Fully Remote, Texas, US
POSITION SUMMARY
We are seeking an experienced and highly skilled Principal Security Architect to join our technology team. In this role, you will be responsible for overseeing and managing information security and data privacy for Accelerate Learning for both our internal IT infrastructure as well as our online customer facing SaaS products and services. You should bring broad cybersecurity experience plus data, systems, and network architecture knowledge. This individual will perform a lead role in Security & Data Privacy assessments and audits. He/she will lead critical initiatives to identify and prevent threats, drive adoption of security architectures and technologies, and implement policy and procedures to secure the company.
POSITION RESPONSIBILITIES
Assess the security of the current environments at Accelerate Learning, both the internal IT environment and the Customer facing online Education environment. Identify risks and gaps and create a prioritized security roadmap for the company.
Continuously review and recommend improvements to the security architecture with a focus on driving high impact, cost effective improvements.
Provide security leadership in five key dimensions:
Infrastructure, desktop, application, and physical environment security
Secure design of products and services and supporting software packages, cloud, and server infrastructure
Policy and education for the company and its employee base
Data Privacy – Be aware of key information privacy standards (e.g., GDPR, CCPA) and work with the company to drive compliance across people, process, and technology.
Security & Data Privacy Contracts – Be a key reviewer and subject matter experts for customer and vendor contracts with respect to security and data privacy issues.
Conduct regular system tests and audits (e.g., Penetration Tests) and ensure continuous monitoring of network security.
Establish a security breach incident response and recovery process, identifying roles and responsibilities across the organization. Train and practice the process.
POSITION QUALIFICATIONS
Desired Skills/Abilities:
5 or more years’ experience in information security or security engineering with a focus on designing, deploying, and supporting scalable security solutions.
Excellent written and verbal communication skills and can translate security objectives to engineering team and employee tasks. Ability to conduct training.
Demonstrate excellent judgement in prioritizing security efforts to mitigate the appropriate risks.
Experience architecting, implementing, and designing security solutions in areas such as IAM, endpoint security, cloud security, network security, data protection and SDLC security practices.
Experience leading threat modeling exercises (STRIDE or similar) and conducting design reviews of large scalable systems.
Significant Cybersecurity, Architecture and Design experience in Network and Cloud Infrastructure and Platforms (IaaS security, PaaS security)
Experience in delivering comprehensive architecture specifications for complex security solutions
Experience with creating or contributing to technical documentation: product documentation, technology and systems/network architecture, and or technical whitepapers.
Knowledge of Data Privacy security regulations (e.g., CCPA, GDPR, COPPA, FERPA)
Strong working experience with the following security technologies: Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies, SSL crypto solutions
Experience with Cloud (specifically AWS) security tools and architectures
Experience with open source-based security technologies
Strong expertise and experience with Linux and Linux security
Programming/coding and DevOps experience is a plus
Solid understanding of and ability to speak authoritatively to principles in areas such as network, systems, software development, cloud technologies, and access control.
Proven ability to troubleshoot and resolve complex technical issues at Expert level.
Hands-on experience and strong understanding of technology and enterprise security
Understanding of how to add secure coding practices (OWASP) to software product development processes.
Experience implementing multi-factor authentication, single sign-on, identity management or related technologies.
Ability to review contractual language as it relates to security and data privacy issues.
Ability to communicate with a wide variety of stakeholders including non-technical audiences.
Education and Experience:
Bachelor’s degree in Computer Science or related technology field required; Master’s degree and/or Security Certifications a plus.
Minimum of 10 years of experience in the technology field
Minimum of 5 years of experience in Cyber Security