Not Authorized
You are currently not authorized to access this section.
Please contact your Administrator to change your authorization settings.
Please contact your Administrator to change your authorization settings.
Security - Security Architect (Financials)
Arlington, VA
Job Description
Security Architect (Financials/Banking)
Hydrid/Arlington, VA
MUST:
Experienced Security Architect (Financials/Banking)
5-10+ yrs relevant experience security architect exp in the financial/ insurance/banking environment
Advanced technical training and experience with auditing and maintaining security of systems and information is required.
Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF.
Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
Verifiable experience reviewing application code for security vulnerabilities.
Experience securing CI/CD pipelines
Direct, hands-on experience or a strong working knowledge of vulnerability management tools.
Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
Experience designing the deployment of applications and infrastructure into public cloud services.
Regulations, Standards and Frameworks Knowledge
Payment Card Industry Data Security Standard (PCI-DSS)
General Data Protection Regulation (GDPR),Privacy Practices,ISO 27001/2
NIST Cybersecurity Framework (CSF)
Full-stack knowledge of IT infrastructure:
Applications,Databases,Operating systems - Windows and Linux
Hypervisors,IP networks - WAN and LAN,Storage networks - Fibre Channel, iSCSI and NAS,Backup networks and media
Direct experience designing IAM technologies and services :
Active Directory, Lightweight Directory Access Protocol (LDAP)
Amazon Web Service (AWS) IAM
Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
Change management,Configuration management,Asset management
Incident management,Problem management
Computer Science or related Bachelor's degree and 5-10 years of relevant experience required.
Advanced technical training and experience with auditing and maintaining security of systems and information is required.
DUTIES:
Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
Works cooperatively with all staff to meet the business and customer needs while managing processes and methods for auditing and addressing information security standards; and facilitates migration of non-compliant environments to compliant environments
Informs and conducts security audits within and outside the organization, to ensure compliance with standards and currency with industry security norms
Manages and participates in the planning and implementation of security administration for all IT projects; and makes recommendations and assists in the implementation of changes to work methods and procedures to make them more effective or to strengthen security measures
Develops security strategy plans and roadmaps based on sound enterprise architecture practices
Develops and maintains security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
Determines baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM)
Participate in the design and execution of the back-up disaster recovery systems, and contingency operations; and participates in systems back-up regimen as needed
Create and maintain a security training program, and perform regular security awareness training for all employees, to educate and ensure compliance with the organization's security policies, standards, and procedures
Responsible for maintaining project software and documentation inventory and configuration baselines
Establishes and maintains all CM processes and procedures; including library and software development information, impact assessments, incident reports, and software change notices, etc.; on a continuous basis
Identifies and implements processes to strengthen, streamline and automate build processes; and serve as an advocate for best practices to drive the development and maintenance of build automation tools
Maintain operational configurations of all in-place solutions as per the established baseline control efforts, using automated CM tools
Responsible for change management controls and reporting/documentation
Manage relationships with contractors and vendors as needed
Establishes a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the network operations center (NOC)
*Quadrant, Inc. is an equal opportunity and affirmative action employer. Quadrant is committed to administering all employment and personnel actions on the basis of merit and free of discrimination based on race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or status as an individual with a disability. Consistent with this commitment, we are dedicated to the employment and advancement of qualified minorities, women, individuals with disabilities, protected veterans, persons of all ethnic backgrounds and religions according to their abilities.
Hydrid/Arlington, VA
MUST:
Experienced Security Architect (Financials/Banking)
5-10+ yrs relevant experience security architect exp in the financial/ insurance/banking environment
Advanced technical training and experience with auditing and maintaining security of systems and information is required.
Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF.
Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
Verifiable experience reviewing application code for security vulnerabilities.
Experience securing CI/CD pipelines
Direct, hands-on experience or a strong working knowledge of vulnerability management tools.
Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
Experience designing the deployment of applications and infrastructure into public cloud services.
Regulations, Standards and Frameworks Knowledge
Payment Card Industry Data Security Standard (PCI-DSS)
General Data Protection Regulation (GDPR),Privacy Practices,ISO 27001/2
NIST Cybersecurity Framework (CSF)
Full-stack knowledge of IT infrastructure:
Applications,Databases,Operating systems - Windows and Linux
Hypervisors,IP networks - WAN and LAN,Storage networks - Fibre Channel, iSCSI and NAS,Backup networks and media
Direct experience designing IAM technologies and services :
Active Directory, Lightweight Directory Access Protocol (LDAP)
Amazon Web Service (AWS) IAM
Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
Change management,Configuration management,Asset management
Incident management,Problem management
Computer Science or related Bachelor's degree and 5-10 years of relevant experience required.
Advanced technical training and experience with auditing and maintaining security of systems and information is required.
DUTIES:
Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
Works cooperatively with all staff to meet the business and customer needs while managing processes and methods for auditing and addressing information security standards; and facilitates migration of non-compliant environments to compliant environments
Informs and conducts security audits within and outside the organization, to ensure compliance with standards and currency with industry security norms
Manages and participates in the planning and implementation of security administration for all IT projects; and makes recommendations and assists in the implementation of changes to work methods and procedures to make them more effective or to strengthen security measures
Develops security strategy plans and roadmaps based on sound enterprise architecture practices
Develops and maintains security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
Determines baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM)
Participate in the design and execution of the back-up disaster recovery systems, and contingency operations; and participates in systems back-up regimen as needed
Create and maintain a security training program, and perform regular security awareness training for all employees, to educate and ensure compliance with the organization's security policies, standards, and procedures
Responsible for maintaining project software and documentation inventory and configuration baselines
Establishes and maintains all CM processes and procedures; including library and software development information, impact assessments, incident reports, and software change notices, etc.; on a continuous basis
Identifies and implements processes to strengthen, streamline and automate build processes; and serve as an advocate for best practices to drive the development and maintenance of build automation tools
Maintain operational configurations of all in-place solutions as per the established baseline control efforts, using automated CM tools
Responsible for change management controls and reporting/documentation
Manage relationships with contractors and vendors as needed
Establishes a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the network operations center (NOC)
Job Summary
Company
Start Date
As soon as possible
Employment Term and Type
Regular, Full Time
Required Education
Bachelor's Degree
Required Experience
5 to 10 years
Email this Job to Yourself or a Friend