Data and AppSec Engineer Architect

About the position

As CohnReznick grows, so do our career opportunities. As one of the nation's top Professional Services and Business Advisory firms, we foster teams in Advisory, Assurance, and Tax services that value innovation and collaboration in everything they do! We currently have an exciting career opportunity for a Data and AppSec Engineer Architect to join the Cybersecurity Virtual team in our Global Digital & Cybersecurity group. CohnReznick is a hybrid firm and most of our professionals are located within a commutable distance to one of our offices. This position is considered remote which means it does not require job duties be performed within proximity of a CohnReznick office location. However, as a remote employee, you may be required to be present at a CohnReznick office with scheduled notice for client work, team meetings, or trainings.

Responsibilities

• Conduct secure design reviews and threat modeling exercises for new projects, features, and architectural changes, ensuring alignment with industry standards, regulatory requirements, and organizational security policies
• Assess and ensure conformance to architectural standards, reduction of technical debt, and adaption of enterprise assets (systems, services and information) for key programs
• Collaborate closely with development teams to provide guidance and support in addressing security vulnerabilities discovered during design reviews, code reviews, and testing phases
• Develop and maintain secure reference architectures that serve as blueprints for designing and implementing secure systems and applications, tailored to the specific needs and technologies used within the organization
• Collaborate with DevSecOps on their test tools for SAST, DAST, IAST and run-time security controls applicable to both on-premise and Azure Cloud
• Work closely with cross-functional teams, including development, infrastructure, and compliance, to integrate security into the software development lifecycle and infrastructure provisioning processes
• Provide expertise and guidance on security-related matters, including encryption, authentication, access control, and secure communication protocols
• Own process and develop standards for vulnerability management across systems
• Stay abreast of industry trends, emerging threats, and best practices in security architecture and design, and assess their applicability to the organization's security posture
• Identify opportunities within the business units where architecture is not meeting standards and provide a clear roadmap and prioritization for the business units to be aligned. Work directly with the teams as they introduce new technologies
• Stay current with emerging security threats, trends, and technologies, ensuring the firm's architecture remains robust and adaptive to evolving risks
• Collaborate with the CISO to develop security roadmaps aligned with business objectives and security principles
• Engage with stakeholders, including IT, legal, and compliance teams, to align security objectives with broader organizational goals

Requirements

• Infinite curiosity, analytical skills and attention to detail
• Familiarity with security frameworks such as NIST CSF, ISO 27001, CMMC
• Experience working with development and engineering teams to build security solutions
• Experience in all areas of cybersecurity, networking, on-premise and cloud applications
• Hands-on experience with threat modeling, risk assessments, and vulnerability management in hybrid IT environments
• Deep understanding of authentication, and authorization, including multi-factor, step-up, and single sign-on. Password-less is desired, but not required
• Strong understanding of encryption, specifically certificate and token-based cryptology
• Understanding of network protocols and topologies
• Experience with defense-in-depth strategies, understanding of incident response
• Exceptional communication and collaboration skills, with the ability to engage effectively with both technical and non-technical stakeholders
• Self-starter with the ability to work independently and lead strategic initiatives
• Adaptability to a fast-paced and dynamic work environment
• Minimum 8+ years of progressive experience in cybersecurity / information security with at least 2 years in a senior architect of equivalent role with a focus on secure coding practices, common vulnerabilities (e.g. OWASP Top 10)
• Degree in Computer Science/Information Systems/Cybersecurity, or equivalent related degree or work experience

Nice-to-haves

• Relevant certifications such as CISSP, CISM, CCSP, or Azure Security Engineer are strongly preferred

Benefits

• Generous PTO
• Flexible work environment
• Expanded parental leave
• Extensive learning & development
• Paid time off for employees to volunteer