• Location: Atlanta, Georgia
  • Date Posted: 5th Mar, 2021
  • Reference: srnfi03052021

Senior Azure Security Architect - Permanent - Remote - $190k


This Partner Client is currently seeking an experienced Cloud Security Architect with extensive Azure knowledge to join our team of expert technical and management consultants.


Responsibilities:



  • Cloud Infra security and Compliance assessments


o AWS, GCP, Azure


o CIS Benchmarks, etc.


o NIST 800-53, PCI, ISO27002



  • Cloud Security Program consulting-help customers;


o justify creating a cloud security program,


o stand up a cloud security program from scratch,


o review customer's existing Cloud Security Programs,


o review customer's existing corporate policies to prepare them for Cloud initiatives: data classification, data protection, etc.


Security Architecture reviews for Cloud-based applications, covering:


o Infrastructure Security



  • CIS Benchmarks, etc.


o Data Protection



  • encrypt data at rest using Cloud Service Provider provided keys vs using customer managed key

  • encrypt data in transit using the latest TLS


o Key Management



  • What secrets are in use in the app; how are they handled? Secrets Manager, HSM, written to a file?


o Web Application Security



  • OWASP top 10 is key


o Cyber Security: Attack Scenarios/kill chain, threat actors and controls


o Secure SDLC Methodologies


o Threat Modelling



  • STRIDE, PASTA, KillChain


o Vulnerability Assessments



  • AlertLogic, Nessus, Qualys, etc.

  • Implementing security controls in the cloud, including;


o Security Groups, NACLs


o IAM Policies


o Web App Firewalls


o Logging and Monitoring, etc.



  • Working in a DevSecOps program, including;


o Adding security controls to the CICD pipelines


o Providing security guidance to the Pipeline DevOps team


o Compliance automation


o Assist the team with mapping compliance checks, writing compliance rules, and enhancing base compliance rules (as an example, adding content on top of CIS Benchmarks)



Information Security Requirements:



  • 10 years+ in Information Security space.

  • Proven experience in design, implementation and operation of large-scale security architecture solutions in a large and complex multi-supplier / multi-platform environment.

  • Proven understanding of operational integration of security functions

  • Strong experience with security technologies, including Firewalls, DLP, web filtering, NAC, IDS/ IPS, SSO, IAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management.

  • Security Domain Coverage Required

  • Cloud/SaaS Security experience

  • Infrastructure Security experience

  • Key Management experience

  • Web Application Security experience

  • Cyber Security: Attack Scenarios/kill chain, threat actors and controls

  • Secure SDLC Methodologies

  • Threat Modelling experience

  • Vulnerability Assessments experience

  • Information Security Governance experience

  • Proven ability in security process and organizational design

  • Well-rounded background in host, network, database, and application security.

  • Experience implementing security controls in a self-service environment.



Cloud Requirements



  • Direct experience with Azure.



Programming Requirements



  • Basic understanding of Python language

  • Node.JS



Architecture Requirements



  • Formal training in and experience using an enterprise architecture methodology (for example TOGAF)

  • Information Security Architecture Experience within other Enterprise organizations



General Skills



  • Strong oral, written, and presentation abilities with technical and executive presentation experience.

  • Current understanding of Industry trends and emerging threats.



Typical Engagement Responsibilities



  • Architect cloud security solutions

  • Understand and Articulate security requirements to other cloud architects so they can producing compliant designs

  • Perform hands-on proofs of concept for security-related technologies

  • Script and interact with cloud resource provider models

  • Design and author documents including security policies, standards, and procedures

  • Contribute to Cloud Policy documents addressing governance, security and compliance

  • Perform application security risk assessments, gap analysis and remediation plans

  • Lead creation of framework-based system security plans for NIST 800-53, FEDRAMP, PCI-DSS

  • Organize preparations for PCI-DSS system compliance audits

  • Specify and code policy-as-code compliance rules to achieve control requirements

  • Understand cryptography and specify appropriate cryptographic configurations to meet requirements

  • Participate in assessment of on-prem applications for cloud migration



Benefits & Perks



  • Health coverage for you and your family through medical, dental and vision plans

  • Financial protection through disability, life, accidental death & dismemberment, and business travel insurance

  • 401(k) plan with company match

  • FSA & HSA accounts to help you set aside pre-tax dollars for your healthcare needs

  • To help manage your work - life needs; we offer an employee assistance program, professional certification reimbursement, subsidized gym participation reimbursement, financial and wellness seminars

  • Long-term care insurance

  • Generous paid time off program

  • Enjoy our monthly employee social events

  • Public speaking opportunities at the company or local events



If this role is of interest, please contact Shannon today at s.roberts@nigelfrank.com