IT Security Architect at The Computer Merchant, LTD.

Boston, MA 02116

About the Job

JOB TITLE: IT Security Architect
JOB LOCATION: Boston MA
WAGE RANGE*: $80-$85
JOB NUMBER: Client-25-1030-0P100-0P110-110937

REQUIRED EXPERIENCE:

Continuously provide feedback and recommendations for the protection of user accounts, employee information, and constituent data.
Possess and utilize professional communication skills.
Identify and communicate current and emerging cybersecurity threats.
Maintain a general understanding of current Laws, Articles and Regulations regarding Massachusetts resident's data.
Understand and monitor compliance with enterprise security policies and standards.
Participate in continuous process improvement activities by providing documented security guidance and recommendations to various stakeholders and teams.
Assist in the creation and upkeep of documented managed processes that apply security requirements from enterprise security policies and standards to the work being performed by the Security Team.
Respond to each inquiry, whether from a customer, vendor, or co-worker in a courteous and professional manner.
Perform duties and project work as assigned.
Provide on-call support as needed.
Be willing and able to drive a company or personal vehicle to assist at emergencies and/or events as needed.

QUALIFICATIONS:

Bachelor's degree or relevant applied experience in computer, network, data, or cloud technologies.
Knowledge of all layers of the OSI model.
Knowledge of and experience with security architecture frameworks.
Current knowledge of the cyber threat landscape, vulnerability management strategies and tactics, security monitoring requirements and implementation, and security operations analytics.
Knowledge of cyber security frameworks such as NIST CSF, CIS 18, etc.
Demonstrated ability to perform risk assessments of applications, databases, and/or infrastructure.
Excellent verbal and written communication skills.
Experience with creating and updating documentation related to security requirements and managed processes.
Ability to work as part of a team as well as independently.

JOB DESCRIPTION

Document designs for configuration and controls to reduce cyber and information security risk for applications, infrastructure, and data.
Guide implementation of security configuration and controls and help test the effectiveness of the implementation.
Discuss proposed IT changes (including but not limited to new technology) with subject matter experts and implementers so that security risks are identified before implementation.
Client and document the current state of configuration and controls protecting applications and infrastructure to help the IT teams understand where there are gaps or weaknesses and how the cyber risk context may have changed since initial implementation.
Take an active role on the Cyber Incident Response Team (CIRT) when there are investigations, incidents, or practice exercises.

DUTIES & RESPONSIBILITIES:

Systems Requirements Planning

Develop and document secure system designs by applying the principles of Zero Trust, micro-segmentation, and other approaches for reducing cyber risk.
Provide subject matter expertise to the Information Security Risk Management Team as they are assessing risk for new technologies or use cases.
Guide technology teams by applying your knowledge of cloud services, solution platforms, data center hosting environments, and IP networking to all proposed solution architecture to help them apply secure configurations and conform to security standards.

Systems Security Architecture

Serve as a security representative on technology project teams to provide guidance and support during the project lifecycle.
Ensure that security controls are designed, implemented, and documented.
Advise on the criticality and remediation of known software and firmware vulnerabilities.
Create and document solutions using a risk-based approach, that considers the business requirements, compliance requirements, and cyber risk across all functions in the NIST Cyber Security Framework.
Serve as a member of the Cyber Incident Response Team.
Design, document, build, implement, and support enterprise-class security tools and systems.
Perform or supervise security assessments on critical and important technology infrastructure and applications.
Maintain current knowledge of global cyber threat information, including tactics and techniques, and how they may pose new risk to networks, systems, and applications.
Function as a subject matter expert who can explain highly technical topics to those without a technical background.

Equal Opportunity Employer Veterans/Disabled

* While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions.