Summary of This Role You will serve as part of a larger team dedicated with the vision to provide a flexible and reliable cloud platform, maximizing the ability to realize its benefits while reducing risks. In this role you will work closely together with product owners and overall cloud architects to help build a secure and robust enterprise-grade cloud platform. You will guide and design our efforts to increase the security posture in Azure. What Part Will You Play? Designing security services in cloud-based programs based on pre-defined architecture frameworks Maintain and improve the security posture of the Azure platform Overlook the process of identifying and remediating vulnerabilities Define security controls and policies, access to data, and monitor alerts to ensure that data, apps, containers, infrastructure, and networks are protected. Design access configurations within a cloud solution environment using the defense-in-depth principle Design network security including in a hybrid context with traditional network centric controls Implement and use cloud native tools like Log Analytics, Azure Monitor, Azure Security Center and Azure Sentinel What Are We Looking For in This Role? Minimum Qualifications Bachelor’s Degree Relevant Experience or Degree in: in Information Security or Computer Science Typically Minimum 4+ Years Relevant Exp Prior experience must be as an Information Security Analyst, or related role. One or more of the following (or similar) -CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, Security +, CGEIT Experience with other Cloud Platforms like AWS and Google Cloud is nice-to-have Preferred Qualifications Prefer that candidate has 10 years of prior experience and must be as an Information Security Architect or substantially similar role. Expert understanding of regulatory audit requirements and able to independently assess and design complete dev/sec/ops What Are Our Desired Skills and Capabilities? Skills / Knowledge – Having broad expertise or unique knowledge, uses skills to contribute to development of company objectives and principles and to achieve goals in creative and effective ways. Barriers to entry such as technical committee review may exist at this level. Job Complexity – Works on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results. Creates formal networks involving coordination among groups. Supervision – Acts independently to determine methods and procedures on new or special assignments. May supervise the activities of others. Network Engineering/Architecture – Acts as the department subject matter expert in TCP/IP network connectivity, subnet segmentation, security zones, secure ports/protocols, network authentication/authorization, security tools and their applicability (WAF, IPS, Sandbox, etc.). Systems Engineering/Architecture – Acts as a department subject matter expert in Operating system infrastructure, including Windows, Linux, containers, container orchestration and Virtual Machines. Must understand system authentication options, user rights within systems, user authentication/authorization, least privilege, Group Policy, Automation tooling (Puppet, chef, ansible) and local security agents/tools (Anti-Virus, Whitelisting, forensics, firewall, etc.) Encryption/Cryptography – Acts as the TSYS subject matter expert in the use of digital certificates, root certificate trust, and how to encrypt/decrypt network traffic. Sets standards for the interpretation of data that must be encrypted at rest, and how to assure encryption key
sandbox group-policy Information Security Analyst protocols puppet docker-containers encryption Intrusion Prevention System (IPS) authorization security-zone Azure Architect Linux Networking TCP/IP Chef Infra Windows Virtual Machines antivirus Firewalls Systems Engineering Ansible waf cryptography