Category: Information Security
Company Description: Award-Winning International Airline
Salary: Highly Competitive, Depending on Experience
Position Type: Permanent
Job Number: 10320
The Senior Security Architect supports the business by ensuring information security is integrated into the essential project and program activities. The Senior Architect ensures risks are treated in a consistent and effective manner. The Senior Security Architect is to promote responsible security behavior.
· Oversees and documents IT security aspects of the EA, including vulnerability assessment, design, access, and authentication.
· Ensures security profiles are established and maintained for all significant applications.
· Works closely with other functional area architects and security specialists to ensure adequate security solutions are in place throughout all systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
· Contributes to the development and maintenance of the information security strategy.
· Evaluates and develops secure solutions, based on approved security architectures.
· Researches, designs and advocates new technologies, architectures, and security products.
· Develops the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.
· Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.
· Communicates security risks and solutions to business partners and IT staff.
· Other duties as assigned
Minimum Experience and Qualifications
· Bachelors in Computer Science
· Five (5) years information technology experience
· Five (5) years information security experience
· Understands the concepts of and techniques for secure programming.
· Security vulnerabilities/weaknesses - fundamental causes of vulnerabilities through which most attacks are exploited. Able to recognize and categorize the most common types of vulnerabilities and associated attacks.
· Network Protocols - familiar with protocols such as IP, TCP, UDP, ICMP, ARP, RARP, TFTP, FTP, HTTP, HTTPS, SNMP, and SMTP. Understand how these protocols work, what they are used for, the differences between them, some of the common weaknesses, etc.
· Network applications and services – expertise in the purpose of the application or service, how it works, common usage, secure configurations, and the common types of threats or attacks against the application or service, as well as mitigation strategies.
· Host/System Security Issues – expertise in security issues at a host level for the various types of operating systems (Windows and UNIX). Experience in using the operating system (user security issues) and some familiarity in managing and maintaining the operating system as an administrator.
· Valid CRISC certified (or equivalent)
· Must pass a ten (10) year background check and pre-employment drug test
· Must be legally eligible to work in the country in which the position is located
Preferred Experience and Qualifications
· Implemented Cloud Security
· Information security principles
· Collect and review information, including existing documentation, regarding the organization’s internal and external business and IT environments to identify potential or realized impacts of IT risk to the organization’s business objectives and operations
· Identify risk appetite and tolerance for solutions defined by senior leadership and key stakeholders to ensure alignment with business objectives
· Consult with risk owners to select and align recommended risk responses with business objectives and enable informed risk decisions
Andiamo provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Andiamo complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Please Note: All inquiries will be treated with the utmost confidentiality. Your resume will not be submitted to any client company without your prior knowledge and consent.