Information Security Architect Jobs

Hollstadt Overview

Hollstadt Consulting is a management and technology consulting firm dedicated to placing professionals at engagements where they will excel. When you work with us, you'll work with a refreshingly real company led and staffed by seasoned experts who are also down-to-earth, good people. We're committed to treating you with respect and helping you achieve your career aspirations.
Since 1990, Hollstadt has been a trusted partner to more than 150 domestic and global companies and has successfully completed over 2,000 projects. Our continued growth has created challenging and rewarding opportunities for accomplished IT and Business Consultants. Hollstadt Consulting is an equal opportunity employer including disability/veteran.

We seek an Information Security Architect to maintain and improve our security practice with system integration, software development, and application deployment pipelines.

The Information Security Architect is responsible for the definition, standardization, and reuse of practical security architecture patterns for internally developed applications, integration of third-party applications and the supporting infrastructure. This role is responsible for ensuring that solution security patterns are in alignment with Enterprise Architecture, Infrastructure, and Information Security strategies, as well as with company’s business strategies and product roadmaps.

The successful Information Security Architect will work across the global corporate organization to translate business requirements into security architectures and requirements, build security blueprints and roadmaps, provide long-range guidance on technology selection and implementation within one or more shared systems, and will assume a technical leadership and mentoring position on large development initiatives.

Requirements:

• More software development side not infrastructure
• Demonstrate strong business and technical skills in the planning, administration, and management of information systems, administrative and technical security controls, and security risk analysis, threat modeling and management.
• Strong understanding of secure software development practices and technologies, including vulnerability detection/identification/remediation.
• Bachelor’s degree in computer science, management information systems, or related field. However, upon evaluation, equivalent related experience and/or education may be substituted for the degree.
• Jump in and understand needs; ability to fit well in a collaborative environment
• Demonstrate strong interpersonal and organizational skills; demonstrated success in working both independently and in a team environment. Above average written and oral communication skills. Demonstrated strong analytical and creative problem solving, and the ability to manage multiple and rapidly changing priorities.
• General knowledge of security frameworks (ISO, NIST, HIPAA, etc.)
• Something to note: a lot of Info Sec comes from the infrastructure side/background, but they are looking for this individual to come from a Software Dev space
• Intimate knowledge of threat modeling (OWASP, MITRE).
• Understanding of/background in software development pipelines and checkpoints (not network/server-build background)
• Information Security Architect specializing in Sec DevOps or Dev SecOps
• Excellent communication skills and can adjust to different levels of customers they are speaking with
• Not afraid to look at code
• 8 years of Information Security experience with responsibilities spanning many Information Security disciplines.
• Demonstrate excellent written and oral presentation skills. Excellent facilitation, collaboration, and negotiation skills.
• Work well with the business teams to solution i.e. “We won’t be able to do that because of this risk, BUT let’s try and look at it with this angle”

Preferred Requirements:

• SAST and DAST scan tools
• GitLab; familiarity with a similar tool works as well
• Cloud security and risk assessment experience preferred.
• At least one Information Security industry certification (e.g., CISSP, GIAC, CISM) is strongly preferred.
• Experience looking at code
• Experience with SAML and/or OAuth technologies a plus.
• Familiarity with cloud technologies – they specifically use AWS
• Previous healthcare experience, but it is more important that they fit well with the highly collaborative environment