Job Description

Essential Responsibilities:

Ensure security is designed and integrated into digital products deployed on Azure or on-premise.

Function as a cybersecurity leader in daily sprints, stand ups and provide ownership for all aspects of cybersecurity lifecycle in the product release.

Collaborate and partner with product and engineering partners like managers, architects, and developers in the roadmap planning, prioritization, and implementation.

Provide Azure security leadership and domain expertise.

Expert guidance on Application secure development life cycle.

Perform threat modeling and architecture risk analysis.

Lead secure code reviews, vulnerability analysis and remediation tracking.

Provide incident handling support for security related incidents.

Influence developers to write secure code and implement secure engineering practices.

Validate and attest security control effectiveness in assigned digital products.

Qualifications/Requirements:

Bachelor’s degree from an accredited university or college with minimum of 8 years of professional experience

Minimum 7 years of professional experience in Cyber Security Architecture

Must be willing to travel up to 10%.

CISSP or equivalent certification

Desired Characteristics:

Highly skilled security architect who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure Azure solutions.

Working knowledge of OWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating controls.

Knowledge of Web/API security architecture common authentication and authorization technologies (OIDC, OAuth2, Spring Security, HMAC, WS-Security, WS-Trust).

Proficiency in at least one high level programming language (e.g. Java, Node.JS, Python, C/C++, .Net).

Solid understanding of applied cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography etc.).

Good understanding on privacy standards like PII, GDPR, CCPA etc.

Familiar with at least one Infrastructure as Code (IaC) scripting language (ARM, Terraform, PowerShell, CloudFormation).

Familiar with Controls frameworks and procedures (NIST800-53, ISO 27001, Soc2 Type2, CMMC etc.).

Familiar with governance, risk and compliance functions within a cyber security program.

Familiar with threat and incident management functions within a cyber security program.

Humble: respectful, receptive, agile, eager to learn

Transparent: shares critical information, speaks with candor, contributes constructively

Focused: quick learner, strategically prioritizes work, committed

Leadership ability: strong communicator, decision-maker, collaborative

Problem solver: analytical-minded, challenges existing processes, critical thinker