Security Architect
Security Architect
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
We are an IT Solutions Integrator/Consulting Firm helping our clients hire the right professional for an exciting long term project. Here are a few details.
Requirements
Role:Security Architect
Requirements
We are seeking a highly skilled Security Architect to assess design and implement security controls across various systems applications and cloud environments. The ideal candidate will have extensive experience in security architecture risk management cloud security encryption identity and access management (IAM) and API security. This role requires strong communication skills to convey security risks and solutions to both technical and nontechnical stakeholders.
Key Responsibilities:
Security Architecture Review:
Assess system designs to identify deficiencies in security controls.
Evaluate risks related to confidentiality integrity and availability (CIA).
Propose actionable recommendations and design alternatives to address identified risks.
Clearly communicate risks solutions and design choices to technical and nontechnical stakeholders.
Risk Management:
Perform structured risk assessments using methodologies such as OWASP Risk Rating or other qualitative frameworks.
Assess risks associated with systems applications and thirdparty services qualifying them in terms of likelihood and impact.
Develop tactical and strategic recommendations to remediate identified risks.
Collaborate with stakeholders to prioritize risk mitigation efforts based on business objectives and technical feasibility.
Provide clear and concise reports on risk findings and remediation strategies to leadership and crossfunctional teams.
Cloud Security:
Strong expertise in AWS services: IAM KMS RDS S3 EC2 GuardDuty CloudTrail Security Hub VPC ECS and EKS.
Familiarity with AWS WellArchitected Framework CIS Benchmarks and best practices for securing cloud environments.
Experience with M365 and Azure AD/Entra ID including conditional access policies Intune and hybrid identity configurations.
Proficiency in encryption at rest and in transit identitybased access controls and monitoring for cloud services.
Networking:
Indepth knowledge of cloud networking architectures including Direct Connect VPC peering hubandspoke design mesh networking and VPNs.
Expertise in network traffic controls: IDS/IPS WAFs TLS termination strategies (offload passthrough bridging) and load balancing.
Proficiency in certificate management certificatebased authentication and mutual TLS.
Encryption and Key Management:
Expertise in enterprise encryption best practices and secure key management.
Strong experience with AWS KMS AWS CloudHSM and other encryption solutions.
Proficiency with secrets management tools like HashiCorp Vault and CyberArk to secure sensitive credentials and encryption keys.
Identity and Access Management (IAM):
Strong understanding of Microsoft Active Directory Azure AD/Entra ID AWS IAM roles Okta PingFederate Radius and TACACS.
Proficiency in authentication mechanisms: SAML OAuth OIDC FIDO and MFA.
Expertise in managing human credentials and nonhuman credentials (e.g. machine/system accounts service principals application secrets).
Familiarity with tokenbased authentication methods including JWT OAuth tokens and API keys.
Knowledge of entitlements management including rolebased and attributebased access controls.
API Security:
Strong experience with API gateways like Apigee and AWS API Gateway.
Expertise with AWSnative API security tools: Amazon WAF Lambda Authorizers AWS Cognito and AWS CloudFront.
Familiarity with advanced API security tools like Imperva and SALT Security.
Proficiency in tokenbased API security mechanisms rate limiting throttling and mutual TLS.
Secure Software Development Lifecycle (SDLC):
Strong knowledge of the OWASP Web Top 10 and OWASP API Top 10 for identifying and mitigating vulnerabilities.
Ability to review application architectures for vulnerabilities secure session management and business logic flaws.
Proficiency with secure coding practices token validation and managing session lifecycles.
SaaS Security:
Expertise in assessing and securing SaaS and PaaS services with SSO integration MFA SIEM monitoring and rolebased access controls.
Ability to evaluate SaaS vendors security posture by reviewing SOC reports BCDR documentation and ISO certifications.
Understanding of multitenancy vs. dedicated tenancy models and associated risks.
Experience implementing BYOK (Bring Your Own Key) and HYOK (Hold Your Own Key) models for SaaS services.
Streaming and Big Data Security:
Expertise in securing streaming solutions like Kafka RabbitMQ IBM MQ AWS Kinesis and Firehose.
Familiarity with big data solutions like Snowflake and Cassandra including managed Cassandra instances.
Knowledge of Snowflake security best practices including access controls encryption and data governance.
Database Security:
Expertise in database activity monitoring and security best practices for relational and nonrelational databases.
Understanding of availability models such as log shipping snapshots and readonly replicas.
Proficiency in designing and reviewing secure database architectures using AWS RDS and other managed solutions.
Business Continuity and Disaster Recovery (BCDR):
Deep understanding of high availability fault tolerance and disaster recovery in cloud and traditional environments.
Proficiency in designing multiAZ vs. multiregion architectures for disaster recovery and fault tolerance in AWS.
Expertise in backup restore and replication strategies for cloud and onpremises environments.
SIEM and Log Management:
Proficiency with SIEM platforms (e.g. Splunk) for log correlation event monitoring and actionable alerting.
Required Certifications:
CISSP (Certified Information Systems Security Professional) Required
Benefits
Visit us at . Alignity Solutions is an Equal Opportunity Employer M/F/V/D.
We are seeking a highly skilled Security Architect to assess, design, and implement security controls across various systems, applications, and cloud environments. The ideal candidate will have extensive experience in security architecture, risk management, cloud security, encryption, identity and access management (IAM), and API security. This role requires strong communication skills to convey security risks and solutions to both technical and non-technical stakeholders. Key Responsibilities: Security Architecture Review: Assess system designs to identify deficiencies in security controls. Evaluate risks related to confidentiality, integrity, and availability (CIA). Propose actionable recommendations and design alternatives to address identified risks. Clearly communicate risks, solutions, and design choices to technical and non-technical stakeholders. Risk Management: Perform structured risk assessments using methodologies such as OWASP Risk Rating or other qualitative frameworks. Assess risks associated with systems, applications, and third-party services, qualifying them in terms of likelihood and impact. Develop tactical and strategic recommendations to remediate identified risks. Collaborate with stakeholders to prioritize risk mitigation efforts based on business objectives and technical feasibility. Provide clear and concise reports on risk findings and remediation strategies to leadership and cross-functional teams. Cloud Security: Strong expertise in AWS services: IAM, KMS, RDS, S3, EC2, GuardDuty, CloudTrail, Security Hub, VPC, ECS, and EKS. Familiarity with AWS Well-Architected Framework, CIS Benchmarks, and best practices for securing cloud environments. Experience with M365 and Azure AD/Entra ID, including conditional access policies, Intune, and hybrid identity configurations. Proficiency in encryption at rest and in transit, identity-based access controls, and monitoring for cloud services. Networking: In-depth knowledge of cloud networking architectures, including Direct Connect, VPC peering, hub-and-spoke design, mesh networking, and VPNs. Expertise in network traffic controls: IDS/IPS, WAFs, TLS termination strategies (offload, passthrough, bridging), and load balancing. Proficiency in certificate management, certificate-based authentication, and mutual TLS. Encryption and Key Management: Expertise in enterprise encryption best practices and secure key management. Strong experience with AWS KMS, AWS CloudHSM, and other encryption solutions. Proficiency with secrets management tools like HashiCorp Vault and CyberArk to secure sensitive credentials and encryption keys. Identity and Access Management (IAM): Strong understanding of Microsoft Active Directory, Azure AD/Entra ID, AWS IAM roles, Okta, PingFederate, Radius, and TACACS. Proficiency in authentication mechanisms: SAML, OAuth, OIDC, FIDO, and MFA. Expertise in managing human credentials and non-human credentials (e.g., machine/system accounts, service principals, application secrets). Familiarity with token-based authentication methods, including JWT, OAuth tokens, and API keys. Knowledge of entitlements management, including role-based and attribute-based access controls. API Security: Strong experience with API gateways like Apigee and AWS API Gateway. Expertise with AWS-native API security tools: Amazon WAF, Lambda Authorizers, AWS Cognito, and AWS CloudFront. Familiarity with advanced API security tools like Imperva and SALT Security. Proficiency in token-based API security mechanisms, rate limiting, throttling, and mutual TLS. Secure Software Development Lifecycle (SDLC): Strong knowledge of the OWASP Web Top 10 and OWASP API Top 10 for identifying and mitigating vulnerabilities. Ability to review application architectures for vulnerabilities, secure session management, and business logic flaws. Proficiency with secure coding practices, token validation, and managing session lifecycles. SaaS Security: Expertise in assessing and securing SaaS and PaaS services with SSO integration, MFA, SIEM monitoring, and role-based access controls. Ability to evaluate SaaS vendors security posture by reviewing SOC reports, BCDR documentation, and ISO certifications. Understanding of multi-tenancy vs. dedicated tenancy models and associated risks. Experience implementing BYOK (Bring Your Own Key) and HYOK (Hold Your Own Key) models for SaaS services. Streaming and Big Data Security: Expertise in securing streaming solutions like Kafka, RabbitMQ, IBM MQ, AWS Kinesis, and Firehose. Familiarity with big data solutions like Snowflake and Cassandra, including managed Cassandra instances. Knowledge of Snowflake security best practices, including access controls, encryption, and data governance. Database Security: Expertise in database activity monitoring and security best practices for relational and non-relational databases. Understanding of availability models such as log shipping, snapshots,
Employment Type
Full Time
