Global IT Resources Inc.
Security Solution Architect
Global IT Resources Inc., Bethesda, Maryland, us, 20811
Job DescriptionThe Associate Security Solution Architect provides in-depth technical security guidance and is identified as the security subject matter expert (SME) for various technologies and project areas. Responsible for creating and developing capability-focused security solution architectures that are aligned to business and technology needs. Assists with maintaining security strategies, requirements, and standards for applications and platforms. Ensures architectures and patterns are aligned to company security policies, standards, and industry standards. Able to identify gaps and work with project teams to improve security while retaining time to market, functionality, and scalability. Assist with any reviews and approvals for Security Accreditation tasks during each phase of SDLC. Serves as project/program point of escalation for security issues and risks that may arise. Has a broad and deep knowledge in security areas such as application security, IAM, infrastructure, network, and security vulnerability management. This position may work as a dedicated embedded solution architect team member or across multiple projects/programs as required.
CANDIDATE PROFILEEducation / Experience
Required:
Bachelor or Associate's degree in computer science, information systems, cybersecurity, or a related field or equivalent experience/certification.
5-7+ years of Information Technology experience including 5+ years of security experience in conducting security reviews and accreditation.
2+ years of experience developing Security Architectures and Solutions.
2+ years of experience reviewing and identifying security risks/gaps.
The Associate Security Solution Architect must have at least two years of experience with some or all of the following:
Experience in using architecture methodologies such as TOGAF, SABSA, Zachman, etc.
Direct, hands-on experience or a strong working knowledge of vulnerability management tools.
Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
Experience securing CI/CD pipelines.
Experience in public cloud security such as AWS, Azure, Alibaba Cloud, Oracle Cloud.
Full-stack knowledge of IT infrastructure including databases, operating systems (Windows, Unix, and Linux), hypervisors, IP networks (WAN and LAN), storage networks, backup networks, and media, and containers/Kubernetes.
Strong working knowledge of IT service management (e.g., ITIL-related disciplines): Change management, Configuration management, Asset management, Incident management, Problem management.
Additional Experience and Skills
Experience in conducting independent research.
Direct interaction with cross-functional, sourced, or matrix teams.
Preferred:
Direct, hands-on experience or strong working knowledge of managing security infrastructure (e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, and log management technology).
Experience in providing input to or developing Enterprise Security Strategies.
Verifiable experience reviewing application code for security vulnerabilities.
Current information security certification, such as CISSP, CISM, ISACA's CISA, TOGAF, SANS' GAIC.
Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK, CAPAC, STRIDE, CIS Benchmarks.
Proven ability to provide Security Requirements for areas including Cloud Computing, Application Development, IAM, and Infrastructure.
Knowledge of how to secure technologies such as SaaS services (e.g., O365, Salesforce), Application Design, Container Platforms (e.g., Docker, Kubernetes), Serverless, Big Data, Network, Operating Systems, Identity and Access Management.
Knowledge of SDLC (Waterfall/Agile), DevSecOps, and good understanding of ITIL v3 Framework.
Proficient in performing quantitative risk management analysis.
Using ServiceNow to track activities, tasks, approvals, etc.
Strong negotiating, influencing, and problem resolution skills.
Proven ability to effectively prioritize and execute tasks in a high-pressure environment.
Experience in business systems and process planning.
Knowledge of business environment, service requirements, and hospitality culture.
Ability to translate information security objectives into mutually beneficial business strategies for client organizations.
Demonstrated ability to assess customer/client needs, creatively approach solutions, decide, and influence appropriate courses of action.
Graduate/post-graduate degree in cybersecurity.
Company DescriptionWe offer a benefit-rich offering to our employees. We provide choices in Medical, Dental, and Vision care programs. Assists employees in saving for their future by matching HSA contributions and 401k contributions. Additionally, we offer company-paid Short Term Disability Insurance, Long Term Disability Insurance, and Life Insurance. We also offer a host of voluntary benefits to employees for items such as hospital indemnity insurance, AD&D, spousal and child life insurance, pet insurance, identity theft protection, and more! Educational Assistance and First Time Licensure incentives are also available. Supports life balance by offering a competitive PTO program in addition to paid holidays. We enjoy a great wellness program with regular incentives.
#J-18808-Ljbffr
CANDIDATE PROFILEEducation / Experience
Required:
Bachelor or Associate's degree in computer science, information systems, cybersecurity, or a related field or equivalent experience/certification.
5-7+ years of Information Technology experience including 5+ years of security experience in conducting security reviews and accreditation.
2+ years of experience developing Security Architectures and Solutions.
2+ years of experience reviewing and identifying security risks/gaps.
The Associate Security Solution Architect must have at least two years of experience with some or all of the following:
Experience in using architecture methodologies such as TOGAF, SABSA, Zachman, etc.
Direct, hands-on experience or a strong working knowledge of vulnerability management tools.
Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
Experience securing CI/CD pipelines.
Experience in public cloud security such as AWS, Azure, Alibaba Cloud, Oracle Cloud.
Full-stack knowledge of IT infrastructure including databases, operating systems (Windows, Unix, and Linux), hypervisors, IP networks (WAN and LAN), storage networks, backup networks, and media, and containers/Kubernetes.
Strong working knowledge of IT service management (e.g., ITIL-related disciplines): Change management, Configuration management, Asset management, Incident management, Problem management.
Additional Experience and Skills
Experience in conducting independent research.
Direct interaction with cross-functional, sourced, or matrix teams.
Preferred:
Direct, hands-on experience or strong working knowledge of managing security infrastructure (e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, and log management technology).
Experience in providing input to or developing Enterprise Security Strategies.
Verifiable experience reviewing application code for security vulnerabilities.
Current information security certification, such as CISSP, CISM, ISACA's CISA, TOGAF, SANS' GAIC.
Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK, CAPAC, STRIDE, CIS Benchmarks.
Proven ability to provide Security Requirements for areas including Cloud Computing, Application Development, IAM, and Infrastructure.
Knowledge of how to secure technologies such as SaaS services (e.g., O365, Salesforce), Application Design, Container Platforms (e.g., Docker, Kubernetes), Serverless, Big Data, Network, Operating Systems, Identity and Access Management.
Knowledge of SDLC (Waterfall/Agile), DevSecOps, and good understanding of ITIL v3 Framework.
Proficient in performing quantitative risk management analysis.
Using ServiceNow to track activities, tasks, approvals, etc.
Strong negotiating, influencing, and problem resolution skills.
Proven ability to effectively prioritize and execute tasks in a high-pressure environment.
Experience in business systems and process planning.
Knowledge of business environment, service requirements, and hospitality culture.
Ability to translate information security objectives into mutually beneficial business strategies for client organizations.
Demonstrated ability to assess customer/client needs, creatively approach solutions, decide, and influence appropriate courses of action.
Graduate/post-graduate degree in cybersecurity.
Company DescriptionWe offer a benefit-rich offering to our employees. We provide choices in Medical, Dental, and Vision care programs. Assists employees in saving for their future by matching HSA contributions and 401k contributions. Additionally, we offer company-paid Short Term Disability Insurance, Long Term Disability Insurance, and Life Insurance. We also offer a host of voluntary benefits to employees for items such as hospital indemnity insurance, AD&D, spousal and child life insurance, pet insurance, identity theft protection, and more! Educational Assistance and First Time Licensure incentives are also available. Supports life balance by offering a competitive PTO program in addition to paid holidays. We enjoy a great wellness program with regular incentives.
#J-18808-Ljbffr