(Hybrid) Enterprise Architect, Information Security

Overview
At PenFed, we value our colleagues and are proud of our positive work environment. We are continually on the look-out for top performers who are interested in joining our team! Our mission is to provide our members the tools to reach their financial goals. Each employee at PenFed has an impact on our members, our colleagues, and our communities. If you are seeking to take your career to the next level, join our team!
PenFed is hiring a (Hybrid) Enterprise Architect, Information Security at our Tysons. Virginia location. The primary purpose of this job is to provide expert level direction and support in analyzing complex applications, codes, network, management systems, and for planning, designing, evaluating, and selecting cyber security systems and suites. The Security Architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices. The Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies, services, and projects that address organization-wide needs, assess options, produce organization-wide designs, deliverables and roadmaps, and review complex project architectural deliverables for enterprise-wide impacts.
Responsibilities
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties and the position will perform other duties as assigned.

• Participate in designated projects and business initiatives as the security subject matter expert.
• Lead large and complex initiatives and solutions (involving multiple departments, new/leading edge technology, integrating several technology types, high visibility and/or risk, resulting in significant organizational change).
• Establish and maintain relationships with senior executives, business unit leaders, partners, affiliates and vendors to ensure IT and cyber security protocols are met.
• Develop and maintain Security Reference Architecture for highly scalable and fault-tolerant applications that adhere to expected standards and discipline from a security posture.
• Collaborate with IT staff , subject matter experts , business partners, clients and senior managers to understand business processes/functions/capabilities ; assess the types of architecture service needed; plan and design solutions and service delivery.
• Gather and analyze requirements/use cases from product owners.
• Infrastructure: network security (including zero trust networks, AWS IAAS/PAAS, and NGFW, NSX, SASE), log/event management, automation of security controls, configuration standards, implementing security frameworks (e.g. CIS Critical Security Controls/SANS Top 20) at enterprise level, AWS security architecture and design, IAM/SSO implementation and design, cryptographic key management
• Stays current with cyber security community to maintain/develop formal and informal sources of information and incorporate industry best practices where applicable
• Conduct evaluation and comparison of alternative solutions; determines suitability within enterprise roadmaps and business plans; ensures the alignment of solutions with organizational strategies and needs and engages in risk assessment and mitigation.
• Presents a detailed understanding of emerging threat landscape.
• Expert level technical expertise across multiple security domains, including identity and access management, security operations, infrastructure security, data security, threat modeling, pen testing and a focus area in one or more tracks:
  
  
  • Application: application security, static and dynamic application testing, secure coding standards, microservices and cloud based API security, cloud based (SAAS - Salesforce, PAAS) application security, OAUTH/SAML
  • Infrastructure: network security (including zero trust networks, AWS IAAS/PAAS, and NGFW, NSX, SASE), log/event management, automation of security controls, configuration standards, implementing security frameworks (e.g. CIS Critical Security Controls/SANS Top 20) at enterprise level, AWS security architecture and
    design, IAM/SSO implementation and design, cryptographic key management
• Leverage technology wherever possible to minimize manual processes.
• Play an active role in developing security technical architecture and designs which supports a robust solution, while taking into account the business priorities and view from security perspective in order to identify threats, risks, and mitigations in the solutions accordingly.
• Work with the product organization to develop secure business requirements, develop the security architecture and integrate into long term platform strategy.
• Provide technical and architectural oversight for systems and projects that are required to be always on, always secure and always complaint.
• Application: application security, static and dynamic application testing, secure coding standards, microservices and cloud based API security, cloud based (SAAS - Salesforce, PAAS) application security, OAUTH/SAML
• Must be involved in the development, delivery, maintenance, communication and governance of architectural principles and standards.
• Review business processes from security perspective and identify threats, risks, and solutions accordingly.
• Work directly with project development teams to enable successful project implementation applying the recommended security tools, technologies and techniques. Provide expertise to project team engineers as needed.
• Gain an understanding of Current State and Target State Security Architecture and then working to define a strategy for technical direction around security for on premise and cloud platforms.
• Conduct proof of concept activities with key business users in support of advanced use cases.
• Excellent verbal and written communication skills, such as meeting facilitation, presentation documentation, and interpersonal communications skills.
• Keeps abreast of adversary tactics, techniques and procedures, intelligence reporting and the PenFed IT Security strategy to enable the practical application of intelligence to information security

Qualifications
Equivalent combination of education and experience is considered.

• Experience with Payment Processing or Financial Services systems is considered a plus.
• Knowledge of security access control software, equipment and processes required.
• Minimum of twelve (12) years of experience architecting, designing and developing large scale security solutions utilizing a mixture of hardware, software and cloud technologies.
• Bachelor's in Computer Science related discipline, or equivalent combination of education & experience in information security in a large, highly-regulated enterprise.
• Minimum of twelve (12) years of hands-on experience in the Information Technology industry, specifically related to security design and development, database design and development, risk management, and system integration.

Licenses and Certifications

• Working knowledge of Data Security Best Practices; At Rest, In Flight and In Use
• Ability to present technical concepts to non-technical audiences
• Technical security certifications required CISSP, CRISC, GICSP (with GICSP, MCSE, GIAC preferred)
• Technical certifications AWS, Azure and SalesForce preferred.

Work Environment
While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.
*Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*
Travel
Ability to travel to various worksites.
About Us
Established in 1935, PenFed today is one of the country's strongest and most stable financial institutions with over 2.8 million members and over $36 billion in assets. We serve members in all 50 states and the District of Columbia, as well as in Guam, Puerto Rico and Okinawa. We are federally insured by NCUA and we are an Equal Housing Lender. We are available to members worldwide, via the web, seven days a week, twenty-four hours a day.
We provide our employees with a lucrative benefits package including robust medical, dental and vision plan options, plenty of paid time off, 401k with employer match, on-site fitness facilities at our larger locations, and more.
Equal Employment Opportunity
PenFed management will maintain and observe personnel policies which will not discriminate or permit harassment or retaliation against a person because of race, color, creed, age, sex, gender, gender identity, gender expression, religion, national origin, ancestry, marital status, military or veteran status or obligation, the presence of a physical and/or mental disability or medical condition, genetic information, sexual orientation, and all statuses protected by applicable state or local law in all recruiting, hiring, training, compensation, overtime, position classifications, work assignments, facilities, promotions, transfers, employee treatment, and in all other terms and conditions of employment. PenFed will also prohibit retaliation against individuals for raising a complaint of discrimination or harassment or participating in an investigation of same.
PenFed will also reasonably accommodate qualified individuals with a disability so that they can apply for a job or perform the essential functions of a job unless doing so causes a direct threat to these individuals or others in the workplace and the threat cannot be eliminated by reasonable accommodation or if the accommodation creates an undue hardship to PenFed. Contact human resources (HR) with any questions or requests for accommodation at 240-224-4256.