- Lokasi: Seattle
- Negeri:
- Negara: United States of America
- Rumah
- ...
- Peranan Terbuka
- Butiran Peranan
Perihalan & Keperluan
***Open to Remote***
We are looking for an experienced senior security architect to join our team. You will design the security architecture for our enterprise core products, with a focus on securing users & administrators, enterprise applications, data, and systems. You will also lead the strategy and work with teams on security mission-critical products such as Active Directory, Entra ID, M365, Device Authentication & Posture management, Red forest/Enhanced Security Admin Environment (ESAE) for Admins.
You will also lead EA’s technical security standard track based on CIS benchmarks to maintain compliance on enterprise systems, and applications. We are looking for a candidate with understanding of security principles, technologies, and best practices across several domains, including network security, application security, data protection, identity management, and cloud security.
You will report to the Director of the Enterprise Security Engineering Core & Admin team
Responsibilities
Lead the enhancement of a secure administrative platform for administrators based on Enhanced Security Admin Environment (ESAE) architecture & privileged access strategy
Secure Active Directory, Okta and Entra ID, ensuring that directory services are protected against unauthorized access and vulnerabilities.
Lead the strategy and architecture for compliance with EA’s security standards based on CIS benchmarks for enterprise systems.
Perform application security reviews and threat modeling on mission-critical systems, & enterprise applications to find and address potential security risks.
Lead the strategy and architecture for device authentication and posture management solution for application access.
Lead the implementation of a zero-trust security model across the organization, ensuring protection of user and admin accounts, systems and data.
Stay up to date with the latest industry security trends, threats, and technologies, and improve the security posture of our enterprise systems, and M365 environments.
Periodically update security policies to incorporate the latest security controls.
Lead the cloud enclave strategy and design to ensure that critical services such as Active Directory can be securely hosted in the cloud enclave.
Ensure that we have a thoroughly tested recovery plan in place to recover from service failures or compromises for services such as Active directory, Okta, Entra ID, and Secure Administrative platforms/Red Forest.
Work with EA’s principal cloud security architect and help engineer and development of security architectures and solutions that ensure the protection of our cloud-based systems and data in M365, AWS & GCP.
Create comprehensive documentation for security architectures, procedures & best practices.
Qualifications
10+ years of experience in information security, with at least 4 years in a senior or architectural role
Technical skills in areas such as network security, cryptography, identity management, threat modeling, application security, and risk management.
Experience with zero trust security models, identity and access management, directory synchronization, and federation services.
Experience integrating enterprise Identity and Access Management (IAM) with CSPs such as Azure, AWS, and GCP.
Experience with device authentication solutions and posture management strategies using Entra ID, Opswat, and Intune.
Expertise in securing directory services such as Active Directory, Okta and Entra ID.
Familiarity with CIS benchmarks and other industry security standards.
Knowledge of authentication standards/protocols (NTLM, Kerberos, LDAP, SAML, FIDO2/WebAuthN, OIDC, OAuth2.0).
Experience developing and testing recovery plans for service failures or compromises for critical services such as Active directory, Entra ID.
Experience with cloud security architectures and solutions (AWS, Azure, Google Cloud) with a emphasis on securing the M365 ecosystem.
Experience with network protocols, encryption techniques, and security frameworks such as NIST and ISO/IEC 27001.
Relevant certifications such as CISSP, CISM, CCSP, or similar
Experience with infrastructure as code (IaC) and automation tools (Terraform, Ansible)