Senior Manager, IT Security Architecture in Herndon, VA at Constellis

Date Posted: 11/9/2020

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    Herndon, VA
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    11/9/2020

Job Description


WHY CONSTELLIS?


Are you ready for your next adventure? From down range to corporate positions around the world, we provide you with opportunities to grow your career while helping to make the world more secure.


Constellis provides opportunities across every major continent for individuals who want to build successful careers in a fast-paced, growing industry. Legal, moral and ethical business practices remain at the cornerstone of our culture and Constellis continues to be recognized for our emphasis on quality and compliance. This strong track-record of performance is supported by our deep relationships with our government and commercial customers. Our employees worldwide, the majority of whom are military or law enforcement veterans, have ambition and passion for creating a safer world. Join us to Secure Success!


RESPONSIBILITIES


The Senior Manager, IT Security Architecture will be responsible for the management of security architecture activities, including crafting and updating security architectures and associated implementation patterns. The Senior Manager, Security Architecture will also be responsible for the Secure Development Life Cycle for solutions developed by the organization. This includes the implementation of and continuous management of the secure SDLC, Static and Dynamic Application Security Testing. Additionally, they will lead all aspects of the operational activities related to the ongoing design and deployment of security solutions, as well as the management and assignment of security architecture resources.



  • Design security models, specify security functions and identify components with which to implement and integrate security features into new and existing enterprise technology infrastructure and business applications

  • Document user and business requirements for system confidentiality, integrity, and availability. Use these requirements to develop high-level security specifications using security models, implementation targets, and protection profiles

  • Define security features required to support security model specifications

  • Develop security performance specification and security validation plan, to include metrics for verification of correct implementation and validation of security effectiveness

  • Evaluate enterprise and application security design alternatives, including but not limited to control enforcement capability, ease of use, and cost

  • Identify tasks required to integrate system security features into existing infrastructure and applications without detriment to system performance

  • Review security performance metrics and make architecture or engineering adjustments as required to maintain security policy compliance

  • Conduct thorough post-mortems of all security incidents and engage non-security technology teams where appropriate

  • Proactively anticipate security threats and identify areas of weakness in enterprise technology infrastructure and business applications

  • Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies and meet external compliance/regulatory requirements

  • Perform threat modeling, conduct reviews of security architecture and platform/service designs, and audit source code

  • Drive open innovation in product security best practices through industry collaboration

  • Provide product security related coaching and mentoring to elevate the security expertise of development teams

  • Other duties as assigned


QUALIFICATIONS



  • Bachelor's Degree required. Three additional years of related experience beyond the minimum required may be substituted in lieu of a degree

  • Minimum of 5-8 years of Information Security experience, with 2 years in a leadership role

  • Security certifications: CRISC, GSEC, CISA, CISM, CISSP, or willingness to obtain within 9 months of start date

  • Knowledge of Azure's native security tools (knowledge of AWS, GCP and OCI native security tools is a plus)

  • Good working knowledge of NIST security standards and security best practices

  • Experience building secure software based on frameworks such as OWASP and SANS (CWE, OpenSAMM, and BSIMM experience is a plus)

  • Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing, etc.

  • Experience with methodologies and tools, for threat analysis of complex systems, such as threat modeling and software fuzzing

  • Hands-on experience with technology tools and technologies that are commonly used to implement security features

  • Experience with tools and techniques used by attackers to breach system security

  • Successful experience in designing systems that enforce security principles such as least privilege, non-repudiation, separation of privilege, and fail-safe defaults

  • Solid understanding of information technology inventory, and associated network security protocols, cryptography, identification, authentication, authorization, detection, reliability, failover, and forensics technologies

  • Excellent written and verbal communication skills, including the ability to break down complicated operations into simple steps and the ability to documents security requirements in terms of systems design specifications

  • Knowledge of developer tools and environments, project management and bug tracking systems


PREFERRED



  • Security+

  • Certified Ethical Hacker (CEH)

  • GIAC Certified Incident Handler (GCIH)

  • Experience with Security Architecture best practices and solutions


ABOUT CONSTELLIS


Constellis protects critical priorities safely and efficiently around the world. Operating in 40 countries and based in the Washington D.C. area, our 22,000 Constellis employees bring unparalleled dedication and passion for creating a safer world and upholding the highest standards of compliance, quality and integrity. As a leading global provider of risk management, security, humanitarian, training and operational support services to government and commercial customers worldwide, Constellis' forward-thinking solutions include a range of synergistic services, including background investigations, social intelligence tools, advanced training, logistics and life support, UAV and K9 services, and crisis response mitigation. At Constellis, our number one priority is to secure success for our customers. For more information, visit www.constellis.com


BENEFITS


Constellis offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects its commitment to creating a diverse and supportive workplace.



  • Medical, Vision & Dental Insurance

  • Paid Time-Off Program & Company Paid Holidays

  • 401(k) Retirement Plan

  • Insurance: Basic Life & Supplemental Life

  • Health & Dependent Care Flexible Spending Accounts

  • Short-Term & Long-Term Disability

  • Personal Development & Learning Opportunities

  • On-the-job Training, Skills Development & Certifications

  • Employee Referral Program

  • Corporate Sponsored Events & Community Outreach


WORKING CONDITIONS


Work is typically based in a busy office environment and subject to frequent interruptions. Business work hours are Monday-Friday from 8:00 am to 5:00 pm, however some extended or weekend hours may be required.


PHYSICAL REQUIREMENTS


May be required to lift and carry awkward items weighing up to 25 lbs. Requires intermittent standing, walking, sitting, squatting, stretching and bending throughout the workday.