Information Security Architect - Cloud & Applications
The College Board is rapidly transforming itself into an agile organization, embracing DevOps and cloud-native systems, and focused on improving speed and security of service delivery in support of an important mission. To enable this mission, the College Board is seeking a DevSecOps Architect to be a senior member on the team, responsible for leading the design, architecture and implementation of next generation security architecture and automation solutions in our DevOps and cloud transformation initiatives. The DevSecOps Architect is a highly technical and creative contributor to a DevSecOps team, enabling the agile development of secure cloud-based solutions.
Essential Functions and Responsibilities:
- Provide technical leadership, guidance and direction in the design, development and implementation of automated solutions, based on a set of standards and processes, that enable College Board developers to own the security of their modern microservices-based cloud software solutions.
- Act as coach and mentor devoted to the growth of the DevSecOps team.
- Keep abreast of next-generation technologies and how they may reshape the security landscape or open new opportunities.
- Use expert knowledge of data analytics and machine learning to define an innovative, automated approach to secure company information, infrastructure, intellectual property, and users against accidental or unauthorized modification, destruction or disclosure.
- Apply data and evidence to solve problems effectively and make measurable improvements to the security posture of College Board.
- Leverage expertise in DevOps and CI/CD tools to architect, design, build, harden, maintain, and instrument a comprehensive cloud-based security orchestration platform to be consumed in product pipelines.
- Use expert knowledge in AWS to guide the secure design and development of cloud-based solutions.
- Use software engineering skills and experience to minimize toil and craft lightweight approaches to simplify processes and tools.
- Support the development of security standards by creating reusable templates and patterns for ease of use and increase productivity of the security program.
- Foster, and build a community of practice for collective learning of the security tools, practices and systems across all disciplines within the College Board.
- Collaborate with DevSecOps product owner to breakdown and prioritize work in the product backlog.
- Communicate clearly and effectively across the organization, with a sharp sense of what is most important to the matter at hand.
Education/Years of Experience:
- A bachelor’s degree in Computer Science, Engineering, or MIS or equivalent experience.
- 10+ years’ experience with extensive exposure to numerous aspects of software development, cloud, DevOps, and information security.
Related Skills and Other Requirements:
- Strong knowledge and experience in cloud and application security domains.
- Ability to find, collect, and distill data to guide action and resolve problems
- Deep understanding of Amazon Web Services (AWS) including VPC, ELB/ALB, IAM, KMS, EC2, Config, CloudTrail, CloudFormation, Lambda, and others. An AWS professional level certification is a plus, Security Specialty certification a big plus.
- Strong and evolving competence in multiple programming languages and technologies, working knowledge of multiple tools sets, technologies and implementation environments.
- Demonstrated expert level proficiency in the architecture, design and delivery of loosely coupled enterprise web and microservices solutions in the cloud.
- Working knowledge of IP networking, VPNs, DNS, load balancing and firewalls.
- Experience building infrastructure as code using AWS CloudFormation, Terraform or similar automated techniques.
- Experience with Chef, Puppet, Salt, or Ansible in production environments.
- Experience in establishing secure software development guidelines and in performing security code and design reviews.
- Experience in documenting security design and architecture artifacts and presenting artifacts for architectural review.
- Effective communication skills are a must along with a strong customer service orientation, and the ability to clearly discern client needs.
- Experience with Akamai WAF and CDN products a plus.
- Ability to self-manage assigned projects, and delegate to and supervise the completion of tasks by other team members.
- Ability to work independently with minimal direction.
- Strong interpersonal skills, written and verbal communication.
- Strong decision-making, problem-solving skills, critical thinking and testing skills.
- A growth mindset and love of learning new technologies.
- Exceptional attention to detail
This position will be subject to a background check.
The College Board is dedicated to the principle of equal opportunity and its programs, services and employment policies are guided by that principle.