The Solution Architect supports the business by ensuring information security is integrated into the essential project and program activities. The Solution Architect ensures risks are treated in a consistent and effective manner and promotes responsible security behavior at appropriate stages of the Software Development Lifecycle.
The Architect will be responsible for understanding industry standards and best practices, keeping current with industry trends and emerging technologies, understanding and evaluating complex business functions and processes, operational requirements and procedures. Will be melding these to form a set of comprehensive and coherent plans to enhance the security of various applications and platforms.
Knowledge, Skills, and Abilities:
- Oversees and documents IT security aspects of the Enterprise Architecture, including vulnerability assessment, design, access, and authentication.
- Ensures security profiles are established and maintained for all significant applications.
- Works closely with other functional area architects, development teams and security specialists to ensure adequate security solutions are in place throughout all systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
- Contributes to the development and maintenance of the information security strategy.
- Evaluates and develops secure solutions, based on approved security architectures.
- Researches, designs and advocates new technologies, architectures, and security products.
- Develops the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.
- Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.
- Communicates security risks and solutions to business partners and IT staff.
- Understand attack vectors and design security controls to mitigate risk. Create and deliver knowledge sharing presentations and documentation to other architects, security, developers and operations teams.
- Learn on the job and explore new technologies with little supervision to identify new and emerging security threats.
- Experience with automated security testing tools is a nice to have.
· Proven leadership ability with excellent interpersonal communication skills.
· Experience working with a variety of constituents within and outside of IT to drive cohesiveness while ensuring that the architectural direction is achieved.
· Should be able to effectively interact with a variety of internal and external constituencies.
· Ability to conduct research into emerging technologies and study their relevance for use.
· Ability to present ideas in business-friendly and user-friendly language.
· Highly self-motivated and directed.
· Excellent analytical and problem-solving abilities.
· Able to prioritize and execute tasks in a high-pressure environment.
· Experience working in a team-oriented, collaborative environment.
- 15+ years of information technology and information security experience in a professional and/or collegiate environment
- Understands the concepts of and techniques for secure programming.
- Able to recognize and categorize the most common types of vulnerabilities and associated attacks.
- Network applications and services - expertise in the purpose of the application or service, how it works, common usage, secure configurations, and the common types of threats or attacks against the application or service, as well as mitigation strategies.
- Host/System Security Issues - expertise in security issues at a host level for the various types of operating systems (Windows and Linux).
- Experience with and knowledge of the majority of the technologies below
- Database technologies such as Oracle, MS SQL
- NoSQL technologies such as Couchbase, Elastic
- Expertise in relevant protocols/technologies like HTTP, SSL/TLS, LDAP, JDBC, Servlet/JSP, SQL, HTML, XML.
- Experience implementing scalable, fault-tolerant, highly available, continuous, multi-data center systems.
- Experience with SSO, SAML, OAuth2, OIDC, MFA
- Knowledge of relevant security standards such as PCI-DSS, FISMA, FedRamp, etc.
- Experience analyzing business requirements in order to meet strategic security goals.
- Experience with intranet, and extranet development
- Knowledge of Cloud Security standards
- Information security principles
- Appropriate security certifications such as CISSP, CEH, CRISC
Bachelor’s Degree in Information Security, Computer Science or related discipline