Job Summary: 

The Junior Security Architect executes routine information security architecture activities related to standards, documentation, design, integration, deployment, monitoring, analyzing, and improving systems. With guidance from management and senior team members, supports the implementation and maintenance of appropriate application and information security standards, procedures and products. Assists senior staff in the evaluation, development, implementation and operational aspects of security standards, procedures and guidelines for multiple platforms and diverse systems environments.  This role follows the architecture track for career advancement and partners with our infrastructure and development teams to ensure architectures are sound, conform to standards and are built efficiently and securely.

Job Expectations: 

• Assist in security reviews of architectures, ensuring standards are adhered to, documenting standards

• Respond to security events, analyze flagged events,  and partner with others in the security team to research the patterns of those events

• Understand the active incident detection and response patterns in order to facilitate building automation and architecture to remediate and reporting

• Learn to configure and tune tools related to monitoring security  

• Assist in managing remediation of any findings from internal or external assessments

• Perform security reviews on request of new modules, components, systems and integrations

• Assist in SOAR (Security Orchestration and Automated Response) , utility and script development to improve automation around threat identification and threat hunting

• Research, validate and deploy solutions meeting security and business needs

• Integrate and support security tools

• Remain current with new security threats and assess systems to ensure they can defend the business

• Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership

• Create and maintain, with guidance, architectural models and architectural threat models of systems

• Possess a DevOps focus across technology and security architecture, automation, integration and distribution

• Support our compliance programs (such as PCI-DSS) by helping implement and document controls, examining evidence for compliance to standards and perform recurring pen-tests of applications in scope

• Conduct engineering performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job.  Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

Knowledge, Skills and Abilities:

    Required:

• Ability to work in a fast paced, rapidly changing environment and a strong desire to learn

• Current understanding of modern DevOps practices, software design patterns and architectures

• Experience with prevalent cloud environments (e.g. AWS, GCP, Azure, …)

• A working knowledge of application security practices and concepts including intrusion detection/ prevention, authentication, authorization and access controls, risk assessment, vulnerability mitigations, code integrity, and data encryption

• Understanding of PCI-DSS and EU GDPR

• Knowledge researching, analyzing and recommending information security solutions

• High degree of accuracy and attention to detail

• Excellent organizational skills and ability to multitask

• Experience with agile development and introducing product security stories

• Ability to drive security efficiencies, enabling security team members to work on more advanced tasks

• Experience designing or reviewing designs of resilient systems in public and private clouds including containerized workloads

• Experience with various tooling in information security

Equipment Knowledge: 

• Experience with Microsoft Office Suite (Word, Excel, PowerPoint)

• Experience with Google Business Suite (Gmail, Drive, Docs, Sheets, Forms) preferred

Experience Requirements:

Generally two (2) or more years experience within information security. Experience in cloud environments strongly preferred ( AWS, GCP, Azure, etc) and some experience identifying, assessing, and remediating technical security vulnerabilities preferred.

Education Requirements: 

Bachelor’s Degree or higher in Information Technology, Information Security, Computer Science, or a related field strongly preferred. Advanced industry certification, e.g. CCSK, CCSP, TOGAF, Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), CISSP, preferred. A demonstrable strong experience may be considered as a replacement for a college degree.

#LI-KF1