Loading...
Share this Job

Title:  Senior Cloud and Application Security Architect

Location: 

Research Triangle Park, NC, US, 27709

Requisition ID:  46162

 

Are you data-driven?  We at NetApp believe in the transformative power of data – to expand customer touchpoints, to foster greater innovation, and to optimize operations.  We are designed for simplicity, optimized to protect, created to embrace future opportunity, and open to enrich choice.  We are the data authority for hybrid cloud, and we are helping our customers realize the full potential of their data.

 

We’ve built a Data Fabric for a data-driven world – to simplify and integrate data management across the resources that are best for the business.  With the Data Fabric, our customers can harness the power of cloud data services, build cloud infrastructures, and modernize storage through data management.

Job Summary

The Cloud and Application Security Architect: provides technical governance to cloud product development and application security across the business. Responsible for determining security requirements, reviewing architectures, creating enterprise reference standards and performing risk assessments.  Accountable for security frameworks and adherence to industry best practices and standards. Works with application and infrastructure teams to ensure that policies and standards are integrated and applied appropriately across the environment.

The Architect is expected to have a thorough understanding of complex IT systems, experienced in enterprise systems integration and stay up to date with the latest security standards, emerging security technologies, as well as security best practices.
 

Job Requirements

Cloud:

  • Detailed knowledge in creating architectures (IaaS, SaaS, PaaS) for public, private and hybrid cloud services
  • Design experience with one or more public cloud service providers: AWS, Azure or Google
  • Demonstrated work in migration of traditional infrastructure and applications to cloud services
  • Through knowledge of cloud native security controls

Application:

  • Understanding of the secure software development lifecycle
  • Working knowledge of DevOps Security concepts for Continuous Integration/Continuous Delivery environments
  • Source Code Management (SCM) and related security strategies with demonstrated experience in SCM patterns
  • Prior experience as a developer is helpful but not required

General:

  • Interpret compliance and security requirements to design implementable and repeatable controls
  • Identify gaps in existing and proposed architectures and security controls and provide recommendations for risk resolution
  • A basic understanding of Enterprise Architecture and related principles
  • Working knowledge of risk assessments, configuration management, change control, and security baselines and frameworks (NIST CSF, NIST 800-171, CIS)
Job Responsibilities
  • As a subject matter expert, act as a leader with Security Engineering team members to support ongoing and long-term initiatives and projects
  • Contribute to creation and maintenance of Enterprise Information Security policies, reference architectures, and process documentation
  • Conduct reviews for projects related to infrastructure and general information security to ensure they meet requirements and target-state architectures
  • Participate in risk assessment activities as subject matter expert for infrastructure and general information security concerns
  • Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform and identifying integration issues
     
Skills

Cloud:

  • Experience developing security architectures in both traditional data center and public/private/hybrid cloud environments.
  • Working knowledge of cloud security industry best practices
  • 2+ years working with one or more cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid)
  • 2+ years direct experience designing and implementing security solutions for one or more leading cloud providers (AWS, Azure, Google Cloud Platform)

Application:

  • Working knowledge of DevOps Security concepts for Continuous Integration/Continuous Delivery environments
  • Expert knowledge of federated identity management, role and access management, and privileged administrative access best practices
  • Practical experience with Static Application Security Test (SAST), Dynamic Application Security Test (DAST), threat modeling, and Secure Development Lifecycle preferred
  • Vulnerability management experience with Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE), and Open Web Application Secure Project (OWASP)

General:

  • Working knowledge of risk assessments, configuration management, change control, and security baselines and frameworks (NIST CSF, NIST 800-171, CIS)
  • Agile practitioner a plus
  • Strong oral and written communication skills; including presentation skills
     
Education
  • Typically requires a minimum of 12 years of related experience with a bachelor’s degree; or 8 years and a master’s degree; or a PhD with 5 years’ experience; or equivalent experience.
  • Certifications such as CISSP, CCSP, or CISM are a plus.
  • The Open Group Certified Architect a plus.

 

So get ready to tap into the data visionary within, and join us as we accelerate digital transformation and empower our customers to change the world with data!

 

If you ask a NetApp employee why they work here, the answer is inevitably the same: the people. At NetApp, our culture is at the heart of what we do. We place importance in trust, integrity, teamwork, and caring above all else. NetApp is a place where people are empowered to make a difference. Empowered to innovate. Empowered to collaborate. Empowered to help ourselves and others be data-driven and change the world. We take care of each other, our customers, our partners, and our communities simply because it’s the right thing to do.

 

We work hard but also recognize the importance of work-life balance for our employees because what’s important to them is important to us!  Recently we implemented Family First, which encourages employees to take paid time off to bond with a new child (through birth or adoption) or to care for a family member with a serious health condition.  Our volunteer time off program is best in class, offering employees 40 hours of paid time off per year to donate their time with their favorite organizations.  We provide comprehensive medical, dental, wellness and vision plans for you and your family.  We offer educational assistance, legal services, and access to discounts and fitness centers. We also offer financial savings programs to help you plan for your future.  

 

Join us and see what empowerment can do. 

 

 

Equal Opportunity Employer Minorities/Women/Vets/Disabled