Center for Internet Security, Inc.

Security Architect - Remote

Job Locations US
ID
2021-1402
Category
Software Development, Tools and Information Technology
Type
Regular Full-Time
Remote?
Yes

Overview

CIS (Center for Internet Security) is the trusted guide to confidence in the connected world. CIS collaborates with the global security community to lead both government and private-sector entities to security solutions and resources. CIS is an independent, not-for-profit organization.

 

This role will partner with organizational team members to promote the CIS mission and help support our growth. The primary purpose of this position is to evaluate and direct security within the software development lifecycle, as well as current and future infrastructure deployments at CIS. This role will focus on current security measures, identification of opportunities for strengthening infrastructure designs, develop practices, and testing methods in a complex multi-tiered on premise and cloud environment.

 

The successful candidate will be a subject matter expert in the design, use and measurement of secure practices, security assessment tooling, writing detailed technical specifications for security solutions, product designs, and cloud infrastructure. They will be able to span application, infrastructure, operations, and IT/business services disciplines and will have domain expertise that is applicable across teams. This individual will establish relationships and serve as a trusted advisor for multiple departments.

What You'll Do

  • Develop and execute the vision of secure design, secure coding, secure deployment, and secure operations to build a broad approach to secure practices at CIS
  • Architect, design and analyze information security systems and applications and recommend security measures to senior leaders
  • Act as an authority to interpret the results from vulnerability scans (multifaceted testing and static code analysis) and work with developers to remedy vulnerabilities
  • Monitor and triage vulnerabilities reported by vendors and researchers
  • Evaluate/apply new and emerging security technologies and solutions and recommend business and process improvement
  • Mentor junior team members or cross-functional team members
  • Work closely with internal and external partners and vendors to develop comprehensive solutions and ensure the roadmap aligns with the technology profile of CIS
  • Maintain sound records and organized reference material related to the security roadmap, architecture(s) and technology specifications
  • Other responsibilities as assigned

What You'll Need

  • Bachelor’s degree in a related field*
  • 5+ years of IT or software development experience
  • Practical knowledge of security standards and compliance (e.g., CIS Controls, OWASP, SOC2, ISO27001, NIST 800-171, GDPR, etc.)
  • Shown knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers (MITRE ATT&CK)
  • Knowledge of cloud-based infrastructures and how they affect security needs
  • Ability to read and understand system data including security event logs, system and application logs
  • Solid grasp of enterprise wide technologies, including databases, operating systems, web applications, etc.
  • Familiarity with Continuous Integration/Continuous Deployment (CI/CD) and configuration tools and practices
  • Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Tenable.io, Metasploit)
  • Experience with cloud implementations and security controls
  • Experience with data protection, data management and the institution of sound data controls within an enterprise
  • Experience working with diverse teams, diverse vendors and a multi-vendor environment
  • Must be authorized to work in the United States

It's a Plus if You Have:

  • Non-Profit experience
  • Master degree in either Computer Science, Cybersecurity, Software Engineering.
  • Hand’s on experience with Agile development methodologies (Scrum, Kanban, Lean, etc.)
  • Utilization of SAST and DAST tools for code analysis and scanning
  • Possess current security certifications (e.g., CISSP, CISM, GIAC, AWS)

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

 

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed