Designs the security requirements necessary to protect the organization’s mission and business processes and implements them in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes. Owns the security transformation projects end-to-end including final verification & testing.
Special focus of this role is towards securing the hybrid on-premise & cloud environment of SUSE, working closely with the IT and the Engineering & Innovation teams.
- Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data from community/public to Common Criteria certified and NDA classified
- Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements
- Ensure that SUSE system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.
- Identify and prioritize critical business functions in collaboration with organizational stakeholders.
- Perform security reviews, identify gaps in security architecture, and develop a long-term architecture improvement plan.
- Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
- Analyze candidate architectures, allocate security services, and select security mechanisms.
- Evaluate security architectures and designs to determine the adequacy of security design and architecture including user needs analysis and propose a target design.
- Translate proposed capabilities into technical requirements.
Education and Experience Required:
- Typically 8+ years of relevant experience.
- Relevant University degree and/or recognized industry certifications are plus, but not required.
Knowledge and Skills:
- Extensive hands-on expertise in public cloud & containers (AWS, Kubernetes) security
- Ability to communicate effectively when writing.
- Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
- Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of authentication, authorization, and access control methods.
- Knowledge of organization's enterprise information security architecture.
- Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
- Knowledge of multi-level security systems and cross domain solutions.
- Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)
This job description has been designed according to the CISA NICE Framework for the Security Architect (Advanced): https://niccs.cisa.gov/workforce-development/cyber-security-workforce-framework/workroles?name=Security+Architect&id=All#
SUSE, the world’s largest independent open source software company, powers digital transformation with true open source technologies for the enterprise that simplify, modernize and accelerate traditional, cloud and edge solutions. SUSE collaborates with partners, communities and customers to deliver and support solutions that enable mission-critical business outcomes. SUSE’s container and cloud platforms, software-defined infrastructure, and artificial intelligence and edge computing solutions allow customers to create, deploy and manage workloads anywhere – on premises, hybrid and multi-cloud. For more information, visit www.suse.com.