Job Description :
Title: Security Solution Architect
Location: Reston, VA
Duration: 6 Months


Description:
The Security Solution Architect will work with product and InfoSec team to assess the security requirements for projects/ products, develop solution architecture around application and information security, and ensure security control and solution in place throughout software Development lifecycle.
This position requires a BA/BS in Computer Science or equivalent experience, and more than 15 years professional software development and solution architecture experience, including 5 years’ enterprise security integration architecture experience with EIAM, API Security, SIEM, Data Masking, Data Encryption, Database Activity Monitoring, etc.


Specific requirements include, but not limited to:

Key Responsibilities:
- Partner with stakeholders from the business segment globally on all the projects and initiatives to apply security requirements for projects/ products, develop security solution architecture, support detailed design, and providing support to help integrate security controls during solution deployment
- Develop the security integration architecture for a broader scope of projects, working closely with product architects, platform architects and other solution architects to ensure security solution is integrated with all applications, solutions and platforms.
- Support the security solution implementation of InfoSec initiatives across a group of specific business applications or technologies ensure the confidentiality, integrity and availability of the information is protected.


Requirements:
- Strong white-boarding and Solutions Architecture experience
- Proven strong technical architecture design background
- Strong analytical skills and deep security subject matter expertise across platforms
- Hands-on experience in implementing security controls, using InfoSec technologies including, but not limited to Identity and Access Management tools, APIM, and Agile, DevOps & DevSecOps delivery methodologies
- Hands-on experience in implementing Spring security & Kerberos
- Hands-on experience in implementing Federated SAML-based SSO & OAuth
- Good understanding or solution integration experience across various security domains, which include:

Perimeter network security: firewall, IDS/ IPS, WAF, DDoS mitigation, etc
Data security: encryption, key management, data masking, etc
Identity & Access Management: User authentication/ authorization, de-provisioning, access review, etc
Privileged access management: password vaulting, session management, access review, etc
Application & Integration security: Secure SDLC, static/ dynamic testing, web service/ API security, etc
Server and endpoint security: Anti-malware, Host IPS, Host Firewall, File Integrity Monitoring, etc
Logging/ monitoring, Database Access Monitoring, SIEM integration and Incident Response


A big plus to have:
- Certifications such as TOGAF, CISSP, CISSP-ISSAP, etc
- Experience with Cloud and mobile application security
- Mainframe zOS Security