Kansas Action for Children, Inc
Information Security Architect II
Kansas Action for Children, Inc, Topeka, Kansas, United States,
At Terracon Consultants, Inc. and Subsidiaries in Olathe, Kansas, United States.Job Description
General Responsibilities:Designs, implements, and maintains application security systems to ensure high levels of data integrity and employee safety. Creates policies and procedures to ensure consistent adherence to industry standards and protection of client and employee data across varied application tech stack. Performs vulnerability assessments, conducts penetration testing, and evaluates findings from third-party security resources.Essential Roles and Responsibilities:Designing and developing security architectures for systems that reside in on-prem and cloud environments based on security requirements, risk, resiliency needs, and best practices.Creating architectures that minimize cyber risks impacting the integrity, availability, or confidentiality of organizational assets.Executing threat model analysis and authoring detailed patterns and standards to identify and reduce risk.Representing cyber security in the development and implementation of the overall enterprise architecture. Acting as the ambassador and senior technical representative for security while engaging with other senior technical leaders.Directly influencing security improvements across the entire technology stack.Analyzing, designing, and developing roadmaps and implementation plans.Implementing SSDF and DevSecOps practices across the applications.Migrating manual processes to leverage automation within cloud.Designing, implementing, integrating, and testing enterprise-class security and incident prevention solutions.Designing, implementing, integrating, and testing automated response, threat analysis, and IPS/IDS solutions.Mentoring junior staff as a resource for industry best practices, technical direction, and professional practice.Developing security strategy plans and roadmaps based on sound enterprise architecture practices.Developing security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.Tracking developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.Conducting security assessments of internal systems, applications, and IT infrastructure as part of the overall risk management practice of the organization.Conducting vulnerability assessments and other security reviews of systems, and prioritizing remediation based on the risk profile of the asset and guidance from the information technology management team.Reviewing and assessing security and infrastructure logs for indicators of compromise (IOCs) or other anomalous behavior within networks, applications, or user profiles.Ensuring that a complete, accurate, and valid inventory of all systems, infrastructure, and applications is conducted that should be logged by the security information and event management (SIEM) or log management tool.Coordinating with legal and/or privacy management to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommending controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.).Validating IT infrastructure and other reference architectures for security best practices and recommending changes to enhance security and reduce risk where applicable.Supporting the testing and validation of internal security controls as directed by Senior Security Architect.Reviewing security technologies, tools, and services, and making recommendations to organizational peers for their use based on security, financial, and operational metrics.Conducting incident response exercises with colleagues throughout the organization and incorporating lessons learned into existing security architectures and practices.Liaising with other security architects and practitioners to share best practices and insights.Performing control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls and recommending remedial action.Working with junior staff on deploying, tuning, and running vulnerability-scanning and penetration-testing tools.Following safety rules, guidelines, and standards for all projects. Participating in pre-task planning. Reporting any safety issues or concerns to management.Maintaining quality standards on all projects.Requirements:Bachelor's degree in Information Technology/Systems, Cybersecurity, Information Security, or related field and a minimum of 8 years' experience. Or, in lieu of degree, a minimum of 12 years of experience.Terracon is an EEO employer. We encourage qualified minority, female, veteran, and disabled candidates to apply and be considered for open positions. We do not discriminate against any applicant for employment, or any employee because of race, color, religion, national origin, age, sex, sexual orientation, gender identity, gender, disability, age, or military status.
#J-18808-Ljbffr
General Responsibilities:Designs, implements, and maintains application security systems to ensure high levels of data integrity and employee safety. Creates policies and procedures to ensure consistent adherence to industry standards and protection of client and employee data across varied application tech stack. Performs vulnerability assessments, conducts penetration testing, and evaluates findings from third-party security resources.Essential Roles and Responsibilities:Designing and developing security architectures for systems that reside in on-prem and cloud environments based on security requirements, risk, resiliency needs, and best practices.Creating architectures that minimize cyber risks impacting the integrity, availability, or confidentiality of organizational assets.Executing threat model analysis and authoring detailed patterns and standards to identify and reduce risk.Representing cyber security in the development and implementation of the overall enterprise architecture. Acting as the ambassador and senior technical representative for security while engaging with other senior technical leaders.Directly influencing security improvements across the entire technology stack.Analyzing, designing, and developing roadmaps and implementation plans.Implementing SSDF and DevSecOps practices across the applications.Migrating manual processes to leverage automation within cloud.Designing, implementing, integrating, and testing enterprise-class security and incident prevention solutions.Designing, implementing, integrating, and testing automated response, threat analysis, and IPS/IDS solutions.Mentoring junior staff as a resource for industry best practices, technical direction, and professional practice.Developing security strategy plans and roadmaps based on sound enterprise architecture practices.Developing security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.Tracking developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.Conducting security assessments of internal systems, applications, and IT infrastructure as part of the overall risk management practice of the organization.Conducting vulnerability assessments and other security reviews of systems, and prioritizing remediation based on the risk profile of the asset and guidance from the information technology management team.Reviewing and assessing security and infrastructure logs for indicators of compromise (IOCs) or other anomalous behavior within networks, applications, or user profiles.Ensuring that a complete, accurate, and valid inventory of all systems, infrastructure, and applications is conducted that should be logged by the security information and event management (SIEM) or log management tool.Coordinating with legal and/or privacy management to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommending controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.).Validating IT infrastructure and other reference architectures for security best practices and recommending changes to enhance security and reduce risk where applicable.Supporting the testing and validation of internal security controls as directed by Senior Security Architect.Reviewing security technologies, tools, and services, and making recommendations to organizational peers for their use based on security, financial, and operational metrics.Conducting incident response exercises with colleagues throughout the organization and incorporating lessons learned into existing security architectures and practices.Liaising with other security architects and practitioners to share best practices and insights.Performing control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls and recommending remedial action.Working with junior staff on deploying, tuning, and running vulnerability-scanning and penetration-testing tools.Following safety rules, guidelines, and standards for all projects. Participating in pre-task planning. Reporting any safety issues or concerns to management.Maintaining quality standards on all projects.Requirements:Bachelor's degree in Information Technology/Systems, Cybersecurity, Information Security, or related field and a minimum of 8 years' experience. Or, in lieu of degree, a minimum of 12 years of experience.Terracon is an EEO employer. We encourage qualified minority, female, veteran, and disabled candidates to apply and be considered for open positions. We do not discriminate against any applicant for employment, or any employee because of race, color, religion, national origin, age, sex, sexual orientation, gender identity, gender, disability, age, or military status.
#J-18808-Ljbffr