Senior Security Architect @ Aderant | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
Senior Security Architect jobs in United States
Be an early applicantLess than 25 applicants
company-logo

Aderant · 5 hours ago

Senior Security Architect

ftfMaximize your interview chances
LegalProfessional Services
check
Work & Life Balance

Insider Connection @Aderant

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Provide input to engineering, cloud operations, IT, and product teams on the design, architecture, development, configuration, and maintenance of secure enterprise technology and SaaS products throughout the product lifecycle.
Fortify our current cloud infrastructure and shape new cloud initiatives to support our applications.
Perform security architecture design reviews and threat modelling of our products (cloud and on-prem)
Provide guidance and consultation to teams to ensure that security requirements are met effectively and efficiently using the appropriate technologies.
Plan, research, and design security architecture for IT and Cloud systems.
Partner with development teams to communicate security requirements, review designs, and promote control frameworks to ensure secure goals are met.
Develop, review, and approve installation requirements for LANs, WANs, VPNs, firewalls, routers, and related network devices.
Determine security protocols by evaluating business strategies and requirements.
Act as a technical security SME and escalation point for technical information security-related issues.
Respond to and investigate security incidents and provide thorough post-event analyses.
Review the design and implement secure cloud architecture solutions, including VPC configurations, security groups, IAM policies, encryption mechanisms, Kubernetes infrastructure, and logging and monitoring for the cloud environment.
Spearhead compliance to secure coding standards via SAST, DAST, and SCA scanning within the SDLC.
Collaborate with development teams to remediate systemic security vulnerabilities and offer guidance on the prioritization of vulnerabilities and address systemic security issues effectively.
Disseminate security guidance on product architecture as well as newly identified security threats and vulnerabilities, and security industry advisories that may impact the development community.
Act as the technical point of contact for product teams as it relates to secure cloud architecture, CI/CD, and remediation guidance.
Explain technical positions/risks to business leaders, and business positions/risk to technical leaders to achieve appropriate security outcomes.
Research and evaluate emerging security trends, threats, and technologies, and recommend appropriate solutions and enhancements.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Threat modelingSecure coding practicesSecure architectureSecurity engineeringCloud computingApplication securityIdentity managementAuthenticationCryptographyAWS security controlsAzure security controlsCybersecurity architecturesWeb applicationsContainerized applicationsServerless applicationsIndustry certificationsSecure SDLC frameworksInfrastructure as CodeCloud security modelsCloud native security toolsCI/CD integrationSystem administrationNetwork securityOWASP Top 10OWASP ASVSSANS CWE Top 25Zero trustIaaSPaaSSaaS

Required

5+ years of experience with any combination of the following: threat modeling, secure coding practices, secure architecture, security engineering, identity management and authentication, cryptography, system administration and network security, cloud computing.
Experience with public, private, and hybrid cloud security controls in AWS and Azure.
Background in application and code security, with experience in implementing security in the software development lifecycle, including adherence with OWASP Top 10, OWASP Application Security Verification Standard, and SANS CWE Top 25. Ability to implement and integrate remediation strategies.
Knowledge of traditional Cybersecurity and technology architectures, including identity and access management, firewalls, network segmentation, server and appliance virtualization, web traffic management and security, comprehensive data protection, and logging and monitoring.
Knowledge of current Cybersecurity and technology architectures such as zero trust, IaaS, PaaS, SaaS, virtualization, containerization, DevOps, Agile, and software-defined networking across a variety of environments and deployments.
Ability to lead complex security projects from start to finish including stakeholder management and balancing business needs with security requirements.
Understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment.
Knowledge of common vulnerabilities and attack vectors, ubiquitous encryption technologies and common authentication protocols.
Experience using static, dynamic, and software composition analysis application security testing toolsets and contextualizing the risk of software flaws.
Experience securing containerized and serverless applications.
Advanced written and verbal communication skills, including the ability to respond directly via email or in person to client technical security inquiries and escalations.
Excellent problem-solving, critical thinking, interpersonal, and collaboration skills.
Ability to analyze security logs and identify potential threats.
Ability to create comprehensive security documentation and reports.
Cloud security models and best practices.
Cloud native security tools and services.
Integration of security practices into CI/CD pipelines.
CrowdStrike Falcon or similar tech.
Network and Web Application vulnerability management solutions.
SIEM products.
Knowledge of data masking, tokenization, and secure data storage solutions.
Automation of security testing and compliance checks.

Preferred

Industry relevant certifications (e.g. CISSP, CCSP, CISM, CASP+, ISSAP, AWS Solutions Architect, Azure Cybersecurity Architect).
Understanding of or experience with industry and regulatory frameworks and standards, including but not limited to: ISO 27001 and 27002, AICPA SOC 1 controls and SOC 2 Trust Services Criteria, General Data Protection Regulation (GDPR) articles and recitals, and California Privacy Rights Act (CPRA).
Success in implementing effective Secure SDLC frameworks across a large corporation.
Experience with Infrastructure as Code (IaC) tools including CloudFormation, CDK, and Terraform.
Experience with incident detection, response, and recovery.

Company

Aderant provides legal software and practice management software solutions.

Funding

Current Stage
Late Stage
Total Funding
unknown
2015-10-07Acquired· undefined

Leadership Team

leader-logo
Deane Price
Chief Executive Officer
linkedin
M
Michael McKay
Vice President of Engineering
linkedin
Company data provided by crunchbase
logo

Orion

Your AI Copilot