Connecting linkedin

Senior Cloud Security Architect

  • Location

    Munich, Bayern

  • Sector:

    Information Security

  • Job type:

    Permanent

  • Salary:

    £95000 - £115000 per annum + 20% variable bonus

  • Contact:

    Nicolo Felici

  • Contact email:

    NicoloF@montash.com

  • Salary high:

    115000

  • Salary low:

    95000

  • Job ref:

    111_1594029413

  • Published:

    about 1 month ago

  • Expiry date:

    2020-07-13

  • Startdate:

    ASAP

Senior Cloud Security Architect

Job Description

Responsibilities

  • Steer and manage the cloud security architecture, including the in statement of processes, standards, design patterns and architecture blueprints including metrics and KPIs.
  • Steer guide and train architects, security architects and engineers to integrate security within the company's projects and solutions.
  • Act as subject matter expert on cloud security architecture and secure designs
  • Manage relationships security vendors
  • Provide security consultation for teams and projects including end to end risk assessments

Knowledge and experience

  • Bachelor/ Master/ PhD degree in Computer Science / Information Technology or equivalent experience
  • Minimum 10 years of relevant hands on experience in security engineering
  • Minimum 5 years demonstrating expertise in security architecture
  • Strong background in security architecture with a solid understanding of security concepts, best practices, threats, vulnerabilities, risks, and policies
  • Strong understanding of complex enterprise networks and large mix vendor network environments
  • Proven experience in designing conceptual security architecture for cloud environment (Public, Hybrid & Private)
  • Experience with planning of cloud migrations as a security expert including the securing of applications transformation to PaaS/SaaS models.
  • Extensive background in the research, adoption and implementation and operation of commodity and innovative security solutions and their cloud equivalents (e.g. IDS/IPS, Firewalls, Application Firewalls, Anti-Virus/HIPS, Mail Filters, Secure Gateways, etc.)
  • Strong foundation in various network and host security domains such as cloud computing, virtualization, remote access, network availability and resiliency, device hardening, network segmentation and zoning, mobility, collaboration and more
  • Deep understanding of the TCP/IP protocol stack and major protocols
  • Experience in security controls for WAN, LAN, and WLAN architectures
  • Policy development pertaining to network security architecture and design
  • Strong experience in Threat Modeling of complex security systems
  • Experience in defining security architecture roadmaps for a large or complex organizations (desirable)
  • Experience with working with architecture and security architecture frameworks such as TOGAF or SABSA (desirable)
  • Solid understanding of ISO2700 series, NIST control framework, CSA or similar is experience advantageous. Privacy knowledge desirable (GDPR). Desirable qualifications include: CISSP, CCSP, or similar.
  • Policy and process development for the integration of security architecture throughout the IT organization
  • Strong background experience in cyber security, working within large and complex organisations.
  • Experience in managing large scale projects and vendor performance
  • Strong experience in documenting audit findings and escalating residual risk.
  • Strong consulting experience in projects and digital transformation.
  • Excellent written and spoken English, and able to effectively communicate to technical and non-technical audiences. The same in German is advantageous.

Qualities:

  • Self-starter, able to take initiative and identify information/cyber risk within the business.
  • Strong Stakeholder Management experience at all levels.
  • Team player, with a customer/business-centric approach.
  • Ability to translate complex security risks into simple business requirements.
  • Strong experience in auditing controls against policies, standards, and frameworks.
  • Ability to raise awareness about Security best practices to business audiences.