Position Title: Security Architecture Analyst II
Salary Range: $80,000-$92,000
Department: Information Technology
Reports to: Information Security Manager
Location: Remote
Schedule: M-F; 9am-5pm EST
Formerly the Mental Health Association of New York City (MHA-NYC), Vibrant Emotional Health's groundbreaking solutions have delivered high quality services and support, when, where and how people need it for over 50 years. Through our state-of-the-art technology-enabled services, community wellness programs, and advocacy and education work, we are building a society in which emotional wellness can be a reality for everyone.
Position Summary:
The Security Architecture Analyst II is primarily responsible for Cloud, Application, and Infrastructure Security Architecture for the enterprise. The role will focus on designing and developing security architecture patterns that meet regulatory obligations and data protection requirements as well as align with the business and corporate security strategy. The Security Architecture Analyst will work collaboratively with the Information Security Manager and Infrastructure and Application teams to build security controls and solutions compliant with approved architecture frameworks, standards, and best practices. As a member of a small team, this position may also be required to perform some Security Engineer job duties. Review existing cloud, on-prem, and end-user system configurations, and make recommendations to improve security posture.
Duties/Responsibilities:
Strategy & Planning
- Designs secure patterns for workloads deployed on Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service service models as well as hybrid architecture patterns which may tightly integrate to on-premises systems.
- Create and maintain the enterprise's security architecture design in partnership with the Business, Applications, and Infrastructure teams.
- Perform threat modeling activities and security assessments, identify gaps in existing security architecture, and recommend changes or improvements.
- Design security architecture elements to better prepare for, identify, mitigate, respond to, and recover from threats and attacks.
- Create solutions that align security architecture frameworks and standards (e.g. AWS Well-Architected, NIST CSF, NIST 800-53, SABSA, TOGAF, ISO 27002) with overall business and security strategy.
- Participate in the design and execution of vulnerability assessments, penetration tests, and security audits.
- Participate in risk assessments for new technologies and projects.
- Employ secure configuration management processes.
- Assist in developing a disaster recovery and business continuity plan. Identify and prioritize system functions required to promote continuity and availability of critical business processes such that in the circumstance of system failure critical business functions are restored or recovered promptly.
Acquisition & Deployment
- Maintain up-to-date detailed knowledge of the Cybersecurity industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
- Assist with recommending additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Perform the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically.
Communication
- Document security requirements and controls for protecting information, systems, and technology assets.
- Maintain up-to-date baselines using industry standard frameworks such as CIS and CSA for the secure configuration and operations of all in-place devices
- Define and document how the implementation of a new technology impacts the security posture of the current environment.
- Document and update as necessary all definition and architecture activities.
- Provide input on security requirements to be included in request for proposals (RFPs), statements of work (SOWs), and other procurement documents.
Position Requirements:
Formal Education & Certification
- College diploma or university degree in the field of Computer Science, Engineering, or related field and/or 5 years equivalent work experience.
- One or more of the following certifications:
- Any AWS Associate or Professional level certification - Solutions Architect preferred
- AWS Certified Security - Specialty
- GIAC Cloud Security Essentials (GCLD)
- GIAC Public Cloud Security (GPCS)
- GIAC Cloud Security Automation (GCSA)
- GIAC Security Leadership (GSLC)
- (ISC)2 - Certified Cloud Security Professional (CCSP)
- (ISC)2 - Certified Information Systems Security Professional (CISSP)
- TOGAF Foundation, Certified or Enterprise
- SABSA SCF, SCP
Knowledge & Experience
- Minimum of 2-4 years of experience in Information Security with a focus on Cloud Security or Security Architecture required.
- Minimum 1 year of experience working in AWS required
- Minimum 1 year of experience with Cloud-based security technologies required
- Familiar with cloud security principles and best practices.
- Experience in architecting cloud platforms including AWS and associated security frameworks
- Knowledge of the AWS Well-Architected.
- Experience in identifying gaps in existing architectures.
- Experience creating data flow diagrams.
- Experience in designing security architectures to mitigate threats.
- Experience conducting threat modeling activities.
- Experience with AWS Identity and Access Management.
- Experience with Infrastructure as Code - Terraform or CloudFormation
- Familiar with DevSecOps, Application Security, or other secure software development lifecycle methodologies.
- Knowledge of Application security including testing, secure code scan, tools, automation, vulnerability management, security protocols and standards.
- Work experience in cybersecurity designs for applications, systems, networks, and multi-level security requirements or requirements for processing multiple classification levels of data.
- Knowledge of risk management processes and experience in conducting risk assessments.
- Knowledge of business continuity and disaster recovery operation plans.
- Knowledge of computer networking concepts and protocols (e.g. TCP/IP, DNS) and network security methodologies.
- Knowledge of network access, identity, and access management (e.g. public key infrastructure, OAuth, OpenID, SAML, SPML).
- Knowledge of capabilities and applications of network equipment including routers, switches, servers, transmission media, and related hardware.
- Knowledge of application firewall concepts and functions (e.g. single point of authentication enforcement, data anonymization, DLP scanning, SSL security).
- Familiarity with the application of privacy principles to organizational requirements.
- Experience with Windows, Unix, and Linux operating systems.
Personal Attributes
- Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
- Exceptional written, oral, and interpersonal communication skills.
- Ability to work in team environments and to negotiate with multiple stakeholders.
- Ability to meet tight deadlines and to prioritize tasks.
- Innovative thinker who is self-directed and resourceful.
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Keen attention to detail.
- Team-oriented and skilled in working within a collaborative environment.
Excellent comprehensive benefits, including medical, dental, vision, supplemental income insurance, pre-tax transit/parking, pre-tax FSA for medical and dependent care, and 401K available. 4 weeks' vacation, plum benefits, etc.
Studies have shown that women and people of color are less likely to apply for jobs unless they believe they are able to perform every task in the job description. We are most interested in finding the best candidate for the job, and that candidate may be one who come from a less traditional background. Vibrant will consider any equivalent combination of knowledge, skills, education and experience to meet minimum qualifications. If you are interested in applying, we encourage you to think broadly about your background and skill set for the role.
Vibrant Emotional Health is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, creed, color, religion, gender, gender identity, sex, sexual orientation, citizenship status, national origin, marital status, age, physical or mental disability, genetic information, caregiver status or any other category protected by applicable federal, state or local laws.
"Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Vibrant does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted on our careers page and all communications from the Vibrant recruiting team and/or hiring managers will be from an @vibrant.org email address"
|
