Cloud Security Architect

Job Description
The Legal Aid Society, the nation's oldest and largest nonprofit law firm serving New York City, exists for one simple yet powerful reason: to ensure that no one is denied the right to equal justice because of poverty. For over 140 years, we have protected, defended, and advocated for those who have struggled in silence for far too long - working on the front lines and behind the scenes to offer our clients the exceptional legal services they deserve. Through our Civil, Criminal Defense, and Juvenile Rights Practices, we offer an unmatched depth and breadth of legal expertise to vulnerable New Yorkers in over 300,000 legal matters each and every year. Every day, in every borough.
The 2,200+ members of our staff who directly represent clients, advocate and litigate for systemic reform, and provide the administrative infrastructure for our organization are key to our success and ability to meet our mission.
Legal Aid seeks a highly skilled and experienced Cloud Security Architect to join our dynamic team. The Cloud Security Architect will play a critical role in ensuring the security of our digital infrastructure, applications, and data assets. This individual will lead efforts to design, implement, and maintain robust, primarily cloud-based security solutions that protect our organization from cyber threats and vulnerabilities. The Cloud Security Architect is a member of the Network Infrastructure team within the Information Technology (IT) unit. A Security Architect with deep network infrastructure roots, you will be responsible for the design, build, testing, and implementation of security systems across our entire network, on-premise in 23 locations and in the cloud. Responsibilities include reviewing our current security measures, recommending enhancements, identifying areas of weakness, and responding promptly to security incidents. You will also be responsible for conducting regular system tests and ensuring the continuous health of the network's security.
ESSENTIAL DUTIES/RESPONSIBILITIES

• Cloud Security Strategy: Develop and implement a comprehensive Cloud Security strategy, aligned with industry best practices and compliance requirements
• Architecture Design: Plan, Research and Design secure cloud architecture solutions for our LAN and Azure environments, considering factors such as identity and access management, network security, data protection, and disaster recovery
• Security Assessment: Conduct risk assessments and security audits of cloud environments to identify vulnerabilities and recommend remediation strategies. Research and design public key infrastructures, certification authorities, and digital signatures, and ensure all personnel have role and need based data access
• Security Policies: Develop and enforce Cloud Security policies, standards, and procedures to ensure compliance with regulatory requirements and industry standards. Review and approve the installation requirements for LANs, WANs, VPNs, routers, firewalls, and related network devices
• Incident Response: Develop and maintain an incident response plan for Cloud Security breaches and assist in incident investigations and resolution. Respond quickly and effectively to all security incidents and provide post-event analyses
• Security Monitoring: Implement Cloud Security monitoring tools and techniques to detect and respond to security threats in real-time. Test security systems and update and upgrade them
• Security Awareness: Promote security awareness and best practices, remain up to date with the latest security systems, standards, authentication protocols, and products
• Training: Be the lead Cybersecurity Trainer for team members and end-users
• Vendor Evaluation: Evaluate and select security tools and technologies for Cloud Security, including third-party security vendors and services
• Documentation: Create and maintain comprehensive documentation related to Cloud Security configurations, policies, and procedures. Establish disaster recovery procedures and conduct security breach drills
• Collaboration: Collaborate with cross-functional teams, including DevOps, IT, and compliance, to integrate security into the cloud development lifecycle

Requirements

• A master's degree in IT, computer science, or related field, or equivalent experience.
• Industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), ISSAP, GIA or AWS/GCP/Azure certifications
• Experience implementing CJIS a big plus
• Proven experience in Cloud Security Architecture, with a focus on Azure.
• Strong knowledge of Cloud Security best practices, including IAM, network security, encryption, and container security.
• Experience with security assessment tools and practices.
• Excellent communication and collaboration skills.
• Strong problem-solving and critical-thinking abilities.
• Familiarity with compliance frameworks (e.g., NIST, CIS, GDPR) is desirable.
• Deep knowledge of application security standards including PKI/certificate-based security
• Deep experience architecting and managing security platforms offered by enterprise vendors such as Cisco, Meraki, Microsoft, Dell
• Expert level familiarity with Microsoft Defender for cloud and M365 DevSecOps
• Deep knowledge of M365 logging, auditing, reports, Purview, analytics, Graph API, Fabric
• Technical training and user training skills
• 5-10 years' experience in information security and IT risk management
• 5 Years' Experience Managing Network Security Devices
• 7+ years of experience in a technical infrastructure or systems role prior to security experience within the networking discipline
• Excellent analytical, problem solving, and decision-making skills
• A strong working knowledge of current IT risks, security implementations
• Strong knowledge of Microsoft computer operating and software programs
• Excellent problem-solving, communication, and interpersonal skills

COMPETENCIES

• Decision-making: Makes excellent, timely decisions
• Problem solving: Develops adaptive and creative solutions to complex problems
• Teamwork: Demonstrates a commitment to cooperate and collaborate with others while contributing towards a common goal
• Attention to detail: Thoroughness in accomplishing a task through concern for all the areas involved, no matter how small
• Planning and organizing: Prioritizes tasks in order to manage time and resources effectively
• Bias to action: quick responder on all communication channels including email, voice, chat, text
• Client service: understands and aligns to servant leadership principles on cybersecurity

SALARY TRANSPARENCY
The posting reflects the range of potential salaries for the role. The specific salary offers will be dependent on candidate qualifications, including collectively bargained salary steps for unionized roles.
Salary Range/ Salary:$136,000-$144,750
SALARY AND BENEFITS
The leadership of The Legal Aid Society believes in attracting and retaining exceptional talent committed to serving our clients. We offer a generous benefits package including health insurance, paid vacation, disability, and life insurance, and more. Salaries for our unionized jobs are governed by our Collective Bargaining Agreement. Please visit our Careers page for additional information. Salary and benefits information will be available to applicants, when and if, an offer is made.
OUR COMMITMENT TO DIVERSITY, EQUITY, AND INCLUSION
The leadership of The Legal Aid Society is committed to a work culture of zealous advocacy, respect, diversity and inclusion, client-oriented defense, access to justice and excellent representation. We are dedicated to building a strong professional relationship with each of our clients, to understanding their diverse circumstances, and to meeting their needs. Our ability to achieve these goals depends on the efforts of all of us.
HOW TO APPLY
All applications must be completed online. We do not accept paper submissions. Please visit our Careers Page to review all current job postings, and instructions on the application process. For technical difficulties or questions regarding this posting, please email jobpostquestions@legal-aid.org.
As an Equal Employment Opportunity (EEO) Employer, The Legal Aid Society prohibits discriminatory employment actions against and treatment of its employees and applicants for employment based on actual or perceived race or color, size (including bone structure, body size, height, shape, and weight), religion or creed, alienage or citizenship status, sex (including pregnancy), national origin, age, sexual orientation, gender identity (one's internal deeply-held sense of one's gender which may be the same or different from one's sex assigned at birth); gender expression (the representation of gender as expressed through, for example, one's name, choice of pronouns, clothing, haircut, behavior, voice, or body characteristics; gender expression may not conform to traditional gender-based stereotypes assigned to specific gender identities), disability, marital status, relationship and family structure (including domestic partnerships, polyamorous families and individuals, chosen family, platonic co-parents, and multigenerational families), genetic information or predisposing genetic characteristics, military status, domestic violence victim status, arrest or pre-employment conviction record, credit history, unemployment status, caregiver status, salary history, or any other characteristic protected by law.
Required Documents
Please submit these documents as a single combined PDF when you apply via the LAS (Legal Aid Society) Recruitment Portal.

• Resume
• Cover Letter
• Writing Sample - either a reporting format, communication capturing a business need, or cybersecurity training.