Overview

Sr, Manager – Security Architect Threat Modeling Job at SYSUSA, Inc. USA

Position Title: Sr, Manager Security Architect Threat Modeling

Develops and maintains security architecture, strategies, requirements, and standards for applications and platforms. Provides in-depth Technical Security guidance as the Security Subject Matter Experts (SME) for various technologies and project areas. Ensures company security policies, standards, and industry standards are communicated to program teams during the Software/System Development Life Cycle (SDLC) process. Able to create threat models and identify security overlays for architecture to identify gaps and work with project teams to improve security while retaining time to market, functionality and scalability. Reviews and approves Security Accreditation tasks during each phase of SDLC. Serves as point of escalation for security issues and risks that may arise. Has a broad knowledge in areas of Security such as Cloud Computing, Application, IAM, Cryptography, Infrastructure, and Risk.

CORE WORK ACTIVITIES

Standards & Business Partnership

  • Oversees, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.
  • Defines strategy and roadmap, provides guidance, creates standards and guidelines, and reviews and approves architectural designs. Ensures standards and guidelines incorporate legal and regulatory requirements.
  • Conducts security and privacy technology research, assessments, and integration processes; provides and supports a prototype capability and/or evaluates its utility
  • Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards
  • Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures
  • Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain
  • Advocates policy changes and makes a case on behalf of the company via a wide range of written and oral work products
  • Applies knowledge of priorities to define an entity’s direction, determine how to allocate resources, and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements
  • Manages and measures information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, risk management, security awareness, and other resources

MANAGEMENT COMPETENCIES
Leadership

  • Communication – Conveys information and ideas to others in a convincing and engaging manner through a variety of methods.
  • Leading Through Vision and Values – Keeps the organization’s vision and values at the forefront of employee decision making and action.
  • Managing Change – Initiates and/or manages the change process and energizes it on an ongoing basis, taking steps to remove barriers or accelerate its pace; serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges.
  • Problem Solving and Decision Making – Identifies and understands issues, problems, and opportunities; obtains and compares information from different sources to draw conclusions, develops and evaluates alternatives and solutions, solves problems, and chooses a course of action.
  • Professional Demeanor – Exhibits behavioral styles that convey confidence and command respect from others; makes a good first impression and represents the company in alignment with its values.
  • Strategy Development – Develops business plans by exploring and systematically evaluating opportunities with the greatest potential for producing positive results; ensures successful preparation and execution of business plans through effective planning, organizing, and on-going evaluation processes.
  • Managing Execution
  • Building a Successful Team – Uses an effective interpersonal style to build a cohesive team; inspires and sustains team cohesion and engagement by focusing the team on its mission and importance to the organization.
  • Strategy Execution Ensures successful execution across of business plans designed to maximize customer satisfaction, profitability, and market share through effective planning, organizing, and on-going evaluation processes.
  • Driving for Results – Sets high standards of performance for self and/or others; assumes responsibility for work objectives; initiates, focuses, and monitors the efforts of self and/or others toward the accomplishment goals; proactively takes action and goes beyond what is required.
  • Building Relationships
  • Customer Relationships – Develops and sustains relationships based on an understanding of customer/stakeholder needs and actions consistent with the company’s service standards.
  • Global Mindset – Supports employees and business partners with diverse styles, abilities, motivations, and/or cultural perspectives; utilizes differences to drive innovation, engagement and enhance business results; and ensures employees are given the opportunity to contribute to their full potential.

CANDIDATE PROFILE

Education and Experience Required:

  • Bachelor’s or master’s degree in computer science, information systems, cybersecurity or a related field or equivalent experience/certification.
  • 8+ years of Information Security experience in security engineering with experience in some or all of the following areas
  • Conducting security reviews and identifying risks and gaps
  • Performing security accreditations
  • Developing security architectures and strategies
  • Developing Enterprise security patterns
  • Working with development teams and vendor teams for implementing compensating controls
  • Experience in developing Enterprise Security Strategies.
  • Experience in reviewing and developing Security Architectures and identifying security risks/gaps as well as mitigation strategies
  • Ability to conduct independent research
  • Strong abilities and experience in documentation and written communication for diverse audiences
  • Experience working with diverse and distributed global teams. Direct management of cross functional, sourced, or matrixes teams globally
  • The security architect should have 3+ years combined experience in some or all of the following areas:
  • Experience securing CI/CD pipelines
  • Cryptography and current cryptographic standards, including PKI
  • Direct, hands-on experience or a strong working knowledge of vulnerability management tools
  • Working knowledge of the OWASP Top 10
  • Working knowledge of MITRE ATT&CK and CAPEC
  • Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
  • Experience designing the deployment of applications and infrastructure into internal, hybrid, and public cloud services
  • Full-stack knowledge of IT infrastructure:
  • Applications
  • Databases
  • Operating systems – Windows, Unix, and Linux
  • IP networks – WAN and LAN
  • Backup networks and media
  • Containers/Kubernetes and microservices

Preferred:

  • Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
  • Change management
  • Configuration management
  • Asset management
  • Incident management
  • Problem management
  • Proven ability to provide Security Requirements for areas including but not limited to; Cloud Computing, Application Development, IAM, Cryptography, and Infrastructure design and standards
  • Proven ability to understand large complex integrated solutions and provide the security needed between systems
  • Current information security certification(s), such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISC2 Certified Cloud Security Professional (CCSP), GIAC certifications, ITIL
  • Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK & CAPAC, STRIDE, NIST 800-53, CIS Benchmarks, etc.
  • Knowledge of securing technologies such as, but not limited to; SaaS services (i.e., O365, Salesforce), Application Design, Container Platforms (ie. Docker, Kubernetes), APIs, Serverless, Network Infrastructure, Operating Systems, Identity and Access Management
  • Knowledge of SDLC (Waterfall/Agile), DevSecOps, and good understanding of the ITIL Framework
  • Experience with IAM technologies and services:
  • Active Directory
  • Lightweight Directory Access Protocol (LDAP)
  • Cloud-based IAM
  • Single Sign-On and multi-factor authentication
  • Role-based access controls (RBAC)
  • Proficient in performing quantitative risk management analysis
  • Using ServiceNow to track activities, tasks, approvals, etc.
  • Strong negotiating, influencing and problem resolution skills
  • Proven ability to effectively prioritize and execute tasks in a high-pressure environment
  • Experience in business systems and process planning
  • Knowledge of business environment, service requirements and hospitality culture
  • Ability to translate information security objectives into mutually beneficial business strategies for the client organizations
  • Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action
  • Graduate/post graduate degree in cyber security

About the Company

Company: SYSUSA, Inc.

Company Location:  USA

Estimated Salary:

Upload your CV/resume or any other relevant file. Max. file size: 80 MB.

About SYSUSA, Inc.