Technology Cloud Security Architect
Description:
Technology Cloud Security Architect
Cooley is seeking a Technology Cloud Security Architect to join the Security team.
Position Summary: Cooley Technology embraces a culture of customer service excellence, and all members of the department are expected to move this agenda forward. To that end, the Technology Cloud Security Architect is expected to recognize that the Cooley Technology department is a service organization first and foremost and will be evaluated on this requirement equal in importance to the technical or operational responsibilities outlined later in this document.
The Technology Cloud Security Architect will work to maintain and monitor the security practices and systems implemented by the Firm within our cloud environments. The Technology Cloud Security Architect will proactively identify and mitigate cyber threats to minimize architectural and operational risk. This role requires a deep understanding of advanced cloud architectures, threat detection techniques, strong analytical skills, and the ability to work collaboratively with other security professionals and other Cloud Architects on the Technology Infrastructure and Development Operations team. Specific duties include, but are not limited to, the following:
Position responsibilities
Develop and maintain a comprehensive security architecture framework that aligns to the enterprise architecture strategy and the organizations strategic objectives
Architect, design, prioritize, coordinate, and communicate the security technologies necessary to ensure a highly secure yet usable computing environment in the Cloud
Develop and implement architectural reference patterns to direct the selection, development, deployment, and utilization of Technology systems across the organization
Perform and participate in risk and security assessments, follow and enhance the security solutions lifecycle (evaluation, purchase, build, technical policy configuration, integration into Cloud environments, and run)
Develop strategies to handle security incidents and coordinating responses to security breaches
Recommend and coordinate implementation of identity and access management controls for cloud services
Provide security guidance across the system development life cycle, including security architectural reviews
Contribute to the development and implementation of security technology solutions for complicated and more complex environments and architecture
Analyze business impact and exposure based on emerging security threats, vulnerabilities and risks, and recommend technologies and solutions to mitigate them
Ensure that cloud-based systems meet industry security standards and regulatory requirements
Contribute to Cloud security solutions R&D to evaluate the latest cutting-edge tools against unfilled strategic security capabilities to drive business priorities
Act as a subject matter expert on the implementation and capabilities of existing security controls
Provide direction and thought leadership to enterprise-wide initiatives applying security principles such as access control, encryption, and host security as well as state of the art and emerging technologies such as cloud computing, mobile computing, and next generation architecture
Identify the need for new security technology solutions; design, review and collaborate on the deployment of new solutions
Stay up to date with the latest developments in security technologies, including mitigation strategies, threats, tools, attack vectors, and preventative measures, to enhance the organization security posture
Work closely with other technology architects and engineers to ensure security is properly represented in their technology domains and integrated into their project planning to ensure consistency and compatibility
Actively communicate with stakeholders to drive awareness and understanding of security architecture roadmaps and directions
Providing training and guidance on cloud security best practices to Technology staff and other employees
Required to participate in a 7x24 on-call rotation
Perform other duties as assigned
Skills and experience:
Required:
After orientation at Cooley LLP, exhibit proficiency in the Microsoft Office suite, iManage and other firm applications
Ability to work extended and/or weekend hours, as required
Ability to travel as required
3+ years direct applicable experience (e.g., cloud architecture security)
Eligible for consideration of Senior designation 5+ years direct applicable experience
Extensive knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred) and AWS
Extensive knowledge and experience with developing Cloud Security Frameworks using industry best practices such as those from the Cloud Security Alliance (CSA) and NIST CSF
Experience with implementing security tools and architecture in Cloud environments such as:
Access Controls
Data Loss Prevention (DLP)
Web Application Firewalls (WAF)
Secure SDLC and Software Security
Firewalls
Anti-malware and anomaly detection controls
Data encryption in transit and at rest
Network security
Monitoring
Experience with a formal requirements definition
Preferred:
Bachelor's degree in information technology or computer information systems
Knowledge of the MITRE ATT&CK framework and NIST Cyber Security Framework
Familiarity with common security controls in the enterprise (Firewall, Proxy, AV, SIEM, etc.)
Experience with incident response procedures
Extensive knowledge and understanding of security issues, techniques, and implications across multiple computer platforms
Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams
Solid knowledge and understanding of security regulations and best practices such as the ISO 27000 family of standards.
Solid knowledge and understanding of systems development life cycle (SDLC).
Demonstrated experience translating business requirements into architectural deliverables and technical specifications
Demonstrated experience communicating technical information to business clients and less experienced technologists
CISSP, CISM or equivalent
Experience with CI/CD pipelines
Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, GCP)
Cloud Security Alliance (CCSP, CCSK) (ISC)2
Additional security certifications
Competencies:
Exceptional customer service skills
Excellent analytical, problem-solving, customer service, project management and communication skills
Goal-oriented
Proven track record of excellent decision making, integrity and working with Technology management, business professionals
Excellent oral and written communication skills, including technical and user documentation
Strong organizational skills
Ability to work independently and under high pressure with tight schedules and deadlines
Ability to interact well with all levels of business professionals
Excellent active listening skills
Flexible and patient with process development/execution and adherence to instruct project management practices
Capable of grasping new concepts quickly and without prior experience
Detail-oriented
Ability to multi-task and work in fast-paced environment
Ability to interact and coordinate with several teams to achieve objectives
Ability to solve problems independently and simultaneously, effectively managing multiple tasks
Professional demeanor at all times
Cooley offers a competitive compensation and excellent benefits package and is committed to fair and equitable employment practices. EOE.
The expected annual pay range for this position with a full-time schedule is $115,000 - $170,000. Please note that final offer amount will be dependent on geographic location applicable experience and skillset of the candidate. Senior level candidates may be considered for this position and would be eligible for a higher salary range based on experience.
We offer a full range of elective benefits including medical, health savings account (with applicable medical plan), dental, vision, health and/or dependent care flexible spending accounts, pre-tax commuter benefits, life insurance, AD&D, long-term care coverage, backup care for children and/or adults and other parental support benefits. In addition to elective benefit options, benefited employees receive firm-paid life insurance, AD&D, LTD, short term medical benefits as well as 21 days of Paid Time Off ("PTO") and 10 paid holidays each year. We provide generous parental leave and fertility benefits. New employees will attend a detailed benefit orientation to learn more about our many benefits and resources.