View all jobs

Senior Security Architect

Toronto, ON · Computer/Software
Senior Security Architect

Our client is looking for an experienced individual to fulfil the role of a Security Architect in our Information Technology Services team.

This is an exciting opportunity for an individual who has deep experience in multi-cloud technology architecture, security by design and DevSecOps to become a part of cloud security and technology initiatives for key business lines.

The Security Architect will work with Business groups, Architects, Developers and other team members to provide, risk-based practical security solutions and recommendations for multi-cloud-based platforms. The key objective would be to embed security within design and architecture life cycle for cloud native and modern application environments.

They will assist with technical security architectural requirements, design and delivery. The Security Architect will work in a collaborative fashion with team members including security analysts, project managers, solution architects, Business, and QA analysts. This individual will also provide technical consultancy and guidance, as needed, to other technology teams as well as internal business service lines.

What you will do
  • Responsible for embedding security requirements and objectives into architecture lifecycle and DevOps as per business requirements, reviewing security in technical architectures for applications and products to ensure they meet security standards and creating security-embedded reference architectures that can be leveraged by technology functions across the firm to rapidly develop secure solutions in a multi-cloud environment
  • Act as a subject matter expert in areas pertaining to DevSecOps and cloud security across (but not limited to) cloud platforms such as Azure, AWS and GCP. Provide security recommendations and SME guidance to application development, technology and business teams for their design & development initiatives
  • Develop and maintain security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
  • Liaise with developers to assess security for cloud applications through architecture reviews and code scans to determine confidentiality, integrity, or availability of the software
  • Coordinate with DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices as necessary
  • Support implementation of cloud security services, including identity and access management, API security, detective controls, infrastructure security and data protection
  • Analyzing requirements for cloud security tools and technology and support selection and implementation of appropriate tools
  • The individual will lead security design with respect to network perimeter and application defense that would involve methodologies and technologies such as (but not limited to) Intrusion Prevention System, firewalls, network segmentation and Web Application Firewalls.
What you bring to this role
  • 10 years of experience in IT and Information Security with 3 years of secure design and architecture in cloud
  • Bachelor’s or master’s degree in Information Technology, Computer Science, or a related work experience, or equivalent
  • Previous security experience in a consultancy role collaborating with internal Technology, Project and Business teams
  • Ability to lead security architecture discussions and articulate security recommendations with Project, Business and Technology teams in forums such as architecture review and like
  • Ability to build, maintain and present roadmaps for Cloud security involving Cloud security tooling and concepts to Leadership and Business teams
  • Experience interpreting business, technology, and threat drivers, and develop practical security roadmaps to deal with these drivers and providing guidance on building secure solutions
  • Understanding of information security standards/practices (e.g., CSA CCM, ISO, PCI DSS, NIST CSF, NIST 800:53 etc.), and aspects related to data security protection
  • Deep knowledge of cloud security posture management (such as PRISMA), cloud workload protection, Infrastructure as Code, secure logging, identity & access mechanisms, secure code management, data security in cloud, secure cloud configurations, security automation, SAST & DAST, Secure Code review analysis, API security and serverless functions security, embedding security in CI/CD pipelines for Cloud environments such as Azure, AWS and GCP
  • Applied knowledge of methodologies to conduct threat-modeling exercises on new applications and services
  • Some out of hours support maybe required
  • The ideal candidate will maintain one or more of the following certifications
    • CISSP
    • ISSAP
    • Microsoft Azure Security Technologies Certification
    • Azure Solutions Architect Expert Certification
    • CISM
    • CISA
    • CCSP

Share This Job

Powered by