Milano, Pisa, Torino, Roma, Collecchio, Castellazzo Bormida

Senior Security Architect

In base all'esperienza
07/09/2022
No freelancer
40% remoto
Full Time

Penetration TestingMicrosoft AzureGoogle Cloud PlatformAWS

Candidati Candidati

Condividi su

Senior Security Architect

Descrizione dell'offerta di lavoro

Contract and locations
· Contract Type: Full-time, permanent contract.
· Locations: Milan, Pisa, Turin, Roma, Collecchio, Castellazzo Bormida

Enjoy a hybrid work culture that offers the best of remote flexibility and in-person collaboration.


Your role
Your duties and responsibilities:

  • Establish policies and procedures that promote secure development/cloud principles.
  • Enable security automation through tools to reduce vulnerabilities and flaws due to human errors.
  • Automate audit evidence collection throughout the SDLC to facilitate compliance reporting.
  • Monitor security metrics to continuously improve and stay one step ahead of the red team.
  • Create a state-of-the-art secure cloud architecture and strategy, supported by a robust and flexible infrastructure with reliable and efficient operating model.
  • Review the security principles compliancy of deployment, maintenance, monitoring, and management processes.
  • Cooperate with the software architect to ensure that security aspects are considered in the software architecture.
  • Regularly evaluate the best cloud applications, hardware, and practices available in the security domain.
  • Provide training and guidance to the rest of the organization, helping with the development of a security culture throughout the company.
  • Help the product owner in refining security requirements so that they fit in the customer’s strategy and becomes selling point.

Your skills, experience, and qualifications
  • Threat Modeling.
  • Authentication/authorization standards and implementations
  • Application of encryption at rest and in transit
  • Certificates/secrets standards and implementations
  • Managing security in public clouds ( AWS, Azure, GCP), with at least 3 years specific experience in either AWS or Azure.
  • Secure microservices architectures in a cloud-native environment.
  • Strong understanding of networking.
  • Knowledge of different deployment models (Container, Serverless, Cloud, PaaS, IaaS …).
  • Ability to do research autonomously to always be ahead of any security threat.
  • SSDLC practices in DevOps, CI/CD environment.
  • OWASP Top 10, SANS CWE, OpenSAMM, BSIMM, etc.
  • Penetration testing, vulnerability scanning
  • Design security monitoring tools.
  • Designing pipelines that make use of SCA, SAST, DAST, IAST and RASP solutions.

Qualifications
  • SANS/SEC-540: Cloud Security and DevSecOps Automation
  • Systems Security Certified Practitioner (SSCP)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Authorization Professional (CAP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • HealthCare Information Security and Privacy Practitioner (HCISPP)

Experience
  • Multi-year experience in Threat Modeling.
  • A proven track record as architect and consultant, capable of working directly with teams, embedded in the delivery model.
  • Experience with Kubernetes, Openshift, Service Mesh.
  • Experience with clouds (AWS, Azure, GCP)
  • Experience with getting or maintaining certified standards (i.e. ISO 27001, PCI DSS, MIL-SPEC)

Riguardo a questa azienda

Cosa aspetti?

Entra a far parte di GeekandJob, e trova oggi il prossimo lavoro dei tuoi sogni!

Registrati