Description:

Position Summary: The DevSecOps/ Application Security Architect provides accountability for the security of the technical solutions from the Modern Engineering Center of Excellence. They will ensure that the new technology, processes, and ways of working within IT align with IT strategy, increase the security posture, and drive higher quality products. Modern Engineering is the adoption of DevSecOps processes and tools. The DevSecOps Security Architect is responsible for the technical thought leadership surrounding security considerations of modern product development technology and supporting processes across the company. Primary responsibilities include developing security architecture, code and designs for Modern Engineering solutions (including SAST, DAST, RASP, CI/CD, IaC, immutability, and automated testing), consulting across the FHLBC organization on implementation of security solutions, and training IT to adopt continuous security principles. The ability to build collaborative stakeholder relationships is a must. Duties: • Create policies and standards for their Application Security environment • Serve as SME for security and tooling landscape; stay current on market trends and research • Design and implement architecture of security solutions in accordance with IT strategy and leading practices from industry including AWS Well-Architected Framework • Work directly with business and IT technology owners to understand security requirements, complexities, and implementation strategies • Define, develop, and validate RBAC security configurations when applicable to DevSecOps platforms and environments • Consult with all levels of the organization, including executive leadership, to provide direction for security practices and controls; this includes areas of application security, cloud security, DevOps, compliance, and organizational strategy • Engage and consult with other security leadership including Information Security, Security Advisory & Analytics, and IT Risk & Compliance to define Security Standards and Procedures and integrate security considerations within the software development lifecycle • Define, review, and implement Modern Engineering cloud-specific Security Standards, Procedures, and Guidelines • Engage and consult with the DevSecOps and IT Delivery Teams to review their architecture and security checkpoints, perform gap analyses, implement proof-of-concepts, present findings and recommendations, and automate implementation • Consult on application development projects to assess security requirements and controls, and to ensure that security controls are implemented as planned • Evaluate the benefits and risks of a solution’s security posture and identify implementation strategies to enhance security posture • Review and approve DevSecOps (Modern Engineering) architecture and designs for security posture; to enforce security requirements and address identified risks • Provide oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, tracking progress, and providing status and updates to the enterprise Risk team for reporting purposes • Participate in evaluating security requirements of third-party tools or SaaS Solutions • Consult on and evangelize the behavior change and mindset shifts required of people resources to implement new architecture and processes • Partner with other DevSecOps (Center of Excellence) members and HR to account for effort associated with culture change as part of implementation strategies • Model desired culture including open knowledge sharing, proactive cross-functional collaboration, and adaptive learning via continuous improvement • Educate stakeholders from the business and IT on security solutions and how to best leverage the Modern Engineering solutions and processes to enhance the FHLBC security posture • Develop project case studies, training materials and technical guidance on how to “shift left” on security implementation for teams within FHLBC • Assist with estimating work efforts required for each phase of a project • Lead and coordinate technical reviews (architectural, security, compliance, etc.) • Implement key performance indicators (KPI) to monitor process health and service metrics Requirements: • Experience with: Azure Devops, GIT, GITlabs, and AWS EKS OR Docker • Bachelor’s Degree or equivalent experience required. Computer Science, Computer Information Systems or related field preferred • Certification from leading vulnerability management frameworks (e.g., SANS, CISSP, OSCP) preferred • 10+ years of security experience including implementation of security controls for applications, cloud, and/or DevOps • 5+ years of software engineering experience required • Audit, compliance, and governance experience preferred • Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans • Knowledge of common information security management frameworks, such as ITIL and COBIT frameworks • In-depth knowledge of risk assessment methods and technologies • In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls • Skilled in performing risk, business impact, control, and vulnerability assessments Knowledge, Skills, Abilities and Behaviors: • Proven experience with AWS cloud security best practices (e.g., IAM, WAF, KMS) • Subject matter expertise in security domains, with knowledge pertaining to the majority of these topics: AppSec (OWASP Top10, SANS Top 25), Defense-in-depth, Risk assessment and management, Network topology and security, Network Infrastructure - securing network devices, Network protocols, Virtualization, Intrusion Detection, Intrusion Prevention, Logging, SIEM, Social Engineering, Security policy related to business continuity planning and contingency planning, Incident handling process, Opsec, Data classification, DRM, Pentesting, Vulnerability Analysis, Secure communications including encryption and cipher suites, Linux and Windows security • Strong analytical skills to analyze security requirements and relate them to appropriate security controls • Experience in performing web application and infrastructure penetration security test and threat modeling • Experience collaborating across multiple functional/technical teams to deliver a project • Ability to communicate with customers on a business level and translate their needs into a technical solution • Ability to adapt to organizational change and advocate for the required culture change within the organization • Strong emotional intelligence to identify the behavioral and cultural indicators to team effectiveness • Consultative, collaborative approach to solving complex problems, with customer service skills

Skills:

Architecture, Solutions design, Solution architecture, application security

Top Skills Details:

Architecture,Solutions design,Solution architecture,application security

Additional Skills & Qualifications:

-Communication is key with this being a high level role within the Modern Engineering team -Experience working with developers and DevOps teams TECHNOLOGY STACK BELOW Must Have: Azure DevOps, GIT, GITLabs and AWS EKS and/or Docker Agile Framework: Azure DevOps Boards Automated Testing: Protractor xUnit/SpecFlow Zalenium SauceLabs Azure DevOps Test Plans xUnit Artillery.io CI/CD: Git Azure DevOps Repos JFrog Artifactory Azure DevOps Pipelines Helm Continuous Security: AWS Key Management Service SonarSource SonarQube CheckMarx OWASP ZAP TwistLock Splunk AWS Secrets Manager JFrog Xray Immutability: Docker AWS Elastic Kubernetes Service Istio Hashicorp Terraform Enterprise Hashicorp Sentinel Organization: Agile Maturity Model

Experience Level:

Expert Level

About TEKsystems:

We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.