Zero Trust Security Architect

Saligram Systems
Published
July 18, 2021
Location
Atlanta, GA
Category
Job Type

Description

Job: Zero Trust Security Architect

Location: New Brunswick, NJ Contracted

Duration; 3+ Months contract

Experienced

Location: New Brunswick, NJ Contracted

About the Opportunity:

currently looking for a Zero Trust Security Architect to assist in the design and engineering for the next generation threat defense, strategy and architecture for zero trust. The project requires Network Security experience and / or Cybersecurity experience. The right candidate will perform discovery of the environment with documentation review and interviews / workshops to develop the scope, high level architecture, capability maturity assessment, and roadmap with critical sequence dependencies for a large enterprise. Additionally, the architect will define application archetype guidance for achieving zero-trust with applications. This is a 3-month remote project.

Responsibilities:

Zero Trust cloud-enabled framework and methodology to define the right access at the right time with the right level of control within an IT hybrid operating environment (third party cloud and on-premises platforms including but not limited to:

Secure Connectivity including but not limited to:

Secure On-Premises and Third-Party Cloud Routing and Connectivity including Wide Area Networks (WAN), Regional Breakouts and Direct Internet Access

Secure On-Premises Network Switching

Virtual Private Networks

Firewalls

Web Application Firewalls

Data Loss Prevention in Transit

Intrusion Prevention and Detection in Transit

Network Traffic Inspection

Network Shaping

Channel Encryption (including Certificate Authorities [CA] and Public Key Infrastructure [PKI])

Network Access Control and Network Access Control Lists

Network Segmentation

Resiliency including but not limited to:

High Availability Design aligned to Recovery Point and Recovery Time Objectives

Single Points of Failure

Failover

Disaster Recovery and Business Continuity Design

Identity Trust Element

Least Privilege Access Control and Identity as a Perimeter (Identity & Access Management [IAM]

Decision Orchestration and Adaptive, Continuous Authentication

Application-Level Access Control

Network Trust Element

Supporting Technology Stack Considerations (e.g., Secure Access Service Edge [SASE])

Direct Internet Access (DIA)

Software Defined Perimeters (SDP)

Network and Network Security (including Network Access Control [NAC], Firewalls, SD-WAN, Carrier and Bandwidth considerations)

Domain Name System (DNS) and DNS Security

Cloud Security and Cloud Service Providers (e.g., Cloud Access Security Brokers, SaaS, PaaS and IaaS Security)

Content Delivery

Network Traffic Inspection security (IDS/IPS Anitmalware, etc.).

Application Trust Element

Application Programming Interface (API) Security

Software and Supply Chain Security (Custom Developed and Third Party)

Systems Integration

Messaging Security

End Point Trust Element

End Point Protection including servers, network components, robots and Internet-of-Things (IoT) devices

Data & Analytics Trust Element

User and Entity Behavior Analytics (using Data Science, Machine Learning [ML]) for Real-Time and Near Real-Time Data Driven Decisions

Data Protection

Security Information and Event Monitoring

Other Elements

Business Case and Investment Considerations

Sequencing Considerations

Operations including Implementation Considerations

Required Skills:

7 – 10 years’ experience working in enterprise security architecture security space in an architecture and engineering capacity

5-7 years’ experience with the following:

Roadmap build experience

Capability Maturity analysis experience

Experience in one or both of the following major domains

IAM and Cybersecurity

Global Workforce IAM

Global Consumer IAM (CIAM)

Federation and single sign-on (B2B and B2C)

National Institute of Standards and Technology (NIST) 800-53

NIST 800-63

NIST Cybersecurity Framework (CSF)

Experience creating high and low level IAM architecture patterns

Experience developing and implementing IAM strategies and roadmaps

Experience with major IAM platforms including:

Microsoft Active Directory

One Identity Manager

Ping Federate

A solid understanding of access control patterns including role-based access control (RBAC) and attribute-based access control (ABAC)

IDMS to directory and application identity provisioning

Application consumption of identity

Experience with IAM governance

Authentication Decision Orchestration and Adaptive Authentication

Security Information and Event Management Systems

Security Operations

Security Monitoring

Encryption

API Security

Messaging Security

User and Entity Behavior Analytics

Cloud Security and Cloud Service Providers (e.g., Cloud Access Security Brokers, SaaS, PaaS and IaaS Security)

End Point Protection including servers, network components, robots and Internet-of-Things (IoT) devices

And / or the following major domain;

Network Security

Deep expertise in layer 2 and layer 3 networking including but not limited to DNS, DHCP, NTP, TCP/UDP, IP protocols

Secure On-Premises and Third-Party Cloud Routing and Connectivity including Wide Area Networks (WAN), Regional Breakouts and Direct Internet Access

Secure On-Premises Network Switching (STP, VLAN tagging, and ARP)

Virtual Private Networks

Firewalls including Next Generation Firewalls

Web Application Firewalls

Data Loss Prevention in Transit

Intrusion Prevention and Detection in Transit

Network Traffic Inspection (TLS Decryption, Intrusion Detection and Prevention)

Network Shaping

Channel Encryption (including Certificate Authorities [CA] and Public Key Infrastructure [PKI])

Network Access Control and Network Access Control Lists

Network Segmentation

Secure Access Service Edge (SASE)

Software Defined Perimeters

SD-WAN Security including traffic shaping

BGP and OSPF

Domain Name System (DNS) and DNS Security

Content Delivery Security

Strong written and verbal communication skills

Supporting communication of IAM efforts to all levels of an organization including C-Level

Ability to work as liaison between business and information security/information technology

Strong written and verbal communication skills

Collaborative team worker

Preferred Skills:

Understanding of major authentication and authorization protocols including:

OAuth

OpenID Connect

SAML 2.0

Kerberos NTLM Authentication

Unix/Linux authentication and authorization

Understanding of global regulations and compliance frameworks including

NY DFS

CCPA

GDPR

Business outcomes mindset

Excellent interpersonal communication skills with strong spoken and written English

Required Education:

Bachelor's degree or equivalent experience in Computer Science

Preferred Education:

Cybersecurity certifications such as CISSP, CISM, etc.

Apply
Drop files here browse files ...

Related Jobs

Senior Product Designer   San Francisco, CA new
August 4, 2021
Principal Experience Designer for GBAM   San Francisco, CA new
August 4, 2021
August 4, 2021
August 4, 2021
August 4, 2021

Author: