Atos is a global leader in digital transformation with approximately 100,000 employees in 73 countries and annual revenue of around ? 13 bil...
Atos is a global leader in digital transformation with approximately 100,000 employees in 73 countries and annual revenue of around ? 13 billion.
European number one in Big Data, Cybersecurity, High Performance Computing and Digital Workplace, the Group provides Cloud services, Infrastructure & Data Management, Business & Platform solutions, as well as transactional services through Worldline, the European leader in the payment industry. With its cutting-edge technologies, digital expertise and industry knowledge, Atos supports the digital transformation of its clients across various business sectors: Defense, Financial Services, Health, Manufacturing, Media, Energy & Utilities, Public sector, Retail, Telecommunications and Transportation. The Group is the Worldwide Information Technology Partner for the Olympic & Paralympic Games and operates under the brands Atos, Atos Consulting, Atos Worldgrid, Bull, Canopy, Unify and Worldline. Atos SE (Societas Europaea) is listed on the CAC40 Paris stock index.
Senior Security Engineer/Architect
What you'll be doing:
The Security Architect is a subject matter expert in Information Security and is responsible for the design, implementation, and effective and efficient maintenance of related technologies. The Security Architect is responsible for leading design, implementation, and troubleshooting efforts and is directly accountable for the results.
* Exceptional communication skills with diverse audiences, including facilitation, negotiation and presentation skills
* The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
* Strong critical thinking, analytical skills and attention to detail
* High quality execution in consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements
* Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments, and provide technical guidance to a security team
* Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
Control Design and Execution
* Maintain the security of a company's technology environment by planning comprehensive (complex) control design to mitigate threats while balanced with company's risk appetite and provide assurance it works
* Create solutions that balance business requirements with information and cyber security requirements
* Assess, establish and monitor countermeasures that protect, detect and/or deter when an unauthorized attempt occurs
* Must constantly stay current on the latest development with security controls, solutions, frameworks, technology trends and hacking threats and methods
* Must have/gain a thorough understanding of the company's technology environment, understand the weak points and make recommendations to improve
* Anticipate the moves and tactics that hackers will use to try and gain unauthorized access
* Align applicable laws, regulations, standards, frameworks and security with overall business and technology strategy
Project and Operations Management
* Ability to define a plan, prioritize activities, and identify integration and risk issues
* Identify scope, duration/time, resource needs and prepare cost estimates
* Familiar with Agile project management methodology
* Understanding of DevOps and Security DevOps
* Intimate knowledge of security solutions to be able to update and upgrade as needed, such as LogRythm, Tenable, Bromium, Tanium, RSA, CyberArk, Bladelogic, Guardium, Veronis, and Websense/ForcePoint Data Leakage Prevention (DLP)
* Familiar with emerging technology and the effect on designing security controls, such as Blockchain, Artificial Intelligence, Machine Language, Robotics, Mobile, Cloud (public, private and hybrid for Infrastructure as a Service (IAAS, Amazon Web Services (AWS) or Microsoft Azure), Platform as a Service (PAAS), Software as a Service (SAAS)
* Perform vulnerability testing, risk analyses and security assessments
* Research security standards, security systems and authentication protocols
* Understanding of network protocols and ability to develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
* Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
* Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers
* Test final security structures and control designs to ensure they operated as expected
* Assist in the response of security-related incidents and provide a thorough post-event analysis
* Identify and communicate current and emerging security threats
* Security considerations of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks
* Networking, Windows, UNIX and mainframe
* Identity and access management (IAM) - the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources
* Understand programming language and technologies to write code, complete programming and performs testing and debugging of applications
* Java/J2EE, C#, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle.
* Relevant National Institute of Standards and Technology (NIST) standards.
* ISO27001 - specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization's risk management
* Control Objectives for Information and Related Technologies (COBIT)
* Committee of Sponsoring Organizations (COSO) of the Treadway Commission, a joint initiative to combat corporate fraud
* Bachelor's degree or equivalent experience in a related technical field. Master's degree or equivalent preferred.
* Ten or more (10+) years of related Information Technology with a minimum of six (6+) years of Information Security-specific experience.
* CISSP preferred.
* Considered subject matter expert in the area.
* Strong knowledge of multiple technologies, platforms, and programming languages.
* Solid understanding of Systems Development Life Cycle models.
* Strong analytical, problem solving and organizational skills.
* Demonstrated financial skills.
* Proven ability to manage complex projects and related resources efficiently and to meet all project objectives.
* Demonstrated ability to work effectively with employees at all organizational levels through well-honed interpersonal, communication, negotiation, presentation and relationship-building skills.
* Certified Information Systems Security Professional (CISSP)
* Certified Information Security Manager (CISM)
* Certified Information Systems Auditor (CISA)
* Information Systems Security Architecture Professional (ISSAP)
* Information Systems Security Engineering Professional (ISSEP)
* SANS-related certifications Education requirements can vary, but most require a BA or BS in information security, engineering, mathematics, or related area. A Master's degree in an IT field is a plus, and a Master's in cybersecurity is an even bigger plus.
Industry related certification:
* Series 99 (required within x months of hire date)
If you're a Sr. Security Engineer and/or Security Architect, please keep reading!