Address
Form of workVichara is a Financial Services focused products and services firm headquartered in NY and building systems for some of the largest i-banks and hedge funds in the world.
Cloud Security Architect
The Cloud Security Architect is responsible for leading the development of cyber-Security Architecture in an agile environment, ensuring technology initiatives are implemented within the framework to secure one of our key government client's cloud environments. The right candidate will be accountable for strategic planning, architecture, and securing enterprise information by identifying network and application security requirements, implementing and testing security controls and procedures.
The primary areas of focus for the Cloud Security Architect is to advise in developing Cloud risk management strategies and multi-year implementation and remediation programs based on business priorities and risks to address Cyber-Security, Cyber Defense and Business needs of our customer.
KEY JOB RESPONSIBILITIES:
- Design security solutions for Azure cloud environments including leading architecture reviews for decision records. Knowledge areas include IAM with Entra ID/Azure Active Directory, posture management, workload protection, SIEM/SOAR, application software testing.
- Build architectural runway for infosec requirements for both infrastructure and application development teams. Collaborate with agile teams to ensure security requirements are met.
- fi
- Analyze and continuously monitor cybersecurity and privacy policies, processes and compliance artifacts, systems authorization, and management in a cloud environment.
- Analyze and map existing security controls and safeguards to compliance requirements for a cloud environment.
- Conduct architecture reviews and security impact assessments for technology and software development initiatives.
- Assist in the implementation a Azure Zero-Trust Architecture as a core part of all design and development of the cloud solution.
- Coordinate application and infrastructure risk mitigation and vulnerability remediation activities.
- Assist in the design, development, implementation, and deployment of a hybrid cloud solution in a FedRAMP High environment involving integration of hybrid cloud solutions with on-premises components and systems.
- Assess vulnerabilities and attacker tactics, techniques, and procedures (TTP) and provide incident response support to locate and prevent threats.
EXPERIENCE REQUIRED:
- Microsoft Azure Cloud experience preferred; GovCloud experience preferred.
- Education: Bachelor's degree in a technology field, Master's degree preferred.
- 5+ years' cyber related experience in a commercial environment with Azure, in a technical information security and risk management role.
- 5+ Firsthand working with the various Azure security tools/platforms such as Azure AD, Sentinel, Defender, Monitor, Key Vault, or similar in other platforms.
- 5+ years managing security policies and initiatives in Azure.
- Identity Access and Management concepts, multifactor authentication, SSO/Federation
- Privileged Access Management key concepts
- Ability to set up and configure the Azure security platforms, and function as an overall lead managing end to end security on the Azure Cloud regions.
- Vulnerability testing as it relates to Azure systems.
- Security concepts & tools related to CI/CD pipelines, and software scanning.
- Demonstratable understanding of Information Security and Risk Management capabilities related to cloud computing across Windows and Linux, with demonstrated direct experience with the following domains:
- Identity, Credential and Access Management (ICAM)
- Authentication and Authorization including SSO and Identify Federation
- Zero-Trust Model
- Defense-In-Depth
- Governance and Compliance
- Securing Data
- Securing the Operating System
- Protecting the Network Layer
- Continuous Diagnostics and Mitigation, Alerting, Audit Trail, and Incident Response
- Cloud Core Platform:Compute, Storage, Networking
OTHER EXPERIENCE DESIRED:
- INFOSEC Certifications: CISSP, CCSP, CISM
- Azure/AWS/Google Training and Certification
- Microsoft Certifications/Exams a recommended: Sc-100 Cybersecurity Architect; Sc-300 Identity and Access Administration; AZ-500 Azure Security Engineer
- Crowdstrike Falcon EDR for Azure
- Managing/maintaining FISMA compliance for a government information system in accordance with requirements from NIST.
- Demonstrated experience collaborating directly with external clients, business leadership, and auditors.
- Direct technical background, to include familiarity with servers, network devices, and security systems.
- Experience working as system or portfolio architect on agile release trains.
- Working knowledge of current NIST 800-53 for Azure and FedRAMP High for Azure, Azure CIS Benchmark compliance
- Working knowledge of Azure CAF and Terraform
- OpenText Fortify experience a plus.
Compensation - 200-220K
Benefits:
- Extended health care
- Dental care
- Life insurance
