Security Architect, US - Remote Opportunity
Company : Gartner
Job Location : Kansas, us
Posted on : 2021-05-06
Job Description :
What makes Gartner a GREAT fit for you? When you join Gartner, you’ll be part of a team with a no-limits mindset that helps the world become smarter and more connected. We’re the world’s leading research and advisory company that steers clients toward the right decisions with business and technology insights they can’t find anywhere else. Our associates enjoy a collaborative work environment with exceptional training and career development. If you like working with a curious, supportive, high-performing team, Gartner is the place for you. Interested in learning more, view and register for any of our upcoming recruiting events here!Position SummaryThe security architect plays an integral role in defining and assessing security strategy, architecture and practices. This person will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.Primary ResponsibilitiesDevelop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.Develop and maintain security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.Assess and manage vendor information security risk across the organization.Participate in application and infrastructure projects to provide security planning advice.Conduct threat modeling of services and applications that tie to the risk and data associated with the service or application.Conduct security assessments of internal systems, applications and IT infrastructure as part of the overall risk management practice of the organization.Review network segmentation to ensure least privilege for network access.Ensuring software products meet regulatory and security compliance requirements.SaaS providersCloud/infrastructure as a service (IaaS) providersAssess the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls," and report any findings to the CISO and vendor management teams.Conduct vulnerability assessments and other security reviews of systems, and prioritize remediation based on the risk profile of the asset and guidance from the CISO or other executive management.Conduct code reviews of applications to determine security flaws or other issues that would impact the confidentiality, integrity or availability of the system.Coordinate with DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices to the CISO or the individual responsible for the overall security direction.Review security technologies, tools and services, and make recommendations to the broader security team for their use based on security, financial and operational metrics.Take ownership of assignments & drive them to completion.Work collaboratively across functional areas for innovation to turn new ideas into reality.Job RequirementsEducationBachelor's or master's degree in computer science, information systems, cybersecurity or a related field.Security and Technical ExperienceThe senior security architect should have 7-10 years of direct, documented and verifiable experience with the following:Required Technical and Professional ExpertiseProven Communication, collaboration, and critical thinking skillsExperience working in security areas dealing with security controls, secure engineering, vulnerabilities, and audits, etc.Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and servicesWorking knowledge of cloud technologies with the ability to describe security concerns and what the impact might be for an organization.Full-stack knowledge of IT infrastructure:ApplicationsDatabasesOperating systems (Windows, Unix and Linux)HypervisorsIP networks (WAN, LAN)Preferred Technical and Professional Expertise10+ years of experience in the design and implementation of complex IT systems5-7+ years of experience in Information Security and proven experience in security architecture assessment and/or third party/vendor risk managementExperience reviewing application code for security vulnerabilitiesExperience with GRC tools and implementationsDirect, hands-on experience using vulnerability management toolsStrong familiarity with OWASP Top Ten, NIST, and CISUnderstanding and working experience with cloud/server/container security toolsDomain expertise in cloud network infrastructure technologies.Required CertificationsThe security architect will evidence his or her knowledge of security and risk management through ongoing continuing professional education. The ideal candidate will maintain one or more of the following certifications. CISSP,CCSP, AWS or Azure Security, CEH.