Request Technology - Chicago, IL

posted 4 months ago

Full-time - Mid Level
Remote - Chicago, IL
Administrative and Support Services

About the position

The Cybersecurity Design Engineer/Architect position is a fully remote, long-term contract role with a prestigious company that focuses on enhancing enterprise cybersecurity infrastructure. The ideal candidate will possess a comprehensive understanding of application cybersecurity and will be responsible for ensuring the security of enterprise data and systems. This role will primarily involve working on cloud migration projects, Citrix cloud, SDWAN security, VPN, Github security, MS Power platform, and MS co-pilot. In this position, the engineer/architect will contribute to a team dedicated to developing enterprise information security solutions. They will create and maintain a detailed view of IT assets, related attack surfaces, and threat actors, which will help illustrate the flow of data and associated security threats. The individual will serve as a security expert in various domains, including application development, database design, and network security, ensuring that project teams comply with enterprise and IT security policies, industry regulations, and best practices. The role also involves analyzing business impacts and exposures based on emerging security threats, vulnerabilities, and risks. The engineer/architect will engage with security specialists and other functional area architects to ensure that adequate enterprise security solutions are in place to mitigate identified risks while meeting business objectives and regulatory requirements. As a cybersecurity subject matter expert, the individual will assess the business impact of cybersecurity risks and provide recommendations for mitigating those risks. Additionally, the engineer/architect will be expected to have expertise in platform, application, storage, network, virtualization, cloud, and mobile security best practices.

Responsibilities

  • Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions.
  • Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats.
  • Serves as a security expert in one or more of application development, database design, network, and/or platform efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
  • Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture.
  • Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements.
  • Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
  • Serves as an expert in one or more of platform, application, storage, network, virtualization, cloud and mobile security best practices.

Requirements

  • Strong knowledge of network security protocols, best practices, and perimeter security tools.
  • Strong knowledge of identity and access management controls, including SAML and OAUTH/OIDC based authentication, Active Directory, and role mapping.
  • Understanding of common security control solutions for event logging, remote access, endpoint management, and mobile device management.
  • Understanding of Azure native security services and best practices.
  • Strong knowledge of threat modelling and risk assessment technologies or frameworks.
  • Experience in developing secure architecture views and secure design documents for different applications.
  • Ability to explain vulnerabilities and threats, including recent attacks.
  • Familiarity with application security focus areas such as secure code development, secure SDLC, secure Agile development, testing security requirements, writing security stories, web application security, OWASP 10, SAST and DAST scanning, API security, and CI/CD pipeline integration of security tools.

Nice-to-haves

  • Experience with cloud security focus areas including shared responsibility model, secure services in the cloud, infrastructure security in the cloud, secure boundaries, authentication & authorization, security services in the cloud, cloud native vs third-party security capabilities, container security, container security lifecycle, and image scanning.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service