Previous Job
AWS Cloud Security Architect
Ref No.: 20-00266
Location: Manhattan, New York

Should be a highly technical security practitioner with working knowledge of delivering secure application architecture and design.
Will be responsible for understanding the current and emerging threat landscape, and capabilities required to defend them.
Provide technical support, troubleshooting, and ad-hoc training (How do I/this isn't working) for the development teams
Provide technical support, troubleshooting, and training for the security team.
Analyze and design security solutions for applications and infrastructure, and provide expertise and consulting to clients. Identify and document information security risks and propose mitigating controls.
Will be responsible for understanding complex business IT needs, requirements, and projects scopes, with a focus on information security requirements.
Research, design, and develop new information security controls for clients. Assess current IT environments and make recommendations to increase security.
Ensure compliant implementation of security related integration points.
Assist clients in troubleshooting and resolving information security issues.
Author project and support documentation and diagrams. Implement security solutions.
Should have practical knowledge of building application using monolithic, micro services and Restful APIs.
Will evangelize security throughout the enterprise and drive changes needed to respond to emerging threats and business needs.
Will work across development, fraud, business and architecture teams.
Provide guidance on best security practices in AWS
Provide guidance on best operational practices in AWS
Design technical security controls to meet Client's requirements
Design infrastructure to support security controls / operational controls
Assist in educating Client regarding operating in the cloud in the following areas
o Networking
o Systems administration
o AWS infrastructure
o Automation
o Encryption
o Logging
o Others as needed
Assist other teams with design decisions in the above areas (e.g. explain how DNS works in a VPC natively and how to integrate it with on premise DNS)
College degree or equivalent and 7+ years related work experience is required
Minimum 5 years' experience with Security Architect
Minimum 5 years' experience architecting solutions within Amazon Web Services (AWS)
Prior Splunk experience, strong understanding of security operations in the Cloud ,
3-5 year of experience in AWS Containers & Kubernetes experience.
Experience in Elasticsearch
Experience in identity access management (IAM) tools
Security process documentation (e.g. experience documenting compliance requirements, IAM processes, etc.)
Assessed, developed and implemented, operationalized and documented comprehensive security technologies and processes.
Secure software development, data protection, cryptography, key management, identity and access management, network security (VPNs) within SaaS, IaaS, PaaS, and other cloud environments.
Architected solutions within AWS and other cloud providers and SOA for cloud-based services.
Worked with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
Performed security design/architecture reviews, code reviews, and penetration tests of large applications, systems and/or networks.
Worked on large scale cloud based services (including SaaS, PaaS, IaaS) and understand security challenges involve in deploying Cloud Applications.
Created and maintained security policies and procedures, managing the protection of information systems and assets.
Performed threat modeling and design reviews assessing security implications and requirements introducing new technologies.
Hand-on experience with multiple security technologies such as Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies, SSL crypto solutions.
Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc) preferred.
Solid understanding of a range of compliance, regulatory and legal requirements and relevant principles, best practices and standards across multiple industries. Preferred industries: financial services, telecommunications. Examples would include: PCI, SOX, GLBA, CSA, PCI, NIST, ISO, IEEE, FedRAMP, HIPAA and TCG.
Have working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, SAML, Ping, Okta, etc) and key management (Safenet, Vormetric, other).
Ensure compliant implementation of security-related integration points.
Supported on security technologies including Identity Access Management (IAM), Cloudwatch, KMS, Cloud Trail, CloudHSM, Cloud Custodian and Inspector
Cloud security architecture related certifications
AWS Certifications.
Industry security (e.g., CISSP), privacy (e.g., CIPP/US) or audit (e.g., CISA) certifications are a plus.

Top three critical skillsets or technologies needed:
Skill #1: AWS Cloud Architecture
Skill #2: AWS Cloud Security Implementation
Skill #3: Information Technology Controls and Risk of Cloud Technology