The Security Architect is responsible for ensuring that RouteOne is taking proactive and responsive approaches to improve information security. This involves researching and prioritizing relevant security disclosures, inclusive of any required responses to customer findings or proposals that may arise through audits. The Security Architect will also be responsible for designing and building features and systems that improve our security and awareness, as well as training and educating development staff on best practices. The Security Architect should be hands-on and have enough development background to participate in the design and development process when necessary.
- Stay current on IT security-related industry events, news, and issues, and act as a subject matter expert to RouteOne on these subjects.
- Monitor the vulnerability of databases for relevant disclosures.
- Evaluate, prioritize, and respond to vulnerabilities.
- Implement continuous automated security testing.
- Review and monitor intrusion detection systems.
- Design and implement security instrumentation and intrusion detection into RouteOne's applications.
- Deeply understand and implement security protocols and standards according to best practices.
- Assess potential items of risk and opportunities for vulnerabilities in the applications and infrastructure.
- Assist in the creation and modification of security standards and policies according to best practices.
- Assist IT Operations and Application Development teams with the implementation of information security best practices.
- Participate in information security audits - customer audits (finance source and RouteOne Member), internal audits, and SOC I, SOC II, & GLBA audits - to proactively minimize and eliminate information security vulnerabilities. Act as liaison between Security and IT teams to facilitate efficiency and coordination in communication and responses to customer audits.
- Respond to information security incidents and assist with internal information security investigations.
- Act as liaison between Security and IT teams to enable efficiency and coordination in communication and responses to investigations.
- Share secure coding practices with the development team.
- Maintain safety, security, and privacy standards throughout all areas of responsibility.
- Experience designing and building out security-related systems.
- Solid knowledge and understanding of information security principles and practices.
- Knowledge of security intrusion prevention.
- Proficient in Microsoft Office products, including but not limited to Word, PowerPoint, Excel, Outlook, and Visio.
- Experience in security frameworks such as NIST, ISO 27001, CIS critical controls, and PCI.
- Ability to work in a team environment.
- Ability to use relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards.
- The ability to communicate information and ideas, both verbally and in writing, so others will understand.
- Ability to thrive in a dynamic, fast-paced software development environment.
- Proactive, detail-oriented professional.
- Ability to establish priorities, work in independent and team situations, and proceed with objectives as needed.
- Ability to work with all levels within the organization.
- Flexibility to adjust to changing priorities and simultaneously work on high-visibility projects to assure completion.
- Ability to take a practical business-focused approach to IT Security.
- Strong analytical, problem-solving, communication, and technical skills.
Other Essential Requirements
- Bachelor's degree or equivalent professional experience.
- 5+ years of experience as a software developer or software architect, preferably using Java (can be concurrent with IT security experience).
- 5+ years of experience in IT security (can be concurrent with development experience).
|
RouteOne
August 09, 2023