Previous Job
Previous
Security Architect - Philadelphia PA
Ref No.: 17-03478
Location: Philadelphia, Pennsylvania
Job Title: Security Architect
Job Location: Philadelphia PA
Position Type: Contract  
Pay Rate:  DOE
 
US Citizen, Green Card, GC EAD and H4 EAD only.
No sponsorship available for this job, NO C2C
 


Job Description: 
  • Perform security assessment and compliance activities by using assessment tools and procedures for the Comcast's Digital First Organization
  • Continue to engage and build relationship with Comcast global Technology and Product Security teams
  • Plan, research and design robust security architectures in partnership with App/Dev/platform teams for any Application/IT project
  • Conduct and facilitate Threat modelling workshops
  • Perform/participate in security architecture review (SAR) to ensure all security architecture design best practices and standards are met
  • Perform planning and remediation of application static, dynamic and run-time code analysis (SAST, DAST, IAST/RASP) and also work with application and internal teams for to ensure secure coding practices are implemented
  • Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals
  • Oversee security awareness programs and educational efforts
  • Respond to security-related incidents and provide a thorough post-event analysis
  • Min 2 years' experience in Cloud Security Design / Implementation / Management with exposure to AWS / Azure Native Security
  • Strong understanding and exposure to Network Security, Operating System Security, Web Security and End Point Security
  • Research security standards, security systems and authentication protocols, keep abreast with latest trends in the cyber security industry
  • PCI Compliance Experience to conduct PCI Compliance activities
  • Strong understanding of PCI concepts
  • Assist with planning and remediation of internal and external vulnerability, and external penetration scans, as needed
  • Determine, document, and publicize the availability of PCI technical requirements
  • Work with various departments to ensure that they are aware of and understand the technical PCI requirements that they must adhere to and sign off on
  • Contribute content on PCI compliant requirements to support resources, including knowledgebase articles, quick reference cards, webinars, and training classes to raise understanding of PCI compliance
  • Assist in evaluation, selection and implementation of encryption solutions and key management systems
  • Assist in Vulnerability remediation in coordination with other ops / application teams
  • Configure and run penetration test & Analysis and Suggestions
 
Qualification:
  • Architected security for products, enterprise, information and other initiatives
  • Proficient at the secure software development lifecycle and DevSecOps
  • Proficient at identity, authentication and authorization systems
  • Good understanding of cryptographic trust based systems
  • Cloud security knowledge preferred
  • Data and database security
  • Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH, Fido knowledge preferred
  • Knowledgeable in compliance standards like: PCI, CPNI, ISO 27001, FCC Regulations, SOX, Subscriber PII
  • Coding experience preferred but not required
  • Security expertise in one or more relevant areas
  • Knowledge of Intrusion Detection & Prevention Systems
 
Experience
  • 10+ years of experience in security and technology based industry
  • 5 years of experience working with various security architectures
 
Certifications
  • Following certifications are a plus- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Licensed PEN Tester (LPT), Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), Certified Secure Software Lifecycle Professional (CSSLP)
 
Education
  • Bachelor's Degree in Information Systems, Computer Science, Management Information System, Cyber Security or Engineering
 
Industry Recognized Certifications in Security 
  • CISSP (Certified Information Security System Professional - Preferred
  • CISM (Certified Information Security Manager)
  • CISA (Certified Information Systems Auditor)
  • CEH (Certified Ethical Hacker)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Other relevant certifications