The Senior Security Architect is an internal consultant that is working on multiple security architecture engagements across the enterprise either as a single contributor, managing a dispersed team, or participating in a virtual team across business units. The senior Integrator works with team members (IT, Business, Suppliers, Stakeholders and Partners) globally to address Sec Archs mission. To be successful as an Integrator the candidate must have broad technology experience coupled with strong communication, influencing and time management skills.An Integrator has the following Responsibilities:
" Lead architecture consulting to construct Security Architectures for a business unit or infrastructure Technology team
" Conduct risk assessment and provide technology risk/requirements to address risks identified. Areas covered: Authentication, Authorization, Auditingb.Application Security Session Security, Vulnerability/Penentration Testing items, Input Validationc.Secure data transport and storage
" Periodically review security reference architecture (security blueprints) and conduct updates/enhancements to guidance, policies, or other applicable reference materials
" Participate in various Operational and Technology Risk governance processes
" Lead, where applicable, a role in architecture review committees representing Security Architecture Skills and
" Experience Soft Skills (Required)
" Excellent communication skills: written, oral, presentation, listening
" Ability to influence through factual reasoning
" Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
" Strong focus on delivery when presented with short timelines and increased involvement from senior management.
" Ability to adjust communication of technology risks vs business risks based on the audience
" Ability to operate in multiple virtual teams, directly manage teams, or ability to operate as a sole-contributor
Security Architecture Skills
" Required In depth knowledge of application, network and platform security vulnerabilities.
" Ability to explain vulnerabilities to developers
" Required: Experience in conducting Information Security, Security Architecture, Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.
" Required: Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
" Required: The candidate must have working experience in the following application/network security domains: a.Authentication: SAML, SiteMinder, Kerberos, OpenIdb.Entitlements and identity managementc.Data protection, data leakage prevention and secure data transfer and storaged.App Security - validation checking, software attack methodologiese.Cryptography ? encryption and hashing
" Desired: Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, vpn, and load-balancers, and to understand network architecture.
" Desired: The candidate must have working knowledge of the primary operating systems (Unix, Windows, z/OS, Mac OS), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.