Security Architect

This is a remote position.

Mission of Softgic:
In Softgic S.A.S. we work for the digital and cognitive transformation of our clients, aware that quality is an essential factor for us, we incorporate the following principles into our policy:

What makes you a strong candidate:

• You are expert in Cybersecurity, DevOps, IP (Internet Protocol), and Technology architecture.
  
• You are proficient in Encryption, ISO/IEC 27001, and OWASP Top 10.
  
• English - Conversacional.
  

Responsibilities and more:

• Design, develop, review and implements security designs for new or existing technology system(s).
  
• Establishing and maintain trust relationships with the business and project teams through active engagement, clear accountability and expectations, and frequent communication.
  
• Collaborate with other teams and departments to fit security requirements with other constraints, such as business requirements or technology limitations.
  
• Provide business and project teams with cybersecurity expertise by participating in scoping, planning and executing cybersecurity related tasks.
  
• Provide feedback and approval for system and application designs and architectures as relates to adherence to security principles and company security policies, and develop a security risk management plan for noncompliance.
  
• Provide input on security requirements to be included in statements of work and other appropriate procurement documents.
  
• Create and maintain architecture design artifacts such as diagrams and documentation.
  
• Interpret output of activities such as penetration tests and application security scans, translating into actionable remediation requirements.
  
• Analyze current technology environment to identify deficiencies and recommending solutions, staying abreast of emerging security technologies and trends and apply them where appropriate.
  
• Educate and mentor project team members in areas of security best practice and company security policies.
  
  

Requirements

• +5 years of experience.
  
• Certified Information Security System Professional (CISSP) certification or equivalent.
  
• Proven experience as a technical architect in multiple fields of IT (e.g. network, storage, server, client, web/application, cloud, etc.) with the ability to understand security best practices and implications across all fields.
  
• Hands-on experience implementing modern security architectures.
  
• Excellent knowledge of cybersecurity risk evaluations for applications and systems.
  
• Adept in translating security requirements into actionable controls and measures.
  
• Background in securing on-prem, cloud and hybrid systems in theory and practice, including secure architecture design concepts.
  
• Understanding of DevOps principles, "shift left" philosophy.
  
• Strong experience with common web application security concepts, such as the OWASP Top 10, and their practical implementation.
  
• Understanding of application development secure coding techniques.
  
• Experience with multi-factor authentication, single sign-on, identity federation, identity management and related technologies for both cloud and on-prem environments, and SaaS solutions.
  
• Experience with vulnerability management methodologies and implementations.
  
• Solid understand of intrusion detection and prevention solutions and techniques.
  
• Experience with encryption technology and industry best practices for practical implementation including Key Management (e.g. PKI, HSM, etc.)
  
• Security audit and assessment experience (e.g., ISO27001, NIST 800-53, etc.)
  

Benefits

• Recognized as a Great Place to Work.
  
• Opportunities for scaling and growth.
  
• Paid time off.
  
• Support for formal education and certifications.
  
• Benefits with partner companies.
  
• Referral plan.
  
• Flexible working hours.