Previous Job
Previous
AWS Information Security Architect
Ref No.: 20-00743
Location: REMOTE, Virginia
Position Type:Contract

Duration: 6+ months
Compensation: OPEN (W2 only!)
# of openings: 3
Location: REMOTE

*** No Vendors/3rd parties. ***

*** U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor or transfer visas at this time. ***

Responsibilities/Requirements:

  • Ability to lead Security Architecture consultation with other parts of Information Security.
  • 5+ years' experience reviewing project architectures and solutions.
  • 6+ years' experience leading application security architecture efforts that requires close collaboration with project teams and business stakeholders.
  • Enterprise/Business/Data Architecture, IT and Business partners, and peers on proper security architecture and software development processes to ensure the applications developed and systems implemented are in line with security best practices and company policies and standards and are compliant with the required frameworks (ISO, SOX, SWIFT, OWASP, NIST Cyber Security, etc.).
  • Ability to develop repeatable application security architectures working with internal and external partners.
  • Partner with EA Portfolio and Initiative Architects to assess security threats, identifying and tailoring security requirements, and integrating security controls.
  • Ability to document and diagram technical systems and architectures.
  • Demonstrated experience integrating security within the various cloud service models (e.g., IaaS, PaaS, SaaS).
  • Able to identify the appropriate security solutions for various Cloud implementations.
  • Able to architect, implement, and document system security controls.
  • Ability to review system documentation for proposed projects (e.g., system requirements, detailed design/architecture, interface documents, etc.), identify security gaps and provide security recommendations to address those gaps, and complete risk profiles for cloud computing solutions.
  • Ability to advise and approve of changes and architectures for assigned areas from an application security perspective.
  • Ability to lead efforts that document and present risks and security issues that could impact the confidentiality, integrity and/or availability of the business (both internally and externally).
  • Ability to assess risk to applications associated with emerging threats and threat vectors.
  • Previous industry experience with application security including static code review, automatic code scans, and security architecture review, penetration testing, and mitigating application level vulnerabilities.
  • Strong knowledge of networking, Unix/Linux, virtualization, authentication, cryptography. Must be fully conversant up and down the technology stack. Proven expertise in building a defense in depth infrastructure security architecture that includes security controls across the technology stack.
  • Demonstrated working knowledge of major Cloud platforms:  AWS, Azure, SalesForce, ServiceNow.
  • Expert knowledge of operating system, application, network, and database security architectures.
  • Development background particularly building enterprise applications (Java Preferably).
  • Foundational and functional understanding of how API works (RESTful, SOAP).
  • Understanding of API security - specifically on common controls for API security (SSO, OAuth, Threat Protection).
  • Security elements of API gateway integrations of API - WAF, Websockets.
  • Familiarity of Identify and Access Management - AWS IAM integrations.
  • Proficiency in AppSec and Web services security.
  • Experience in an environment using Agile methodology.
  • Exceptional experience influencing collaborating and negotiating positive outcomes across stakeholders in highly matrixed organization.
  • Experience with Enterprise Architecture frameworks such as TOGAF, DoDAF, FEAF, etc.
  • Excellent verbal and written communication skills.Applicable security certifications desired; CISSP, CEH, GIAC, GSEC, or CSSLP or advanced degree in InfoSec.
  • AWS Architecture certification (Professional preferred).
  • Prior Financial Services and consulting experience a plus.