Cloud Security Architect -
Company: CompuScienceIT, LLC
Location: St Louis, Mo
Salary: Market Sr
Close Date: 12+ Months
A cloud security architect is responsible for the design and implementation of security features for the cloud. As a contractor cloud security architect, the duties are to design applications to help the enterprise reduce attacks on cloud service data storage, create preventative features, and implement corrective controls when breaches do occur. The contractor is responsible for helping build and implement security controls throughout the environment to support automated builds and deployments of secured applications. The contractor works under the supervision of the local St. Louis manager. The contractor is responsible for recognizing and identifying patterns and threats that could compromise application or data integrity. The contractor will evaluate architectural challenges and issues inherent in mitigating risk of system compromise.
Primary duties and responsibilities:
• Develop policy and relevant guidelines and procedures (to be incorporated into the Security Manual) to define the minimum cloud development, security, and operational requirements.
• Develop a cloud security architecture and relevant recommendations for use for its internal and customer implementations that meet compliance and best practice. This architecture must comprehend implementations in multiple cloud environments including but not limited to AWS, Azure, and the Google Cloud Platform (GCP). It must address logical architecture, operation, monitoring strategy and methodology, security incident investigation strategy, future evolution, and maintenance of that architecture.
• Fully document the cloud architecture and recommendations capturing all elements plus those determined to be critical to this effort.
• Conduct a knowledge transfer of the cloud architecture, recommendations, and relevant implementation considerations and details through both formal and informal training.
• Develop a CI/CD standard and reference architecture blueprint. The standard and reference architecture blueprint must incorporate automated processes and tooling to enable application and cloud migration, security code development, security testing and automation of security services (i.e compliance as code, code analysis, testing, micro-segmentation), active application monitoring and vulnerability management. The outcome is to create a standard for a secure CI/CD toolchain to automatically build, test, and deploy infrastructure and applications, and inject security using common security tools, patterns, and techniques.
• Collaborate across multiple development and business teams to drive cyber security initiatives throughout the organization.
• Conduct Joint Application Design and knowledge transfer sessions for product development and security teams.
• Working closely with cross functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments.
• Bachelor of Computer Information Systems, Business Administration or technology-related field, or equivalent work experience in Information or Application Security.
• Candidate must have a minimum of three (3) years performing security architecture.
• Candidate must have seven (7) years or more in enterprise level cyber security as a security architect and/or security engineer.
• Candidate holds a current Certified Cloud Security Professional (CCSP) certification OR certifications both as an AWS Professional and a Microsoft Certified Solutions Expert.
• Experience designing, configuring, implementing and leveraging cloud services models such as SaaS, PaaS, and IaaS for system security.
• Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment.
• Solid understanding of cloud security architectures and services.
• Deep understanding of OWASP Top 10 and CWE/SANS Top 25.
• Knowledge of technical security control environments and compliance frameworks including CSA, ISO 270001, NIST.
• Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
• Experience in creating detailed solution design documents & diagrams.
• Demonstrated ability to facilitate automation and integration through scripting in PowerShell, Python, Perl, highly preferred.
• Ability to analyze and assess complex technical plans (i.e. security compliance standards).
• Extremely effective written and verbal communication skills.
US citizenship required.
Job Code: 259748
Jim Jennings 636-484-6869