Long Island City, NY 11101
The Architect develops, documents, and disseminates information security architectural standards across all Information Technology groups. The Architect provides direction to project teams on building the appropriate information security controls into systems in development. The Architect provides direction to system engineers on improving and maintaining the appropriate information security controls for production systems. The Architect is responsible for driving the implementation and adoption of key information security tools.
- Ensures that information security policies, multi-year strategies, standards, procedures, and best practices are developed and communicated with IT Leadership
- Develop and execute data security architecture framework
- Define and research information security standards; vulnerability analyses and risk assessments; reviewing architecture platforms, applications and integration issues.
- Participates in Project Management activities to manage IT Security programs and initiatives;
- Participate on the IT Architectural Review Board to drive overall technology direction
- Participates in the development and delivery of a comprehensive information security training program that provides the appropriate training for all employees.
- Works with internal and external Auditors to assess compliance with policies, standards, procedures, and best practices.
- Review and evaluate firewall change requests.
- Other duties as assigned
- Bachelors in Computer Science.
- Four (4) years information technology experience.
- Four (4) years information security experience.
- Experience delivering comprehensive architecture specifications
- Experience providing data protection and web application firewalls
- Must be able to work in a team environment as a productive and cordial team player
- Must be able to multi-task and prioritize in a fast paced multi-team environment
- Ability to present to a variety of audiences
- Ability to work to deadlines with quick turnaround
- Ability to handle confidential information with professionalism and diplomacy
Preferred Experience and Qualifications
- CISSP certified (or equivalent).
- Knowledge of Information security principles.
- Understands the concepts of and techniques for secure programming.
- Knowledge of security vulnerabilities/weaknesses - fundamental causes of vulnerabilities through which most attacks are exploited.
- Able to recognize and categorize the most common types of vulnerabilities and associated attacks.
- Familiarity of network Protocols including IP, TCP, UDP, ICMP, ARP, RARP, TFTP, FTP, HTTP, HTTPS, SNMP, and SMTP. Understand how these protocols work, what they are used for, the differences between them, some of the common weaknesses, etc.
- Understanding of information security risk analysis.
- Knowledge of network applications and services – expertise in the purpose of the application or service, how it works, common usage, secure configurations, and the common types of threats or attacks against the application or service, as well as mitigation strategies.
- Host/System Security Issues – expertise in security issues at a host level for the various types of operating systems (Windows and UNIX). Experience in using the operating system (user security issues) and some familiarity in managing and maintaining the operating system as an administrator.
- Malicious Code (Viruses, Worms, Trojan Horse programs) – expertise in not only how malicious code is propagated through some of the obvious methods (disks, email, programs, etc.) but also how it can propagate through other means such as PostScript, Word macros, MIME, peer-to-peer file sharing, or boot-sector viruses.
- Understanding/Identifying Intruder Techniques - must be able to recognize known intrusion techniques based on the footprints or artifacts left by different types of attack in the incident reports. Know the appropriate methods to protect against these known attack techniques and the risks associated with the attacks. Analysis of and correlation between incidents to notice what has not been seen before.
Four (4) years information technology experience.
Four (4) years information security experience.
Experience delivering comprehensive architecture specifications
Experience providing data protection and web application firewalls
Must be able to work in a team environment as a productive and cordial team player
Must be able to multi-task and prioritize in a fast paced multi-team environment
Ability to present to a variety of audiences
Ability to work to deadlines with quick turnaround
Ability to handle confidential information with professionalism and diplomacy