Cyber Security Architect

Role: Cyber Security Architect

Location: Auburn Hills, MI (Hybrid 2-3 days onsite in a week)

Duration: Long Term

Job Description:

Seeking a highly skilled and experienced Senior Cyber Security Architect to join our team. The ideal candidate will have a strong background in enterprise applications, with a special focus on Platforms and APIs. This role requires a comprehensive understanding of security architecture principles and the ability to design, implement, and maintain robust security solutions across our organization's technology landscape.

Key Responsibilities:

• Lead the design and implementation of security architectures for enterprise applications, platforms, and APIs.
• Develop and maintain security standards, guidelines, and best practices for application development and integration.
• Conduct security risk assessments and threat modeling for new and existing enterprise applications and platforms.
• Collaborate with development teams to ensure security is integrated throughout the software development lifecycle (SDLC).
• Design and oversee the implementation of authentication, authorization, and access control mechanisms for APIs and platforms.
• Evaluate and recommend security tools and technologies for application and API security.
• Develop and maintain security documentation, including architecture diagrams, policies, and procedures.
• Provide expert guidance on secure coding practices and application security testing methodologies.
• Stay current with emerging threats, vulnerabilities, and security technologies in the application and API security space.
• Participate in incident response planning and execution related to application security incidents.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related field. Master's degree preferred.
• 8+ years of experience in IT security, with at least 5 years specializing in application security architecture.
• Deep understanding of enterprise application architectures, microservices, and API security principles.
• Strong knowledge of OWASP Top 10, SANS Top 25, and other industry-standard security frameworks.
• Expertise in secure software development practices and secure SDLC methodologies.
• Proficiency in cloud security architectures (AWS, Azure, Google Cloud Platform) and container security.
• Experience with identity and access management (IAM) solutions and federated authentication protocols.
• Familiarity with DevSecOps practices and tools.
• Strong understanding of cryptography and key management systems.
• Experience with security information and event management (SIEM) systems and log analysis.
• Knowledge of relevant compliance standards (e.g., PCI DSS, HIPAA, SOC 2, ISO 27001).

Additional Qualifications (Nice to Have):

• Relevant security certifications such as CISSP, CSSLP, CCSP, or SABSA.
• Experience with threat modeling methodologies (e.g., STRIDE, DREAD).
• Familiarity with application security testing tools (SAST, DAST, IAST).
• Understanding of network security principles and architectures.
• Experience with secure API gateway solutions and API management platforms.
• Knowledge of serverless architectures and their security implications.
• Familiarity with blockchain technology and associated security considerations.

Soft Skills:

• Excellent communication skills, with the ability to explain complex security concepts to both technical and non-technical audiences.
• Strong analytical and problem-solving skills.
• Ability to work collaboratively in cross-functional teams.
• Leadership experience in driving security initiatives across an organization.
• Adaptability and willingness to learn new technologies and security approaches.