Security Architect
Protection Game · Alpharetta, GA · Today
$150k–$234k/yrFull-time
Duties
- Develop and maintain enterprise-wide security policies, standards, procedures, and guides.
- Develop design and architecture on multi-component systems and services utilized by the Company.
- Ensure control of their implementation.
- Design and support secure system integrations between cloud platforms and enterprise data sources, including Azure Databricks, Salesforce, and ServiceNow.
- Plan resources necessary for the implementation of security related projects.
- Develop work plans for technical teams and monitor their implementation.
- Participate in technical or project documentation development.
- Participate in architecture and change review boards to assess security risks of proposed solutions across IaaS, PaaS, SaaS, and on-premises environments to propose mitigation strategy and controls.
- Design and implement security controls aligned with frameworks such as NIST, ISO 27001, CIS Benchmarks, OWASP, MITRE ATT&CK and cloud security best practices.
- Lead security assessments and audits to identify compliance gaps and recommend remediation strategies.
- Design secure CI/CD pipelines incorporating static (SAST) and dynamic code analysis (DAST), software composition analysis (SCA), and vulnerability scanning.
- Plan and manage security projects including infrastructure migrations, tool deployments, and process improvements.
- Collaborate with enterprise architects, developers, and business stakeholders to ensure secure system design and implementation.
- Evaluate and implement security technologies such as SIEM, Hardware Security Modules (HSMs) for code signing and key management, CNAPP, Zero Trust and other cloud-native security tools.
- Design, implement, maintain and improve security processes, including vulnerability management, patch management, and incident response.
- Collaborate with business and management to gather, analyze, and prioritize new projects.
- Analyze and apply security best practices.
- Bachelor’s degree or foreign equivalent in Automation Engineering, Information Technology, or related field.
- 5 years of progressive work experience as a Security or IT Architect, or related occupation.
- At least 2 years of prior work experience in each of the following:
- Working on virtualization (VMware or Hyper-V) and designing security controls in cloud platforms (Microsoft Azure and AWS).
- Reading and creating components, data flow, and business process diagrams based on BMPN and UML visual modeling languages.
- Working on NIST, ISO 27001, CIS Benchmarks, OWASP, and MITRE ATT&CK frameworks as well as vulnerability management tools: Tenable One, Nessus, ServiceNow vulnerability management, and CMDB modules.
- Securing CI/CD pipelines: SAST, DAST, SCA, and designing code signing processes using Hardware Security Modules.
- Designing network architecture and security (VPN, Network Firewalls, and WAFs) and implementing Zero Trust architecture (Entra ID conditional access policies, and zero-trust access to private applications using Entra ID Application proxy or Zscaler Private access).
- Working on Privileged Access Management and secret storage solutions using tools: Azure Key Vault, AWS Key Management Service, Delinea Secret Server, or Hashi Corp Vault.
- Working on SaaS platform security using the following: Microsoft 365 applications, Salesforce, ServiceNow, and Azure Databricks.
- Must have at least 2 years of prior work experience in each of the following:
- Working on virtualization (VMware or Hyper-V) and designing security controls in cloud platforms (Microsoft Azure and AWS).
- Reading and creating components, data flow, and business process diagrams based on BMPN and UML visual modeling languages.
- Working on NIST, ISO 27001, CIS Benchmarks, OWASP, and MITRE ATT&CK frameworks as well as vulnerability management tools: Tenable One, Nessus, ServiceNow vulnerability management, and CMDB modules.
- Securing CI/CD pipelines: SAST, DAST, SCA, and designing code signing processes using Hardware Security Modules.
- Designing network architecture and security (VPN, Network Firewalls, and WAFs) and implementing Zero Trust architecture (Entra ID conditional access policies, and zero-trust access to private applications using Entra ID Application proxy or Zscaler Private access).
- Working on Privileged Access Management and secret storage solutions using tools: Azure Key Vault, AWS Key Management Service, Delinea Secret Server, or Hashi Corp Vault.
- Working on SaaS platform security using the following: Microsoft 365 applications, Salesforce, ServiceNow, and Azure Databricks.
- Bachelor’s degree or foreign equivalent in Automation Engineering, Information Technology, or related field.
Requirements
Special Requirements
Education Required
Salary
$149,968 to $233,854 per year
Worksite
2550 Northwinds Parkway, Suite 300, Alpharetta, GA 30009