Senior Security Architect

Job Description:
We are seeking an experienced Information Security Architect to join our Enterprise Information Security team and be an integral part of developing our Information Security program. Working with the Chief Information Security Officer (CISO), this person will work closely with many parts of the business, including Product Engineering/Operations, IT, Support, People and Places, and Legal. The main focus will be on voicing support for security principles and creating security testing for the enterprise, implementing security technologies, building tools and integrations for the security team, and leading projects for implementing initiatives across the enterprise.
Who you're committed to being:

• A self-starter. You like to understand the desired outcome, get context, and then work steadfastly to get it done.
• A critical thinker. Weighing the tradeoffs between security risk aversion and business priority.
• An outstanding communicator and effective doer. People trust and follow you. You are curious by nature and are constantly learning on the go and discovering innovative ways of doing things.
• You love exploring new technologies and keeping your own technical skills sharp.
• You possess an expert understanding of security principles technologies and also improving the technology for custom solutions
• A Tenacious problem-solver. You know how to protect the business and as the business evolves, you find ways to handle information security in a practical way.
• Be an effective communicator and champion within the information security community and the business
• Use data and good judgment to approach business and people problems
• You are a life-long learner and enjoy researching, implementing, and guiding team members in implementing security principles!
• You are organized, flexible, and most meaningfully, build solutions for any problem with a can-do demeanor!

What you'll own:

• Advise, promote, and coordinate with collaborators on security architectures, vulnerabilities, countermeasures, and security design principles, standard methodologies and system security architecture process and approvals
• An outstanding communicator and effective leader. Project management experience a plus. Able to drive initiatives across multi-functional teams to deliver business value.
• Develop architecture design and recommend architectural changes in existing systems to reduce system vulnerabilities
• Create and maintain design documentation for infrastructure and systems
• Directly partner with and support leaders, peers in projects acting as the authority in all things security and provide direction as project manager for these security initiatives
• Explore and document vulnerabilities and recommend software and hardware controls to address those vulnerabilities
• Develop demonstrations, test plans, and test software, as needed
• Provide security recommendations to meet requirements of relevant standards (NIST CSF, CIS, ISO-27001, PCI, etc.) as well as internal policies and procedures
• Distill sophisticated technical concepts into clear and concise writing and presentations to support security initiatives
• Participate in all aspects of the software development process including system architecture, design, development, and verification
• Perform and deliver technical risk assessments against new software/SaaS purchases

Experience you'll need:

• 10+ years of proven experience in security engineering or related position.
• Know the latest tactics, techniques, and procedures (TTP) of threat actors and current countermeasures
• Bachelors of Science in CIS/MIS/CS/CE, Engineering/Technology or related field or equivalent experience/training.
• CISSP, GIAC Security Essentials Certification (GSEC) or other certifications, or similar security professional certification. Project management experience a plus.
• Understand information security principles, cryptographic methods, ports and protocols, and industry standard methodologies and compensating controls for risk mitigation.
• Expert knowledge with enterprise security applications (SaaS and native), custom logging solutions, integrating into enterprise ticketing systems, cloud security posture management and secure coding principles.
• Familiarity with common adversarial tactics, techniques and procedures. (TTPs), cloud technologies, and applicable security controls. (e.g. AWS, GCP, Azure, etc.)

#LI-remote #LI-MW1