Chewy - Dania Beach, FL
The Information Security Architect will take a lead role in defining and assessing security policy, strategy, architecture, and practices to support business objectives and risk management strategies in our Dania Beach, FL office. He or she will work with other architects and the security operations team to ensure that information security is fully integrated into the enterprise technology architecture and will help IT project teams to plan and architect their solutions consistent with the enterprise security architecture. The information security architect will be the highest point of escalation for security incidents. The information security architect will advocate for security requirements and objectives while ensuring that security architectures and practices do not impede the needs of the business.
What You'll Do:
- Develop and maintain a security architecture that supports business goals and mitigates information security risk.
- Experience in leading the creation and adoption of enterprise software security standards and controls
- Partner, guide and inspire development teams to address security concerns
- Holds self and others to a high standard and takes initiative to define and drive winning solutions
- E-commerce background; knowledge of E-commerce platform process and technologies
- Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) for reference and use by IT project teams.
- Track developments and changes in the business and information security environments and update the enterprise security architecture accordingly.
- As a member of several Architecture Review Boards, validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks.
- Work with Security Operations staff to develop security strategy, plans, and roadmaps to implement the security architecture. Help Security Operations to review and select security technologies, tools and services to implement the roadmaps. Provide high-level requirements and direction for information security projects.
- Provide input to security policies and standards.
- Work closely with the Project Management to ensure that corporate Information Security is fully aware of the IT project pipeline and that new projects receive all necessary information security risk assessment, requirements, planning advice, and engineering assistance.
- Advise application and infrastructure project teams on information security planning, policy, and architecture and provide high-level security requirements to projects. As a member of the Architecture Review Boards, verify that planned projects conform to IT and security architectures and policies. Hand off to Security Engineering staff to provide detailed security technical requirements; help IT projects design and implement security solutions in accordance with board guidance.
- As a member of the Change Advisory Board, verify that proposed system and infrastructure changes conform to information security policy and standards. Hand off to Security Engineering staff to help IT teams remediate deficiencies, if necessary.
- Work with IT teams and the ARB to document storage and transmission of sensitive information and provide architecture and requirements to ensure that this data is secured in accordance with PCI and SOX policy.
- Help the GRC team to evaluate the design and effectiveness of security controls.
What You'll Need:
- The successful candidate will demonstrate strong critical thinking and problem-solving skills and will be able to act ethically and confidentially, work as part of a team, communicate clearly and concisely both verbally and in writing, adapt to rapidly changing priorities, and work on multiple projects simultaneously.
- Teamwork and Communication: The security architect must be a consummate team player who readily shares information, facilitates dialogue, and brokers compromises among security, IT, and business stakeholders. He or she must be able to translate security-related matters into business terms that are readily understood by colleagues and must effectively present findings verbally and in writing.
- Business and Organizational Acumen: The security architect is keenly aware of the dynamics of Client business and how IT and information security can support the business. He or she will develop approaches and solutions that serve organizational strategies and goals
- Conceptual Thinking: The security architect's role is primarily strategic and conceptual, not operational. He or she must recognize abstract patterns and relationships among apparently unrelated entities and situations. He or she will apply appropriate concepts and theories in the development of principles, practices, techniques, tools and solutions.
- Openness to Learning: The security architect takes personal responsibility for personal growth and changes his or her own ideas. He or she learns from others, inside and outside the organization, tries new approaches, and broadens the scope of work to learn from work assignments.
- Expert level knowledge of the Amazon Well Architected framework.
- Extensive knowledge of service-oriented architectures.
- In-depth understanding of the cyber kill chain.
- Expert level knowledge of TCP/IP & advanced networking concepts.
- Proficiency with advanced network and endpoint security technologies.
- Ability to perform manual end-to-end testing and validation of security vulnerabilities; Red team experience.
- Ability to work independently with little to no supervision and deliver quality work.
- Excellent communication skills with emphasis on the ability to explain complex security topics to laypersons and key stake holders.
- Understanding of the PCI DSS 3.2 framework and experience implementing technical controls to meet its requirements.
- Understanding of the COBIT 5 framework and applicable SOX technical controls.
- Ability to develop scripts and extend tools using Python, shell scripting, Java, Golang, Ruby, PowerShell etc.
- Familiarity with common security assessment tools such as BURP, Metasploit, SQLMAP, ZAP, Nessus, Nikto, Beef, Wireshark, TCPDUMP, Ettercap etc.
- Understanding of common web application frameworks.
- Expert level knowledge of the OWASP top 10.Security Certifications Preferred (Including but not limited to the following certifications):
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GCIA)
- Certified Network Penetration Tester (GPEN)
- Certified Web Application Penetration Tester (GWAPT)
- Offensive Security Certified Professional (OSCP)
- Splunk Power User and Above
- Certified Expert Penetration Tester (CEPT)
- Certified Information Systems Security Professional (CISSP)
- Networking Certifications (CCNA, etc)
- Platform Certifications (AWS, Microsoft, Linux, Solaris, etc)
- This position may require travel.
Want to discover the best jobs and companies?
Welcome to the next step in your career
Maia is a daily email with jobs and career advice.
Discover jobs that are a fit for you, with Maia’s smart job matching.