Principal Cybersecurity Architect

Play a vital role in shaping the future of an iconic company and make a direct impact in a dynamic environment designed for top achievers.

Job responsibilities

• Leads the Threat Modeling Center of Excellence community, driving the strategic vision, development, and implementation of threat modeling practices across the enterprise. 
• Collaborates with business, technology, and risk stakeholders to embed threat modeling into the architecture review lifecycle and ensure alignment with organizational security objectives.
• Guides the evaluation of current cybersecurity principals, processes, and controls, and leads the evaluation of new technology using existing standards and frameworks
• Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors .
• Works with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
• Serves as function-wide subject matter expert in one or more areas of focus  
• Actively contributes to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Software Development Life Cycle 
• Influences peers and project decision-makers to consider the use and application of leading-edge technologies 
• Adds to team culture of diversity, opportunity, inclusion, and respect 

Required qualifications, capabilities, and skills

• Formal training or certification in software engineering concepts and 10+ years applied experience
• Expert Threat Modeler with hands-on experience as a threat model practitioner
• Deep expertise in threat modeling methodologies (e.g., STRIDE-LM, ATT&CK)
• Passion for mentoring and instructing others on threat modeling.
• Hands-on practical experience delivering enterprise level cybersecurity solutions and controls
• Advanced in one or more programming languages or applications 
• Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
• Ability to tackle design and functionality problems independently with little to no oversight 
• Practical cloud native experience 
• Ability to evaluate current and emerging technologies to select or recommend the best solutions for the future state architecture

• Experience working with AI models and complex distributed data sets
• Proficiency in designing and implementing security controls for cloud environments (e.g., AWS, Azure, GCP)
• Hands-on experience with security assessment tools, vulnerability scanning tools, and penetration testing methodologies
• Experience working in finance or another highly regulated industry. Strong understanding of regulatory requirements such as GDPR, HIPAA, PCI-DSS, and SOC 2. CISSP, CISM, or other relevant certifications
• Experience engaging stakeholders across an organization to set strategy, align on priorities and deliver to a roadmap while managing to business needs and requirements

#CTC