners, and members.

---

Responsibilities

• Protect information system assets and data by identifying and addressing security risks.
• Research security controls, vulnerabilities, enterprise and cloud risks, and implement mitigation strategies.
• Reduce security threats by analyzing infrastructure, devices, and processes to identify flaws and threats.
• Lead security architecture and design across platforms, including IAM, CASB, PAM, VTM, EDR, UBA, SIEM, and more.
• Identify security risks, determine causes of violations, and implement solutions to prevent future incidents.
• Provide expertise in designing and testing cybersecurity for cloud and hybrid environments.
• Guide secure coding practices, application security requirements, and threat modeling into the SDLC.
• Manage all stages of the security incident lifecycle, including detection, triage, analysis, containment, recovery, and reporting.
• Recommend security trends, standards, and practices to address control gaps.
• Conduct cybersecurity risk assessments, compliance audits, and evaluate hardware/software for security impacts.
• Review systems, networks, and software designs for security risks; recommend and implement countermeasures.
• Collaborate with Legal, Compliance, and Procurement teams to enforce privacy and security in contracts.
• Respond to ad-hoc security consulting requests and support team security projects.
• Direct IT security policy development, operation, monitoring, and maintenance for uninterrupted IT systems.
• Participate in on-call shifts and perform duties as assigned.

---

Competencies

• Encourages and supports team success.
• Demonstrates awareness of strengths, limits, and areas for improvement.
• Shares and solicits ideas openly; communicates intentions clearly.
• Effectively manages time, anticipates obstacles, adjusts priorities, and keeps others informed of progress.

---

Minimum Education & Experience

• Bachelor’s Degree in Computer Science with at least 8 years of security experience OR
• Master’s Degree in Information Security with at least 6 years of security experience.
• 2+ years in a cloud-production environment.
• Certifications: At least two of the following: CISSP, CISA, CISM, CEH, AWS, Microsoft, MCSE (Cloud, Networking), or equivalent.

---

Technical Expertise

• Proficiency in Routing, Switching, Intrusion Detection/Prevention Systems, Firewalls, Directory Services, and Cloud Technologies.
• Experience with security tools like SAST, DAST, IAST, SCA, and frameworks such as NIST Cybersecurity, ISO 27001, and SANS Top 20.
• Knowledge of regulations including PCI-DSS, CCPA, and GDPR.
• Direct experience with technologies like Splunk or SIEM, EDR, DLP, Web Security Gateways, and Email Security.
• Expertise in application testing tools and vulnerability management.

---

Additional Skills

• Excellent written and oral communication skills.
• Strong critical thinking and analytical abilities.
• Proven ability to manage large, enterprise-level projects effectively.
• Multitasking across multiple projects and time management skills.

---