Security Architect

WHO YOU'LL WORK WITH

You will work in our Atlanta or Waltham office as part of our core Co-Creative Problem Solving group that is responsible for the firm’s productivity and collaboration tools including O365 Outlook, Slack, Zoom, Box, Miro, MS Office, etc.

WHAT YOU'LL DO

You will identify opportunities to implement and improve security by developing an in-depth understanding of business contexts. In this role, you will promote SecDevOps principles and look for opportunities to improve the security of routine firm processes specifically leveraging automation where possible. You will review application functionality, architecture and configurations to advise and assist building compensating controls where security requirements cannot be met. You will help prioritize and assist with remediation of any vulnerabilities identified through code scanning and other audit findings.In addition to advocating for compliance to our firm standard and guidelines within the Co-Creative Problem Solving group, you will also contribute and highlight opportunities to improve them. You will work collaboratively within the group to help team members make informed, risk-based decisions by role modeling and advocating for security principles and incorporating a stronger cybersecurity mindset into the squad.

QUALIFICATIONS

• Bachelor's or master's degree in computer science, information security or a related field; professional certification (e.g., CompTIA Security+, CISSP) preferred
• 7+ years of experience working within information security
• Broad experience working across multiple information security domains (security architecture and engineering, identity and access management, software development security, communications and network security, security assessment, security operations, and security and data risk management)
• Working knowledge of cloud deployment models
• Experience reviewing and assessing solution architectures in the cloud
• Familiarity with security frameworks (e.g., NIST, OWASP, PCI DSS) and risk management methodologies
• Strong technical knowledge and understanding of web application security, in particular DevOps and SDLC
• Knowledge of, and experience supporting, SaaS providers such as Microsoft O365, Slack, Zoom, Box
• Ability to review application functionality and architecture to advise and assist project teams on building compensating controls where security requirements cannot be met
• Strong organizational skills; ability to manage multiple projects and deadlines simultaneously
• Ability to work independently
• Excellent interpersonal skills; strong team work and collaboration skills
• Ability to lead meetings and communicate clearly, concisely and confidently
• Strong verbal and written communication skills in particular, explaining technical information to clients, vendors, senior management; ability to apply knowledge and deductive reasoning