Back to all jobs

Adams Gabbert

The Enterprise Security Architect will play an integral role in defining and assessing the organization’s security strategy, architecture, and practices. The Enterprise Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.

Role & Responsibilities:

  • Planning and Design Activities
  • Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
  • Develops security strategy plans and roadmaps based on sound enterprise architecture practices
  • Develops and maintains security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
  • Determines baseline security configuration standards for operating systems, network segmentation and identity and access management (IAM)
  • Develops standards and practices for data encryption and tokenization in the organization, based on the organization’s data classification criteria
  • Develops security procedures and standards Assurance
  • Tracks developments and changes in the digital business and threat environments to ensure that they’re adequately addressed in security strategy plans and architecture artifacts
  • Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
  • Ensures a complete, accurate and valid inventory of all systems, infrastructure and applications that should be logged by the security information and event management or log management tool(s)
  • Coordinates with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices for further review
  • Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics Collaboration
  • Works with the IT Business Management team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
    • Software as a service (SaaS) providers
    • Cloud/infrastructure as a service (IaaS) providers
    • Managed service providers (MSPs)
  • Coordinates with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems
  • Liaises with other information security colleagues and security practitioners to share best practices and insights
  • Participates in application and infrastructure projects to provide security-planning advice

Qualifications:

  • Bachelor’s degree in Engineering, Business, Computer Science, Information Technology, or related field is preferred. Relevant work experience may be substituted for the degree requirement.
  • Minimum 8 years of experience in working in cybersecurity.
  • Strong ability to influence or lead enterprise integration project execution.
  • Strong analytical and problem-solving skills.
  • Excellent written and verbal communication skills.
  • Expert knowledge with application data analysis and transformation at various layers of the architecture and the ability to present data transformation during multiple stages of the architecture.
  • Experience with the leading-edge application, middleware technology and solutions utilizing data strategies. Preferred Security and Technical Experience
  • The security architect should have direct, documented, and verifiable experience with the following:
    • Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF.
    • Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
    • Verifiable experience reviewing application code for security vulnerabilities.
    • Experience securing CI/CD pipelines.
    • Direct, hands-on experience or a strong working knowledge of vulnerability management tools.
    • Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
  • Full-stack knowledge of IT infrastructure:
    • Applications
    • Databases
    • Operating systems — Windows, Unix and Linux
    • Hypervisors
    • IP networks — WAN and LAN
    • Storage networks
    • Backup networks and media
    • Containers/Kubernetes
  • Direct experience designing IAM technologies and services:
    • Active Directory
    • Lightweight Directory Access Protocol (LDAP) Preferred Certifications
  • The security architect will evidence his/her knowledge of security and risk management through ongoing continuing professional education.
  • The ideal candidate will maintain one or more of the following certifications, though they are not required:
    • ISC2’s CISSP
    • ISACA’s CISA
    • The Open Group’s TOGAF
    • SANS’ GAIC

Preferred Qualifications:

  • Cybersecurity certification covering multiple security domains (such as CISSP, GSEC, Security ) or specialized cybersecurity related certification.
  • Demonstrated knowledge with one or more Information Security technologies such as firewall, EDR, IPS, SIEM, SOAR, CASB, CAASM, IAM, PAM, NAC, MFA, and DLP.
  • Demonstrated knowledge of common network and security protocols such as DNS, SSL/TLS, TCP/UDP, IPSec, SNMP, and SAML.
  • Demonstrated knowledge of applying security regulations and policies.


    • Location: Anywhere
    • Date posted:
    • Pay:$- $ per hour