Cloud Security Architect
Posted on Sep 16, 2021 by Avid Technology, Inc.
Avid is looking for a Cloud Security Architect to join its information security team to become Avid's go-to technical expert on security architecture strategies and technologies. This is a highly visible leadership role requiring coordination across enterprise information security, infrastructure, development, engineering, product management, customer facing teams, non-technical teams, and senior management.
RESPONSIBILITIES AND DUTIES
We are looking for someone with a security mindset who is:
Hacker at Heart - must always think as an attacker, be able to understand threats and vulnerabilities, and whether they combine to become risks
Trusted Security Advisor - diplomatic but unrelenting, learning and teaching, tenacious but tactful. All of that to be able to rapidly establish themselves as trusted advisors to the business units and can translate technical risks into mitigation tactics business can benefit from.
Always Ready - prepared for the unexpected, by looking into the future and identifying more likely threats. Developing architectures that are resilient enough to survive business changes without compromising protection levels for the company.
Smart Investor - must be able to work creatively with the business, understand their needs and come up with solutions, with considerations to current resource or technology limitations.
Strategic Builder - will be able to collect business and technical requirements from all internal stakeholders, incorporate customer input, and utilize deep technical expertise to create a multi-year roadmap for protecting cloud resources, with recommendations on purchasing and partnering.
In coordination with the Chief Security Officer, the Cloud Security Architect will lead the design & development of the cloud security architectures, policies, procedures, methods, and tools in Avid cloud environments, utilizing information security industry best practices and modern automation tools to reduce the risk to the organization. The Cloud Security Architect will continuously work with engineering and product teams to review, assess compliance with policies, and advise on risks associated with projects.
QUALIFICATIONS & SKILLS
Overall Career Experience
10+ years of experience in Information Technology or related field, including:
3+ years of experience in a complex enterprise IT environment, for large-scale systems across multiple hardware and software platforms.
3+ years of experience in Information Security in one or more of the following practices:
Information Security Operations, Information security Engineering, Application Security, or Information Security Architecture.
Education, Certifications, Publishing/Presenting
Two of the following:
MS or MA (the field is irrelevant)
Any two CompTIA certification (Security+, Network+, etc.)
Any two vendor certifications (Microsoft, AWS, Google, Cisco, Juniper, Checkpoint, Palo Alto, CyberArk, etc.)
Any one of the GIAC certifications (GCIH, GSEC, GCED, GISP, etc.)
Any one of the ISACA certifications (CISA, CISM, etc.)
Any one of the ISC2 certifications (CISSP, etc.)
Published articles on Information Security topics
Being interviewed, participating on panels, or presenting at conferences on Information Security topics
Or any one of the following:
GSE (from GIAC)
CISSP-ISSxP (from ISC2)
Microsoft Azure Solutions Architect Expert
CyberArk Level 4: Guardian
Cisco Certified Internetwork Expert - Security
Cisco Certified Design Expert
Qualifications & Skills
Ability to think like an attacker
Ability and desire to advance technically
Ability and desire to educate others
Strong work ethics, attention to detail, and organizational skills.
Demonstrated ability to assume sole and independent responsibilities, and ability to keep track of numerous detail-intensive, interdependent tasks and ensure their accurate completion
Able to articulate and translate cyber security risks, both verbally and in writing, to business objectives for different audiences at varying levels of complexity
Experience in interacting and negotiating with other departments and executives
Hands-on experience developing security governance documentation, such as policies or standards in (any two or more):
Secure SaaS practices
Cloud vendors security best practices (Azure, AWS, GCP)
Risk assessment and management, threat modeling using STRIDE, PASTA, RTMP, etc.
Infrastructure and network security administration and hardening
Secure SDLC, security reviews for code/design/architecture and requirements
Security compliance frameworks such as FedRAMP or ISO270xx
Security best practices frameworks such as CSA CCM, OWASP, CIS
Identity management and authentication systems and protocols (Active Directory, LDAP, SAML, RADIUS)
Security of relational databases (MySQL, MS SQL Server, Oracle)
Expert understanding of SaaS, PaaS, IaaS cloud delivery models, differences between them, and coverage along the Shared Responsibility Model
Good understanding of networking technologies and protocols, including thorough understanding of the OSI model and comprehensive knowledge of common protocols and services for levels 2 through 7
Good understanding of system and network security principles
Good understanding of cyber security threats, trends, and technologies
Good understanding of terminology relating to risk, IT and security controls, compliance, AAA
Working knowledge Azure security stack, including Security Center, Azure Monitor, DDoS protection, Key Vault, AIP, Intune and WAF
Proven expertise in building a defense in depth infrastructure security architecture that includes security controls across multiple technology stacks.
Hands-on experience in the following categories (any two or more):
Automation & orchestration technologies to delivering infrastructure/security as code (Terraform, Azure Resource Manager, Chef, CloudFormation, Puppet).
Containerization technologies (Kubernetes, etc.)
Network engineering or operations (switches, routers, APs)
Network security (sniffers, taps, IDS/IPS, firewalls)
Endpoints security (web and email content filtering, endpoint protection)
Server OSs (Windows, Linux)
Virtualization technologies (VMWare, other virtualization technologies)
IaaS cloud environments (AWS, Azure, Google Cloud)
Monitoring systems (SolarWinds, Opsware, etc.)
Log management systems (LogRhythm, ELK, other SIEM)
Identity management systems (OKTA, OneLogin, Ping)
Environment and application/code vulnerability scanners (Nessus, Qualys, BlackDuck, etc.)
Code review for configuration management tools and Scripting languages
Set up alerts to get notified of new vacancies.