Job Description
General Responsibilities:
Designs, implements and maintains application security systems to ensure high levels of data integrity and employee safety. Creates policies and procedures to ensure consistent adherence with industry standards, and protection of client and employee data across varied application Tech stack. Performs vulnerability assessments, conducts penetration testing and evaluates findings from third-party security resources.

Essential Roles and Responsibilities:

• Designing and developing security architectures for systems that reside in on-prem and cloud environments based on security requirements, risk, resiliency needs and best practices.
• Creating architectures that minimize cyber risks impacting the integrity, availability, or confidentiality of organizational assets.
• Executing threat model analysis and authoring detailed patterns and standards to identify & reduce risk.
• Representing cyber security in the development and implementation of the overall enterprise architecture. Acting as the ambassador and senior technical representative for security while engaging with other senior technical leaders.
• Directly influencing security improvements across the entire technology stack
• Analyzing, designing, and developing roadmaps and implementation plans
• Implement SSDF and DevSecOps practices across the Applications.
• Migrating manual processes to leverage automation within cloud.
• Designs, implements, integrates, and tests enterprise class security and incident prevention solutions.
• Designs, implements, integrates, and tests automated response, threat analysis, and IPS/IDS solutions.
• Mentors junior staff as a resource for industry best practices, technical direction, and professional practice.
• Develops security strategy plans and roadmaps based on sound enterprise architecture practices.
• Develops security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
• Tracks developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.
• Conducts security assessments of internal systems, applications, and IT infrastructure as part of the overall risk management practice of the organization.
• Conducts vulnerability assessments and other security reviews of systems, and prioritizes remediation based on the risk profile of the asset and guidance from the information technology management team.
• Reviews and assesses security and infrastructure logs for indicators of compromise (IOCs) or other anomalous behavior within networks, applications, or user profiles.
• Ensures that a complete, accurate, and valid inventory of all systems, infrastructure, and applications is conducted that should be logged by the security information and event management (SIEM) or log management tool.
• Coordinates with legal and/or privacy management to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommends controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.).
• Validates IT infrastructure and other reference architectures for security best practices and recommends changes to enhance security and reduce risk where applicable.
• Supports the testing and validation of internal security controls as directed by Senior Security Architect.
• Reviews security technologies, tools and services, and make recommendations to organizational peers for their use based on security, financial, and operational metrics.
• Conducts incident response exercises with colleagues throughout the organization and incorporate lessons-learned into existing security architectures and practices.
• Liaise with other security architects and practitioners to share best practices and insights.
• Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls and recommends remedial action.
• Works with junior staff on deploying, tuning and running vulnerability-scanning and penetration-testing tools.
• Follow safety rules, guidelines and standards for all projects. Participate in pre-task planning. Report any safety issues or concerns to management.
• Maintain quality standards on all projects.

Requirements:

• Bachelor’s degree in Information Technology/Systems, Cybersecurity, Information Security, or related field and a minimum of 8 years’ experience. Or, in lieu of degree, a minimum of 12 years’ relevant experience.
• The Security Architect will be required to translate complex security-related matters into business terms that are readily understood by line-of-business and information technology colleagues and should anticipate presenting his/her findings both in person and in written formats.
• The Security Architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers.
• Security services and technology implementations will require solid project management skills.
• CISSP or comparable within 12 months of hire.
• Working knowledge/experience deploying Zero Trust Architecture is a plus.
• Understanding and working experience with risk management and control frameworks (NIST 800-53, SOC2) and industry best practices.
• Expertise with at least three or programming language (.NET, C#, Java, Python, Ruby, Powershell, etc) and Web application frameworks: like ASP.NET, Ruby on Rails, Django, Angular, React, etc
• Experience with Static Code Analysis tools like Checkmarx, Fortify, SonarQube, Veracode. etc and Dynamic Application Scanning like Burp Suite, OWASP ZAP, Acunetix, Netsparker
• Dynamic Application Scanning: Burp Suite, OWASP ZAP, Acunetix, Netsparker
• Valid driver’s license with acceptable violation history.

Preferred Certification:

• GIAC – GISP
• GIAC - GSEC
• CompTIA CASP
• CCNP/CCIE
• TOGAF

About Terracon
Terracon is a 100 percent employee-owned multidiscipline consulting firm comprised of more than 6,000 curious minds focused on solving engineering and technical challenges from more than 175 locations nationwide. Since 1965, Terracon has evolved into a successful multi-discipline firm specializing in environmental, facilities, geotechnical, and materials services. Terracon’s growth is due to our talented employee-owners exceeding expectations in client service and growing their careers with new and exciting opportunities in the marketplace.

Terracon’s vision of “Together, we are best at people” is demonstrated through our excellent compensation and benefits package. Based on eligibility, role and job status, we offer many programs including medical, dental, vision, life insurance, 401(k) plan, paid time off and holidays, education reimbursement, and various bonus programs.
EEO Statement
Terracon is an EEO employer. We encourage qualified minority, female, veteran and disabled candidates to apply and be considered for open positions. We do not discriminate against any applicant for employment, or any employee because of race, color, religion, national origin, age, sex, sexual orientation, gender identity, gender, disability, age, or military status.