Security Architect (SA) will design, develop, configure, analyze, test, monitor and oversee the implementation of enterprise-wide computer and network security infrastructure and application security software . As a senior member of IT Security, SA will create security strategies and architectures that are responsive to changes in regulation and risk yet ensure all enterprise assets are adequately protected. SA will develop an annual security strategy document to be presented to senior management. SA will need to understand all technology utilized by the business in order to develop and test security structures to protect business systems. SA will be responsible for designing defensive and responsive security architecture. SA should be able to identify emerging security threats and design and implement security architecture to mitigate those threats. SA is required to architect security infrastructures, providing technical guidance, assessing costs and risks, and establishing security policies and procedures. SA will directly report to the Director Information Security and collaborate regularly with the Chief Architect regarding security architecture roadmap, standards, principles, governance, and automation.
The following duties reflect the primary responsibilities performed by employees in this job. Incumbent(s) may be required to perform additional, position-specific duties.
Security Architecture and Design
- Ensure security architecture provides secure software development, data protection, cryptography, key management, Identity and Access Management (IAM), network security (VPNs), and containerization within colocation services as well as SaaS, IaaS, PaaS, and other cloud environments.
- Architect security processes and procedures for cloud environments, cloud-based services, DevOps, Microservices, Mobile Applications, Portals, and APIs.
- Design security architecture elements to mitigate threats.
- Assess and enforce cloud security and governance tools, Cloud Access Security Brokers (CASBs), and secure server virtualization technologies.
- Perform security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks.
- Evaluate and enforce common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, SAML, Ping, Okta, etc) and key management (Safenet, Vormetric, other).
- Validate and improve Secure Development Lifecycle and global regulatory compliance.
- Architect, validate and improve perimeter security controls – firewall, IDS/IPS, network access control and network segmentation including router, switch, VLAN, and wireless security.
- Network security architecture development and tokenization along with DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- Create solutions that align enterprise security architecture frameworks and standards (e.g. SABSA, NIST 800-53, ISO 27002) with overall business and security strategy.
- Complete other duties as assigned.
Security & Risk Assessments and Resolutions
- Perform security assessments, identify gaps in existing security architecture, and recommend changes or improvements.
- Participate in risk assessments for new technologies and business projects.
- Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies.
- Evaluate Third Party Service Providers (TPSPs) auditing and cloud risk assessment methodologies.
- Track risks and their severities to help resolve security and vulnerability items or incidences.
- Contingency planning and operational continuity in the face of an attack.
- Work alongside with Risk Management and Security Operations teams to investigate and mitigate potential bypass and exploit techniques.
- Evaluate and vet TPSPs cybersecurity.
- Work within the security team to develop and maintain our security posture.
- Efficiently and effectively evaluate and communicate enterprise security posture to the Chief Architect, Enterprise Architect, and other Value Stream Architects.
- Collaborate with SAI team, managers, and leads to define and drive security architecture roadmap, upgrades, transformation, and migration.
- Work with other architects to maintain, execute, and prioritize security features and identify/resolve security risks.
- Collaborate with cross-functional teams to ensure that applications, products, tools, solutions, and services are in adherence to security best practices and policies.
- Maintain relationships with key TPSPs. Participate in negotiations with the security product providers as a subject matter expert.
- Collaborate closely with infrastructure architect to identify upcoming changes and security requirements.
Architecture Processes & Governance
- Ensures architectural governance adherence, enterprise security technology adaptation, and security policy advancements.
- Evolve security architecture, governance, processes, and maturity model.
- Participate in evaluating the success of the project, best practices, and lessons learned
- Actively participate in architecture review sessions with the SAI team.
Security Architect Qualifications
- Bachelor's or Master’s degree in Computer Science, Engineering or related field. Master’s degree preferred. 10+ years overall industry experience and 5+ years as a SA. Insurance industry experience is a plus.
- Experience in designing security architectures to mitigate threats and identifying gaps in existing architectures.
- Extensive experience with Firewalls, ACLs, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, CASB, Secure Proxies, encryption and SSL crypto solutions.
- Knowledge of computer networking concepts and protocols (e.g. TCP/IP, DNS) and network security methodologies.
- Knowledge of industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, SAML, Ping, Okta, etc) and key management (Safenet, Vormetric, other).
- Ability to test and automate the security testing of multiple internal and/or external systems and the integration between them (Example: Web server, databases, CRM, ERP, Application server).
- Experience architecting multi-factor authentication, authorization, and encryption/ decryption standards. Integrated IAM and performed entitlement engineering under the influence of Cloud environments (IaaS, SaaS, and PaaS).
- Capability to develop threat models and design reviews assessing security implications and requirements of new technologies.
- Strong communication and interpersonal skills to collaborate with cross-functional teams, perform reviews to identify and resolve vulnerabilities, and provide recommendations.
- Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
- Exceptional written, oral, and interpersonal communication skills.
- Solid understanding of a range of compliance, regulatory and legal requirements and relevant principles, best practices and standards across insurance industry.
- Familiarity with ISO 27001/27002, ITIL and COBIT frameworks. Cloud security architecture related certifications or any of the CISS, CISSP-ISSAP, CISM, CEH, CSSA, and GIAC Security certification.
- Ability to meet tight deadlines and to prioritize tasks.
Location: Home Office, main building
Work Schedule: M-F, 8 am – 4:30 pm
Salary Range: $125,000-$150,000
Direct Hire order which would report to Jeff Rovelli, the Director of Information Security.