Associate Security Solution Architect :: REMOTE

Ark Solutions Inc is looking for Associate Security Solution Architect! Position: Associate Security Solution Architect Location: REMOTE Duration: 6+ Months and possibility of extension Description: The Associate Security Solution Architect provides in depth technical security guidance and is identified as the security subject matter experts (SME) for various technologies and project areas. Responsible for creating and developing capability-focused security solution architectures that are aligned to business and technology needs. Assists with maintaining security strategies, requirements, and standards for applications and platforms. Ensures architectures and patterns are aligned to company security policies, standards and industry standards. Able to identify gaps and work with project teams to improve security while retaining time to market, functionality and scalability. Assist with any reviews and approvals for Security Accreditation tasks during each phase of SDLC. Serves as project/program point of escalation for security issues and risks that may arise. Has a broad and deep knowledge in security areas such as application security, IAM, infrastructure, network, and security vulnerability management. This position may work as a dedicated embedded solution architect team member or across multiple projects/programs as may be required. Education / Experience Required: Bachelor or Associates degree in computer science, information systems, cybersecurity or a related field or equivalent experience/certification. 5-7+ years of Information Technology experience including 5+ years security experience in conducting security reviews and accreditation. 2+ years experience developing Security Architectures and Solutions. 2+ years experience reviewing and identifying security risks/gaps. The Associate Security Solution Architect must have at least two years experience with some or all of the following: Experience in using architecture methodologies such as TOGAF, SABSA, Zachman, etc Direct, hands-on experience or a strong working knowledge of vulnerability management tools. Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services. Experience securing CI/CD pipelines. Experience in public cloud security such as – AWS, Azure, Alibaba Cloud, Oracle Cloud Full-stack knowledge of IT infrastructure Could infrastructure and technologies Databases Operating systems — Windows, Unix and Linux Hypervisors IP networks — WAN and LAN Storage networks and technologies Backup networks and media Containers/Kubernetes Strong working knowledge of IT service management (e.g., ITIL-related disciplines): Change management Configuration management Asset management Incident management Problem management Additional Experience and Skills Experience in conducting independent research Direct interaction with cross functional, sourced, or matrixes teams Preferred: Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology. Experience in providing input to or developing Enterprise Security Strategies. Verifiable experience reviewing application code for security vulnerabilities. Current information security certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISACA's CISA, The Open Group's TOGAF, SANS' GAIC Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK & CAPAC, STRIDE, CIS Benchmarks etc. Proven ability to provide Security Requirements for areas including but not limited to; Cloud Computing, Application Development, IAM and Infrastructure. Knowledge of how to secure technologies such as but not limited to; SaaS services (ie. O365, Salesforce), Application Design, Container Platforms (ie. Docker, Kubernetes), Serverless, Big Data, Network, Operating Systems, Identity and Access Management. Knowledge of SDLC (Waterfall/Agile), DevSecOps and good understanding of ITIL v3 Framework. Proficient in performing quantitative risk management analysis. Using ServiceNow to track activities, tasks, approvals, etc. Strong negotiating, influencing and problem resolution skills. Proven ability to effectively prioritize and execute tasks in a high-pressure environment. Experience in business systems and process planning. Knowledge of business environment, service requirements and hospitality culture. Ability to translate information security objectives into mutually beneficial business strategies for the client organizations. Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action. Graduate/post graduate degree in cyber security.