Security Architect
Posted on 3/18/2023
INACTIVE
Locations
Remote • Dorchester, Boston, MA, USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
AWS
Business Strategy
Development Operations (DevOps)
Docker
Jenkins
Git
Management
Microsoft Azure
REST APIs
Terraform
Kubernetes
PowerPoint/Keynote/Slides
Excel/Numbers/Sheets
Requirements
  • Demonstrated experience in architecture, design, and management of security for highly available, resilient systems (physical, virtual, cloud)
  • Experience with container technologies such as Kubernetes and Docker
  • Experience with deployment orchestration, automation, and security configuration management (Jenkins, GitHub Actions, Terraform, CloudFormation)
  • In-depth knowledge of AWS services, including experience in designing, implementing, and maintaining secure AWS infrastructure (e.g., IAM, SCPs, Secrets Manager, KMS, WAF and Shield, GuardDuty, CloudFront, CloudTrail, Inspector, etc.)
  • Three years of experience with cloud security and native technologies (Azure, AWS)
  • Working knowledge of enterprise-level Active Directory and AWS security solutions
  • Working knowledge of current cyber threats and countermeasures
  • Experience with the development of flow diagrams, assignment of subsystems and trust boundaries, boundary protection definition, and threat modeling
  • Experience with NIST800 standards, including 30, 53, 82, and 171
  • Experience with ISO 27000 series standards
  • Experience with HITRUST and CIS Critical Security Controls
  • Ability to earn trust, maintain positive and professional relationships, and contribute to a culture of inclusion
  • Solid understanding of security protocols, cryptography, authentication, and authorization
  • Solid understanding of OpenID Connect (OIDC) and OAuth 2.0
  • Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing)
  • Ability to deal with ambiguity
  • Strong conflict management skills
  • Computer Skills: Microsoft: Excel, Word, PowerPoint, and Visio
  • Strong influencing skills across all levels, internal and external to the enterprise
  • Excellent written and verbal communication skills, business acumen, and a commercial outlook
  • Demonstrated history of producing effective, innovative architectural solutions on an enterprise scale
  • AWS Solutions Architect - Professional, AWS Certified Security Specialty, Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or an industry-standard cloud certification
  • At least three years of experience as a Cloud Security or Cloud Platform Architecture
  • Knowledge of remote access technology concepts
  • Knowledge of communication methods, principles, and concepts that support the network infrastructure
  • Knowledge of business continuity and disaster recovery continuity of operations plans
Responsibilities
  • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan
  • Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents
  • Design security architecture elements to mitigate threats
  • Devise strategies to secure information assets and cloud services
  • Provide technical security supervision and guidance to the information security, infrastructure, and DevOps teams
  • Understand Arcadia's business strategy and product offerings and how it relates to our security architecture strategy and deliver architectural guidelines, best practices, and direction on security within architectural standards, policies, and roadmaps
  • Drive beneficial security architectural changes through the development or review of architectures to ensure that they fit requirements for security, privacy, compliance, cyber risk mitigation, and conformance to relevant security standards while balancing information risk against the cost of appropriate countermeasures
  • Integrate with change management processes to ensure a security review or assessment is conducted for all significant changes to Arcadia's production, cloud architecture, and development environments
  • Leverage knowledge of architectural best practices to develop a long-term strategy that considers business needs and budgetary constraints
  • Collaborate with development teams to ensure effective implementation of security within the SDLC and ensure that relevant tasks are completed and required artifacts are created and maintained
  • Perform Security Impact Analysis for all web/code changes as part of the Change Management process before release and deployment
  • Proactively engages key stakeholders regarding architectural security decisions, plans, goals, and strategies that impact business operations and initiatives
  • Document and maintain security designs, processes, procedures, and other artifacts
  • Assist in developing configuration baselines and supporting the deployment and adherence of secure configuration management processes
  • Continually evaluate and understand the implications to Arcadia and its customers concerning the evolving cybersecurity risk landscape and industry practices to remain current with threats and associated countermeasures
Arcadia
Healthcare analytics platform