Information security architect at Remote, Remote, USA |
Email: [email protected] |
From: Laya, Incom Technologies [email protected] Reply to: [email protected] Background: The Maryland Department of Health (MDH) is building a web-based Provider Management Module (PMM) to support Provider Enrollment, Revalidation, Re-Enrollment, and Update services for participation in State Medicaid. We are seeking an Information Security Architect who will play a critical role in ensuring the confidentiality, integrity, and availability of our organization's information assets. The candidate will be responsible for designing and implementing robust security solutions, collaborating with cross-functional teams, and staying abreast of the latest security trends and technologies. Key duties and responsibilities include: Duties/Responsibilities: Develop and maintain identity and access management strategies, including role-based access controls, authentication, and authorization mechanisms to safeguard sensitive data and systems. Design and implement secure API architectures, ensuring proper authentication, authorization, encryption, and auditing for seamless and secure data exchange. Define and enforce data security measures to uphold the Confidentiality, Integrity, and Availability (CIA) triad principles across various data types and storage systems. Establish and oversee application security architectures, incorporating security best practices throughout the software development lifecycle to mitigate vulnerabilities. Stay informed about the latest Open Web Application Security Project (OWASP) API vulnerabilities and attacks to proactively identify and address potential threats. . Implement end-to-end security controls in web applications, ensuring compliance with FIP 140-2 requirements for encryption and other security measures. Leverage Splunk's threat intelligence capabilities to analyze and respond to security incidents, providing real-time insights into potential threats and vulnerabilities. Implement and adhere to National Institute of Standards and Technology (NIST) security controls (800-53), applying a risk-based approach to security management. . Lead and participate in breach incident response efforts, coordinating with internal teams and external stakeholders to contain, mitigate, and recover from security incidents. Utilize Certified DevSecOps Professional expertise to integrate security practices into the DevOps pipeline, promoting a culture of continuous security improvement. Education and Certification: Bachelor's degree in Computer Science, Computer Engineering or similar. Certified DevSecOps Professional is highly desirable Experience: A minimum of 10 years of relevant experience in information security architecture and design. Proven experience with IAM solutions and role-based access controls. Extensive experience in designing and securing cloud-based environments, including Infrastructure as a Service (laaS), Platform as a Service (Paas), and Software as a Service (SaaS) platforms. Proficiency in cloud security controls, identity federation, and data encryption in cloud environments. In-depth understanding of network security protocols, firewalls, intrusion detection/prevention systems, and VPN technologies. Ability to design and implement secure network architectures to protect against external and internal threats. Demonstrated expertise in API security, API gateway implementation, and secure data exchange. Strong understanding of the CIA triad principles and their application in data security. Hands-on experience working with development teams to integrate security practices into the software development lifecycle (SDLC). Familiarity with secure coding practices, code analysis tools, and continuous integration/continuous deployment (CI/CD) pipelines. Extensive knowledge of application security architecture and secure coding practices. Familiarity with OWASP API vulnerabilities and attack vectors. Experience working with relevant industry standards (e.g., ISO 27001, PCI DSS) and regulations. Experience in conducting security audits, risk assessments, and developing remediation plans. Hands-on experience implementing security controls in web applications, ensuring FIP 140-2 compliance. Proficiency in utilizing Splunk for threat intelligence and incident response. In-depth knowledge of NIST security controls (800-53) and their implementation. Track record of managing and responding to breach incidents effectively. Should possess excellent communication and teamwork skills, a deep understanding of industry best practices, and the ability to adapt and innovate in a rapidly evolving security landscape. This role requires a strategic thinker with a hands-on approach to security implementation and a strong commitment to safeguarding the organization's digital asset -- Keywords: continuous integration continuous deployment |
[email protected] View all |
Wed Aug 16 21:04:00 UTC 2023 |