Security Architect – HPC

at  Levy Professionals

JOB OVERVIEW:

The role will spend time helping teams come up to speed with refreshed approaches to security requirement identification, threat modelling, coding standards, and security testing, with a focus on applying these concepts to traditional and modern infrastructure in green-field and existing deployments. It will involve taking learnings from these activities to inform and construct the ‘middleware’ that makes the right security choices easier to make and implement for responsible teams.
As our GRC world evolves, this role will play a pivotal role in maintaining alignment between SDL and policies, standards and guidelines, using a common security framework to apply consistency.
Finally, the role will add to our general security consulting and review capacity, including assisting GRC teams where required.

REQUIRED SKILLS AND EXPERIENCE:

• Bachelor’s degree in computer science, information technology, or a related field; or equivalent experience/professional/industry certifications.
• Exposure to large enterprise platforms such as SAP and Salesforce.
• Demonstrated experience implementing SDL in non-software contexts, including infrastructure.
• Experience with Infrastructure-as-Code (IaC) and automation through DevOps, and tools such as Jenkins, Terraform and Ansible.
• Prior experience working with recognised security frameworks from ISO, NIST, etc, and with neutral/harmonisation frameworks like UCF (Unified Compliance Framework).
• Experience designing security controls (covering both technology and processes) to meet security framework requirements, policy-mandated controls, and/or controls called for by output of threat modelling.
• Solid technical understanding of both on-premise infrastructure (network, platform, network-based storage, OS, virtualisation), cloud infrastructure (AWS, GCP, Azure, and others), and technologies found in both (e.g. docker, Kubernetes).
• Strong motivation and drive, with the ability to operate across multiple projects simultaneously, including those that span geographies.
• A passion for optimisation and a desire to motivate change!

“NICE TO HAVE” SKILLS AND EXPERIENCE:

• Understanding of identity & access management for both people & systems.
• Understanding of software engineering!
• Knowledge of Client based compute & software. – ideally some HPC knowledge
• Relevant vendor certifications.

• Maintain and develop standards and guidance that contributes to SDL maturity in the IT team.
• Help traditional infrastructure teams develop strategies for meeting the spirit of SDL requirements, pushing towards use of automation, infrastructure-as-code, & DevOps methods rather than manual or golden image techniques.
• Evolve risk identification and security requirement identification processes and supporting documentation.
• Develop implementation-specific architecture templates that meet security requirements expressed in policy and standards.
• Assist with security reviews of and technical input into high-level and low-level designs where required.
• Assist with Governance Risk & Compliance (GRC) consultation queries where required.
• Invest in others, including application development and infrastructure teams, to support business applications and processes in new ways.
• Afford mentorship regarding solutions and concepts.
• Foster a culture of innovation within the architecture and broader IT team.