Security Architect

At IBM, work is more than a job its a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things youve never thought possible. Are you ready to lead in this new era of technology and solve some of the worlds most challenging problems? If so, lets talk.

Your Role and Responsibilities
The Security Architect role focuses on the design of business-driven Information Technology solutions to meet security requirements related to function, protection, assurance, risk management and compliance.

The scope of work includes:

• the collection and validation of requirements,
• the identification of risks, threats, vulnerabilities, potential anomalous flows and interactions,
• the definition of the security processes for assurance, management and compliance,
• the definition of security subsystems, and
• the design of integration and deployment architectures for security in Networks, Infrastructure, Middleware, Applications and Systems & Service Management systems.

Depending on the area of work, the Security Architect may perform evaluation and selection of the components, design of hardware, software, process and service components of the solution, assurance of deployment architectures, and guide secure engineering practices in development.
Utilizes knowledge of the product/deliverable/process and client usage to pinpoint opportunities for enhancement Identifies issues, potential underlying causes, and proposes opportunities for enhancement Independently devises and solutions innovative solutions leveraging analytical skills and business acumen to create value propositions Generates and leverages intellectual assets to advance digital self-service goals

Responsibilities:

• Review and assess IBM Data & AI services, and applications as per defined by the IBMs Security and Privacy by Design (SPbD) framework.
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Lead the efforts to streamline the security processes and tooling through the active participation in Design Thinking sessions for process and tooling changes and enhancements.
• Engage, collaborate, and build trusted relationships with product managers, developers, and other security engineers.
• Develop guidance and enablement material to produce secure software, services and applications that align with IBMs commitments to customers and IBMs IT Security Standards.
• Advise, Design, implement enterprise-class secure software/services.
• Align company standards, industry regulations, frameworks and security with overall business and technology strategy.
• Identify and communicate current and emerging security threats.
• Design security architecture elements to mitigate threats as they emerge.
• Assess risk and develop mitigation and remediation plans for security findings in services and applications.

Required Technical and Professional Expertise

• 8+ Years of Software Domain Experience
• Business Awareness: You have an understanding about the business that you are trying to secure. For example, working knowledge of cloud technologies, the ability to describe what the security concerns and impact might be for an organization looking to move from on-premises compute to public cloud.
• Distributed Systems / Software Design: understand the compromises that teams make every day to make things work. Security Architect should have strong influence towards secure implementation and development.
• Threats, Risks, and Modeling: know the difference between a threat and risk. The ability to understand what organizations need to protect, who they need to protect it from, and how that protection should work.
• Vulnerabilities and Exploitation: the ability to discern between a weakness, flaw, or error found within a system, software, host, etc. which have the potential to be leveraged by an attacker to compromise a network, application, an infrastructure, etc.
• Collaboration: being personable, approachable, and empathetic are extremely valuable qualities as a Security Architect. The Security Architect role requires a lot of cooperation and engagement within the organization that they support.
• 5 or more years of experience as an Engineer or Architect (Software, Solutions, Network, Security, etc.,)
• Experience with Incident Response / Operations or addressing breaches, incidents.
• Experience with forensic analysis strong critical thinking and analytical skills.
• Understanding of current software (on-premises), cloud technologies and Software-as-a-Service (SaaS) concepts.
• Experience developing software and writing code.

Preferred Technical and Professional Expertise
At least two (2) years experience in the following:

• Working knowledge of the security tooling.
• Working experience developing software and writing code.
• Experience with Agile design and Project Management methodologies.
• Experience with industry compliances (HIPAA, SOC, ISO, FISMA, FedRamp).