Principal Cybersecurity Solutions Architect - Development Security

Description

JOB SUMMARY

The Cyber Security Solution Architect will use a data driven and risk-based methodology to drive the governance and solutioning in partnering with the technology and software engineering organizations including key product owners as stakeholders. The program will be focused on addressing software engineering risks across products and platforms, leading the adoption of integrating security services into the development and deliver pipeline. Through adopting a DevSecOps culture and manifesting a security champions initiative to help drive wide-spread accountability to maturing cyber risks associated with software. The role requires building cross-functional partnerships and deepen insights where security technology, platforms and applications can become more resilient to cyber-attacks through the adoption of enterprise secure software development services.

The ability to comprehend technical and business implications to security directives and to make effective requirements will be very important in driving the success of modern security architecture adoption.

Job Responsibilities

Establish a comprehensive software security enterprise program and partner with stakeholders to deliver:

• Develop and operate KPI’s for the secure software engineering program.
• Enterprise strategy and architecture roadmap for multi-cloud platforms.
• Enterprise requirements for secure engineering within policies and standards.
• Solution service and tool integration within pipelines and DevSecOps models.
• Create & drive adoption of secure engineering practices.
• Aligning requirements to common cyber security frameworks such as NIST, Hitrust, CSF.
• Establish security champions to drive wider adoption and support within the enterprise.
  
  

Partner with application program teams to align and integrate with IAM roadmap:

• Drive the creation & adoption of standard CI/CD pipelines with JIT assurance through solutions that are integrated into CI/CD pipelines
• Publish patterns to drive adoption of DevSecOps solution.
  
  

Educate and drive engagement of modern IAM security architecture principles within the organization:

• Be a transformation agent in promoting a modern security engineering mindset.
• Perform design reviews to identify security architecture flaws.
  
  

Qualifications

QUALIFICATION REQUIREMENTS:

Architecture

• 5 years of experience with delivering secure development programs and implement DevSecOps within large enterprises.
• 5 years of experience integrating security development services into CI/CD pipelines
• Strong familiarity exploitation techniques and Mitre @ttack framework.
  
  

Engineering

3 years of experience engineering:

• Source code IDE, CI/CD scanning.
• Infrastructure as Code (IaC).
• Static and dynamic testing tools.
• Secure code repositories, and advanced security services.
  
  

Education

• College degree or 5 years of experience as a security engineer or 7 as an enterprise security architect in the relevant subject areas.
• DevSecOps, secure software engineering certifications
• Cloud Certification for OCI, AWS or Azure (Azure preferred)
  
  

Languages

Proficiency in English (written and spoken)