Infosec
Architect
Remote-
Any visa
6-12
months+ contract
The candidate should be proficient in all
aspects of cloud security including identity and access management, defining
organizational structure and policies, using both Google and Crowdstrike
technologies to provide data protection, configuring network security defenses,
collecting and analyzing logs, and properly integrating into CI/CD pipelines.
This is a critical initiative for the entire company, and we are looking for
someone who takes initiative, builds processes, successfully engages with
business stakeholders, and can get up to speed quickly!
Key Responsibilities
- Collaborating with
Express Information Security to assist in the development of Express
Google Cloud Security architecture
- Assist
Express Information Security in ongoing efforts to enhance GCP Cloud
Security Posture
- Provide
accurate cost information for new services or expansion of existing
services
- Coordinate
with key stakeholders to identify, configure and document key GCP
Organizational Policies for securing the environment
- Develop
strategy and processes to ensure proper logging for all enabled GCP
services, not limited to Compute Engine, VPC/Networking, GKE, Storage,
Data Access and IAM
- Architect
best practices for setup, usage and monitoring of service accounts
- Work
with the cloud operations teams in the definition and implementation of
security standards and best practices
- Collaborate
with Business Directors, System Owners, Managers, and Stakeholders to
define expectations including needed security requirements
- Provide
accurate and thorough estimates of time and resources necessary to
complete security efforts
- Perform
architectural and design reviews through the security lens and provide
timely, actionable requirements and recommendations
- Collaborate
with DevOps and e-commerce teams to ensure security is automated and
elastic across all cloud platforms
- Promote
CI/CD methodologies throughout the development lifecycle utilizing
Crowdstrike Workload Protection tools and integration of security best
practices into development and deployment pipelines
- Assess
and propose Google Cloud solutions regarding cloud security to Express
Information Security team and leadership
Required Experience & Qualifications
- 5+ years’ experience working in an information security
discipline
- 5+
years’ experience working in cloud environments and understanding of cloud
infrastructure (Google Cloud and AWS)
- Strong
understanding of retail domain preferred
- Familiarity
with compliance frameworks such as PCI, SOX and NIST
- Understanding
of modern cloud technology components and deployment patterns: virtual
machines, containers, Kubernetes, serverless, infrastructure as code, etc.
- Experience
with Crowdstrike Horizon and Cloud Workload Protection
- Experience
working with on-site and off-site development teams, coordinating work,
expectations, and delivery
- Excellent
written and verbal communication skills with the ability to present
complex technical information in a clear and concise manner to a variety
of audiences
- Four-year
degree in Computer Science or an equivalent combination of course work and
job experience
Critical Skills & Attributes
- Possesses and demonstrates curiosity
- Ability
to proactively identify opportunities for process and efficiency
improvements
- Demonstrates
excellent communication skills to both technical and non-technical
personnel
- Possess
the art of negotiation to drive to end state needs
- Ability
to clearly articulate and drive alignment across multiple teams and
departments
- Ability
to create and describe project estimations with assumptions and risks
- Ability
to work in a fast-paced environment while managing multiple
responsibilities
- Executes
with limited to no supervision; self-motivated and self-directed
--