Posted in Information Technology 30+ days ago.
Prudential is a diverse group working on multiple areas in the world of security architecture; identity and access management, cloud computing, software engineering, and general layered security in an enterprise. The security architect is responsible for designing security solutions that protect the business while allowing the business to execute and innovate. The security architect works closely with security engineering, platform engineering, application development, security operations, audit and end users. This position is also responsible for architecting solutions to secure business-to-business initiatives, third-party relationships, and vendors.
The security architect will provide guidance for addressing security issues but has the foresight to see where the industry is headed to proactively deliver optimal secure solutions. The architect is expected to think like an adversary and identify how solutions should evolve as the threat landscape changes. The architect possesses strong communication and organizational skills, and the ability to guide coworkers. The architect provides technical leadership to delivery and solution design team members.
Maintain working knowledge of technology security, compliance requirements and industry trends.
Research, validate, and deploy solutions meeting security and business needs.
Assist with development of security standards, policies, procedures, and processes.
Possess an agile focus across technology and security architecture, automation, integration, and distribution.
Drive security efficiencies, enabling security team members to work on more advanced tasks.
Collaborate with architects, other teams, product owners, and software engineers to drive implementation of new applications.
Partner, coach and functionally lead IT, engineering, development and business teams.
Estimate level of effort to develop code to meet acceptance criteria.
Automate security testing across build and release pipeline.
Perform engineering performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted.
Ensure adherence to continuous improvement practices as required to meet quality / time to market imperatives.
Evaluate proposed alterations to the infrastructure to ensure compliance with regulations and best practices.
Guide the company on proper implementation of security solutions.
Maintain records to document program development and revisions.
Perform other duties as assigned.
Innovative thinking with a passion for problem-solving.
Ability to provide a logical framework to support conclusions and ideas.
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
Great attitude, team player and energy amplifier. Flexible and adaptable to changing priorities and technologies.
Strong analytical and problem-solving skills.
Ability to work independently in a fast paced, unstructured environment.
Ability to communicate clearly end effectively with technical and business stakeholders.
Ability to execute in dynamic and highly technical organizations.
Ability to think strategically and tactically, with effective decision-making skills.
Highly trustworthy; leads by example.
Knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, and application controls.
Experience in cloud computing technologies, including software-, infrastructure- and platform-as-a-service, as well as public, private, and hybrid environments.
Experience developing server/client architecture using hybrid cloud environments.
Experience implementing and integrating security tools into CI/CD.
Experience in driving effective implementation and adoption of Security Development Lifecycle (SDL) and software maturity model.
Experience in building security processes, document important security tasks, develop procedures, policies, and process flow.
Experience as a technical lead or architect.
Familiarity with common application and network protocols, cryptographic technologies, public key infrastructure, common security threats, such as attack techniques, evasive techniques, and preventative & defensive methods.
Knowledge of common OS designs including Linux, Windows, microservices, and mobile platforms.
Awareness of regulatory and industry standards; GDPR, PCI, NIST, CIS/SANS 20, ISO 27xxx, etc.
Strong knowledge of web, security, network architectures, and cloud service providers such as AWS or Azure.
Knowledge of network infrastructure protocols such as TCP/IP, DNS, DHCP, VPN’s and support of network hardware, building and cabling infrastructure.
Background with experience in compliance obligations.
Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent training, education, and experience.
At least 4 years combined experience developing information systems, network services and/or cloud services.
CISSP, CISM, and/or SANS certification a plus.
Software development experience a plus.