Design, build and implement enterprise-class security systems for both on premise and cloud environments. Align standards, frameworks and security solutions with the overall business and technology strategy. Identify and communicate current and emerging security threats to the technology and security organizations within Magic Leap. Design security elements to mitigate threats as they emerge while maintaining key business processes and operational readiness. Create solutions that balance business requirements with information, cyber security, and compliance requirements. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements where needed.
Essential Job Functions
- Establishes a strategic security architecture vision, including standards and frameworks that are aligned with the overall business and IT strategies
- Acts as information security subject matter expert; provides advisory and consulting services to business, IT departments and IS management
- Works closely with other architects and lead developers to enhance the security posture of new and existing systems
- Works to design security architecture, evaluate risk posed to the organization from and ultimately approve the implementation of systems and applications into the environment
- Continuously assess the state of the information security program using frameworks such as NIST Cybersecurity Framework to identify gaps and works with appropriate stakeholders to remediate deficiencies
- Participates in the development of information security strategies, roadmaps, policies and standards
- Ensures systems and applications are implemented with appropriate controls to meet regulatory requirements (SOX, HIPAA, GDPR, etc.) as well as other organizational compliance requirements
- Tracks metrics for compliance to IS standards by application and system owners
- Develops and mentor IS team members
Experience and Skills
- 8+ years of experience working in security architecture, operations, design, or development across multiple security domains
- Strong network security experience including firewalls, IDS/IPS, WAFs, DNS, communication protocols and NAC technologies for both on-premise and cloud environments
- Strong Application Security Experience, specifically secure SDLC processes, application penetration testing and other supporting technologies
- Working knowledge of encryption concepts and implementation methods
- Knowledge of remote access technologies and implementation best practices
- BS/BA in a related discipline (i.e., Computer Science, Information Systems, Engineering, Business, etc.); and/or 8 years of experience in related field
- Experience with cloud security architecture principals, specifically within the AWS, and GCP platforms.
All your information will be kept confidential according to Equal Employment Opportunities guidelines.