• Exceptional knowledge and familiarity with Data
• Architecture, Identify ecosystem, and Zero Trust model Deep technology expertise in infrastructure, applications, and security
• Innovator mindset ability to invent/partner/build/inspire
• Viewed as a security and technology thought leader
• Develop, curate, and improve application security detections (static and dynamic) to identify vulnerabilities at scale
• Evaluate and recommend new security testing tools
• Perform static and dynamic application security assessments to ensure the highest quality standard for detection rule sets
• Risk assessment and Threat Modeling
• Develop, enhance, and interpret security standards and guidance
• Support and evolve HackerOne bug bounty program

Skills: Data Architecture, Zero Trust Model, Security Leadership, Vulnerability Detection, Security Tool Evaluation, Application Security Assessment, Risk Assessment, Bug Bounty Support

• Optimize product/system security by creating and reviewing software architecture and detailed design solutions that reflect best practices.
• Identify and implement software improvements needed to effectively protect against and respond to known and emerging security threats.
• Perform threat modeling of complex system of systems and provide mitigatory strategies for reducing cybersecurity risk
• Communicate with the other engineering personnel to coordinate interrelated security solutions and assure project completion.
• Write cybersecurity requirements, design and risk management documentation
• Perform vulnerability management, vulnerability intake, and be able to understand and report on emerging cybersecurity threats and vulnerabilities to a cross-functional team
• Interact with regulatory authorities and auditors, write technical explanations of cybersecurity features and controls for regulatory submissions
• Bringing professional skills into play in collaboration with lab colleagues and in interdisciplinary projects.
• Collaborate with business partners in research as well as contribute to the team in larger and multi-annual projects from e.g., the Danish Industry Foundation and the Innovation Fund Denmark.
• Advice and assignment work for commercial customers with highly varying content.

Skills: Security Optimization, Threat Modeling, Vulnerability Management, Risk Management, Documentation Writing, Regulatory Interaction, Interdisciplinary Collaboration, Customer Advisory

• Provide cyber-security architecture and design for major client projects working in collaboration with peers and align standards, frameworks with technology strategy.
• Identify and design security architecture elements to mitigate threats as they emerge.
• Create solutions that balance business requirements with information and cyber security requirements.
• Technical documentation and knowledge transfer internally and externally.
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Demonstrate solutions delivery within consulting and proactively identify areas for improvement and make recommendations.
• Train users in implementation or conversion of systems.
• Participate in the preparation of security design documentation and create implementation instructions to support cyber program deployments.
• Performing threat modelling, risk and vulnerability assessments
• Evaluate and identify security tools and services
• Participate in designing secure architecture

Skills: Security Architecture, Threat Mitigation, Solution Design, Technical Documentation, Design Gap Analysis, Solutions Delivery, User Training, Risk Assessment

• Provide security guidance on a constant stream of new products and technologies
• Interact directly with the security community regarding vulnerabilities and threats
• Analyze, assess, and respond to various internet threats
• Conduct regular security assessments
• Lead application security reviews and threat modeling, including code review and dynamic testing
• Lead in development of automated security testing to validate that secure coding best practices are being used
• Act as a trusted advisor to engineering teams, providing practical advice on secure design, coding and testing with a focus on cloud technologies, practices and processes
• Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area
• Correlate information from a variety of tools and engineering processes to identify security insights, and opportunities to increase resiliency from a wide range of attacks
• Establish security requirements for cloud-based solutions by evaluating business strategies and requirements
• Provide domain expertise in container security and public cloud technology

Skills: Security Guidance, Threat Analysis, Security Assessments, Application Security, Automated Testing, Secure Design, Vulnerability Management, Container Security

• Design technical control standards for a variety of information systems based on industry best practices and guidelines (e.g., NIST CSF, CSA, CIS, OWASP)
• Define and document requirements for secure operations across the entire delivery ecosystem: internal data center, secure perimeter, public cloud, software-as-a-service, vendor hosted, public and private endpoints, etc.
• Recommend specific control sets to mitigate inherent risk identified through cybersecurity risk assessments. 
• Provide technical expertise to guide security risk assessments 
• Oversee the enhancement and maintenance of the bank’s secure software delivery lifecycle, including all aspects of secure coding practices, integration of security principles and practices into DevOps/DevSecOps, etc.
• Coordinate with Cyber Threat Intelligence and Cybersecurity Operations to ensure cybersecurity control design is richly informed by current threat intelligence and incident response
• Prepare and present accurate and timely information in response to audits and regulatory exams
• Institute a proactive culture to align activities and measurement with internal policy and regulatory requirements

Skills: Technical Control Standards, Secure Operations, Risk Mitigation, Security Expertise, Software Delivery Lifecycle, Threat Intelligence Coordination, Audit Preparation, Proactive Culture Development

• Establish technical and administrative standards through the development of policy, procedure and best practices
• Embrace Infrastructure-as-Code, and use Continuous Integration / Continuous Delivery Pipelines to run the full cloud service lifecycle from the release of cloud service offerings into production through the retirement thereof
• Develop strategies to address evolving technology security needs and issues and guide teams towards a secure infrastructure that meets legal, regulatory, and client compliance requirements, as well as service and operational level agreements
• Work closely with network, security and application engineers to collaborate on secure solutions
• Ensure all security solutions, architecture design and analysis work is documented in a structured fashion
• Work closely with peers in Security Operations and Security Compliance to ensure security reviews regarding information security technologies provide feasible requirements and are consistent with contracts and regulations
• Monitor information security news and keep abreast of events, research, and developments
• Assist senior management in defining overall information security strategy
• Design in-house solutions for maintaining security posture
• Proactively remain abreast of related evaluating technology trends and requirements such as emerging standards for new technology opportunities
• Mentor and/or train operational staff and contractors on security tools, processes, and procedures.
• Assessing the security maturity of the client’s organizations.
• Advising the clients on the appropriate measures they should take to protect their Operational Technology assets.
• Preparing roadmaps to show how the clients should develop their security capabilities over some time.
• Planning activities and preparing documentations to ensure clients can conform to regulatory requirements

Skills: Policy Development, Infrastructure-as-Code, Security Strategy, Collaboration, Documentation, Security Compliance, Mentoring, Security Assessment

• Provide technical leadership for team members and colleagues to enable effective and timely delivery of security designs, solutions, tools, practices, and processes across the enterprise.
• Facilitate effective design, development and delivery of technical security solutions that consistently meet industry standards and user requirements
• Plan, oversee and participated in projects related to all security disciplines, including, policy, procedures compliance, governance, architecture, applications, networks, and systems
• Perform analysis of systems to understand limitations and weaknesses, identify cybersecurity challenges, inefficiencies, and opportunities for improvements
• Stay current on industry developments to identify emerging security technologies, risks and trends to ensure the systems keep pace with security technology and risk landscape evolution
• Partner with and coach product owners, developers, IT, and business teams to instill security processes and practices from planning, through to deployment of Compass Group technologies, services, and products
• Experience and technical familiarity with the following data privacy and information security global compliance frameworks: PCI-DSS, SOC 2, GDPR, CCPA, ISO 27001
• Define and lead the strategy and roadmap to remediate existing technologies against an auditable set of security control
• Design and develop enterprise security services
• Design remediations for enterprise risks in areas such as network connectivity, application data flow, emerging technologies and business processes
• Drive the security assessment and definition process
• Define the high-level security architecture that achieves the required functional objectives while ensuring protection and monitoring, leveraging best-in-class cybersecurity concepts and solutions
• Lead the architecture deployment across the organization, in close cooperation with other architects working on sub-systems
• Review security and penetration tests, participate in code reviews

Skills: Technical Leadership, Security Solution Development, Project Management, System Analysis, Industry Awareness, Security Process Coaching, Compliance Framework Familiarity, Security Architecture Design

• Scheduling of security activities in project planning and budgeting in coordination with the Project Manager
• Review of project documentation and identification of security aspects and risks
• Assessment of identified security risks
• Follow-up of rectification measures
• Consultation in security issues in project and line
• Design of countermeasures for identified security risks
• Selection and assignment of external service provider for support
• Creation and further development of security concepts in the project including security requirements
• Notification of identified security risks and improvement suggestions to Project Managers, line area & Security Officers
• Checking and testing implementation and security acceptance
• Assignment of security final acceptance through independently conducted PenTest
• Creation of risk assessment based on security vulnerability report
• Concluding risk assessment, where applicable with a compilation of the Risk Acceptance Agreement
• Specify state-of-the-art security controls in collaboration with experts and suppliers
• Monitor industry evolution to ensure that GM's vehicles and cloud services remain secure and protected against the newest threats, and to drive the adoption of new security technologies

Skills: Security Activity Scheduling, Project Documentation Review, Security Risk Assessment, Rectification Follow-up, Security Consultation, Countermeasure Design, External Provider Selection, Risk Assessment Creation

• Support the software engineering life-cycle for a broad range of software and hardware data collection components
• Requirements analysis, design, development, test, and implementation.
• Recommend new technologies based on customer requirements
• Develop system architectures and designs to support SOC
• Support Solution Consultants with customer bids
• Develop tools/processes to defend the business and its customers from attacks
• Research Threats and Vulnerabilities related to the business and its systems
• Provide 3rd line support to the Cyber Engineering team
• Defining effective security strategies that recommend controls and solutions that support business objectives
• Developing and proposing secure design solutions that are technically fit for purpose, supportable, provide value for money, while improving the security posture for various customers
• Providing technical guidance and oversight to project teams and squads comprising other technical subject matter experts, technical / solutions architects, and 3rd party specialists
• Project resource and materials budget estimation for project planning and business case creation.
• Ensure projects take account of key risks, and security obligations and look to integrate supporting technologies & application

Skills: Software Engineering Support, Requirements Analysis, Technology Recommendation, System Architecture Development, Threat Research, 3rd Line Support, Security Strategy Definition, Budget Estimation

• Develop and maintain High- and Low-Level design documents including Reference Architectures, Security Configuration Standards, and Solution Diagrams.
• Ensure all designs align with Company Information Security requirements, Policies, and Standards to help ensure the delivery of secure solutions
• Analyse business processes, environments and applications to identify areas of security risk and develop secure controls and solutions to address them.
• Develop technology visions and strategies that support and enhance business strategy
• Understand security and technology trends and the practical application of existing, new, and emerging technologies to enable new and evolving business and operating models.
• Perform vendor evaluations and participate in proof-of-concept validations to further ensure designs and recommendations will achieve the required objectives.
• Work with implementation and operational teams to ensure a thorough understanding of the security controls to be implemented.
• Consult with application and infrastructure development projects to build security into broader enterprise applications and processes.
• Understand secure solutions and technology with enough depth to identify specific secure settings to achieve compliance with designs and standards.
• Develop, communicate, and deploy Enterprise Architecture processes, reference architectures, technical standards/strategies and blueprints and patterns.
• Establish strong working relationships with other enterprise Architects and Business Information Security teams.
• Maintain in-depth knowledge of the organization’s technologies and architectures
• Review of risk analysis and pen testing
• Development of end-to-end security standards and best practice
• Investigation of relevant technological innovation in the field of IT security for connected cars

Skills: High- and Low-Level Design Documentation, Security Standards Compliance, Business Process Analysis, Technology Vision Development, Vendor Evaluations, Implementation Support, Enterprise Architecture Processes, Risk Analysis Review

• Design technical control standards for a variety of information systems based on industry best practices and guidelines (e.g., NIST CSF, CSA, CIS, OWASP)
• Define and document requirements for secure operations across the entire delivery ecosystem: internal data center, secure perimeter, public cloud, software-as-a-service, vendor-hosted, public and private endpoints, etc.
• Recommend specific control sets to mitigate the inherent risk identified through cybersecurity risk assessments.
• Provide technical expertise to guide security risk assessments
• Oversee the enhancement and maintenance of the bank’s secure software delivery lifecycle, including all aspects of secure coding practices, integration of security principles and practices into DevOps/DevSecOps, etc.
• Coordinate with Cyber Threat Intelligence and Cybersecurity Operations to ensure cybersecurity control design is richly informed by current threat intelligence and incident response
• Prepare and present accurate and timely information in response to audits and regulatory exams
• Institute a proactive culture to align activities and measurement with internal policy and regulatory requirements
• Drive the design, build, implementation, and compliance monitoring of security controls for enterprise infrastructure and applications, for on-prem and cloud deployments
• Participate in technical discussions for enterprise network and application systems and prioritize security controls using a risk-based approach
• Analyze, design, and develop a security roadmap and implementation plan based upon a current vs. future state in a cohesive architecture viewpoint
• Identify security gaps in existing and proposed architectures and recommend changes
• Write technical standards documents around network and enterprise security
• Review and/or analyze and develop architectural requirements at the domain level within multiple product portfolios or teams
• Lead the research and evaluation of emerging technology, tools, industry, and market trends to assist in project development and/or operational support activities

Skills: Technical Standards Design, Secure Operations Documentation, Risk Assessment, Secure Software Lifecycle, Threat Intelligence Coordination, Compliance Monitoring, Security Roadmap, Architectural Review

• Write requirements, design specifications and test plans for embedded and cloud components
• Analyse threats & vulnerabilities and perform Risk assessments on security mechanisms
• Development of IT security solutions for vehicles
• Implementation of state-of-the-art security controls in collaboration with top engineers
• Leads the analysis and documentation of the current “As Is” situation and the translation of the business and operation requirements to define the future “To Be” situation regarding security systems and processes.
• Directs and assists in the maintenance and operations of the Security infrastructure equipment and tools within the organization.
• Collaborates with IT Project Managers, Stakeholders, and other IT team members for the definition of the complete impact on the Security Solutions
• Budget & planning and the provisioning of the solution by the project to guarantee a successful roll-out and to maintain operational stability from the digital platforms as the main priority objective.
• Makes recommendations to IT and business management to guarantee the best possible use of IT infrastructure solutions and their associated governance tools.
• Actively maintain relationships with service providers and vendors to evaluate the company’s operational performance metrics from a Cyber Security perspective
• Develop and maintain cybersecurity knowledge regarding software and best practices to strengthen the overall credibility of the services provided.
• Support POC/demos and present security solutions to client (Internal and external).
• Work with internal and external partners to understand product requirements and provide consulting/guidance on security architecture and security controls.
• Guide various product experts regarding the security solution in general and cloud-related.

Skills: Requirements Writing, Threat Analysis, IT Security Solutions Development, Security Infrastructure Maintenance, Stakeholder Collaboration, Budgeting and Planning, Vendor Management, Security Architecture Consulting

• Be a trusted security advisor to product and application teams for cyber security.
• Lead the security aspects of the product design throughout a project.
• Perform security design reviews and threat modeling for infrastructure and application-related projects.
• Analyze and evaluate cloud security trends, vulnerabilities and provide ongoing feedback to product management about the delivery of best practices.
• Maintain deep knowledge of Cloud-related solutions on every level IaaS, PaaS and SaaS, Containers, and other virtualization technologies and its related security trends.
• Be a part of engineering teams' product incremental planning.
• Collaborating, and designing security architecture solutions for 3M globally
• Serving as the senior internal information security consultant for major corporate initiatives, and other prioritized 3M special projects
• Threat modeling, ensuring that 3M’s layered security architecture approach effectively defends against current and evolving threats for functional (i.e. application requirements) and non-functional attack scenarios.
• Leading requirement gathering, planning and use of cloud-delivered Security as a Service and Secure Access Service Edge (e.g. SWG, ZTNA, CASB, IDaaS, FWaaS).
• Modernizing architecture designs in all network security technologies, including NGFW, VPNs, NTA, SSL/TLS tooling, IDS/IPS, WAF, NAC, PCAP, Proxy, DLP, etc.
• Accessing and improving designs in tokenization, anonymization, threat/malware intelligence feeds, GRC services and related governance.
• Facilitating security technologies alignment between the information security team, and other diverse technical 3M groups to include R&D and other corporate labs and stakeholders.
• Securing modern DevOps/DevSecOps process through automation, toward integrate security directly into Infra as Code.
• Progressing security architecture designs in SDN (incl. cloud networking), NV (e.g. VLAN), SaaS Gateways, and ICS (industrial control system) security needs and considerations.

Skills: Cyber Security Advisory, Security Design Reviews, Cloud Security Analysis, Threat Modeling, Security Architecture Collaboration, Requirement Gathering, Network Security Modernization, DevSecOps Automation

• Research, analyze, understand and test emerging & innovative security solutions and industry trends around Multi-Cloud Security & IAM.
• Support in the definition of new multi-cloud & IAM security strategy, architecture, and solutions
• Able to formulate and present this multi-cloud & IAM security strategy, architecture, and solutions to the various IT Stakeholders.
• Define the key security architecture requirements and use cases for multi-cloud & IAM security solutions
• Work in close collaboration with other key stakeholders across Nokia’s IT organization and the key suppliers (HCL, Microsoft, Amazon, Google,…) to ensure these new solutions are “secure by design”
• Support the Multi-Cloud & IAM Security (Strategy) Projects during User Acceptance Testing & validation testing
• Provide feedback to suppliers and propose actions to mitigate any solution shortcomings
• Acquire the necessary skills and hands-on competencies to technically understand solutions, and define the required security capabilities with a focus on Multi-Cloud & IAM Security domain.
• Work in close collaboration with IT/Security SMEs to ensure in-time, in-scope & in-budget delivery
• Be part of the Project Core Teams for these Multi-Cloud & IAM Security Projects
• Be the contact point for the broader Nokia IT Community on Multi-Cloud & IAM Security (Strategy) topics based upon the expertise and experience and/or interface with other Security Architects
• Support peers when being consulted about the Multi-cloud & IAM Security (Strategy) Solutions
• Perform specific security activities autonomously, which can result into follow-up actions by other teams.
• Ensuring the effectiveness of Identity and Access Management (B2E, B2B, B2C) technologies, improving PAM, PKI, secret management, supporting pre-runtime services Workflow, GRC, (de)provisioning, connector types, and integration patterns

Skills: Multi-Cloud Security, IAM Solutions, Stakeholder Engagement, Security Architecture, User Testing, Risk Mitigation, Identity Management, Technical Collaboration

• Maintain the local Security Reference Architecture taking into account Vodafone assets, Enterprise Architecture, security policies, standards and best practices, the Cyber Security Baseline, threat models, risk assessments, contractual and legal requirements
• Provide Security assurance, guidance and support for projects and change requests
• Develop the Security Testing Strategy and Security Testing Plans across multiple projects being delivered in a release or across multiple work-streams in a program
• Act as an internal security consultant to advise or influence business and technical partners 
• Build productive working relationships and collaborate with the wider Technology team and the relevant business units to identify the right Security Architecture and controls for new solutions, products and modules
• Represent Technology Security during project sizing sessions and gate reviews
• Provide high-level (VROM) estimates of effort (time & cost)
• Ensure estimates and security testing and acceptance criteria are agreed upon, documented, and met
• Identify, prioritize, design, test, and report on the security controls required to bring the identified security risks within the accepted risk tolerance
• Work closely with project resources (architects, developers, testers, Operations) at a technical level to assist with the effective mitigation of security risks
• Verify vendor mitigation plans in terms of alignment with the local Security Reference Architecture, coverage, efficiency, dependencies and implementation schedule
• Develop the resourcing plans for security testing and mitigation, including the allocation of vendor, contractor and Vodafone resources
• Ensure a consistent approach and manage security interdependencies across multiple projects and work streams
• Ensure security testing and mitigation reports for program boards and steering committees follow the agreed format and are delivered on time, escalate security risks
• Provide architectural guidance for secure software development, integration and testing
• Act as the escalation point for security assessments and testing
• Review project changes that impact the security assessment or testing

Skills: Security Reference Architecture, Security Assurance, Security Testing Strategy, Internal Security Consultancy, Risk Assessment, Security Controls Design, Vendor Management, Secure Software Development

• Experience in the systems and applications security architecture design.
• Strong knowledge of network and application security architecture and operating systems.
• Strong Knowledge of networking, including firewalls, VPN, routing, switching.
• Strong Knowledge of how to secure systems (application and infrastructure).
• Able to write clear and consumable security documentation.
• Advanced level of English.
• Strong knowledge of the Secure Software Development Life Cycle 
• Knowledge of the following programming languages: C#, Java 
• IT Security Professional certification is highly desired (CISSP, SANS/GIAC or equivalent).
• Good command of German or French

Qualifications: BS in Computer Science with 2 years of Experience

• Broad understanding of Cybersecurity architecture and associated technologies (e.g. endpoint security, network security, Cloud security, IAM, etc.)
• Understands change management & Service management best practices with experience supporting global customers
• Understanding of Cloud security architecture, particularly with AWS and/or Azure
• Network security design experience
• Strong data protection/data security architecture experience
• Knowledge of the Department of Defense’s T&E infrastructure, capabilities, requirements, and workforce
• Knowledge of the Department of Defense’s Acquisition system and a complete understanding of developmental and operational testing
• Outstanding interpersonal skills and professional appearance and countenance
• Excellent communication skills
• Ability to provide persuasive arguments to support position
• Comfortable interacting with high-level individuals

Qualifications: BS in Software Engineering with 4 years of Experience

• Demonstrated progressively responsible experience in leading an engineering team with emphasis on managing all engineering, design, implementation, operations and maintenance and deployment activities
• Possess a strong understanding of customer IT infrastructure and inter-relationships of the following: network, storage, backup systems, server platforms, middleware, applications, and desktops
• Experience researching commercial IT products and evaluating against technical requirements
• Experience in identifying security issues and risks, and developing mitigation plans
• Excellent problem-solving skills
• Excellent verbal and written communication skills
• Experience with embedded systems, from both an HW and SW perspective, including topics like microcontrollers, HSMs, secure boot, access control, exploit mitigation techniques, etc.
• Experience with cryptography algorithms and secure protocols
• Experience with security threat and risk analysis
• Excellent written and verbal communication in English as well as strong and effective communication skills

Qualifications: BS in Cybersecurity with 3 years of Experience

• Experience in information security and IT risk management
• Extensive experience in information security and/or IT risk management with a focus on security, performance and reliability
• Solid understanding of security protocols, cryptography, authentication, authorization and security
• Good working knowledge of current IT risks and experience implementing security solutions
• Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
• Ability to interact with a broad cross-section of personnel to explain and enforce security measures
• Excellent written and verbal communication skills
• Advanced IT security certifications 
• A strong working knowledge of current IT risks, security implementations, and computer operating and software programs

Qualifications: BS in Information Technology with 7 years of Experience

• Experience at infrastructure software companies or global systems integrators/managed service providers.
• Experience in cybersecurity solution architecture and domain experience from working with global systems integrators/managed service providers, direct sales teams, independent software vendors, and large enterprise customers.
• Experience in working across Cybersecurity domains (Infrastructure Security/Managed Security Services, Identity and Access Management, Application Security, Data & Information Security, End-point Security, etc.)
• Experience in working with on-shore/off-shore personnel across time zones.
• Results-driven, self-sufficient and self-motivated individuals with a strong commitment to success and delivery excellence.
• Enjoy learning and introducing new technologies to help colleagues and partners embrace and adopt them.
• Excellent communication skills (oral, written and presentation) with the ability to articulate and sell on value propositions.
• A track record for being detail-oriented with a demonstrated ability to self-motivate and follow-through on projects.
• Strong problem-solving skills with an ability to analyze problems and develop actionable and appropriate tactical plans quickly.
• Strong Business acumen with an understanding of solution lifecycle concept to product.

Qualifications: BS in Computer Engineering with 10 years of Experience

• Fluent in cloud security tools and concepts with specific focus on Azure, AWS, and GCP
• Abreast of both old and new security vulnerabilities and continually keep up to date on the latest security best practices and technologies.
• Strong knowledge of cryptography as it relates to computer and network security as well as file and email encryption
• Proficiency in performing architecture reviews and ranking risks
• Strong, demonstrated project management skills
• A self-starter, with limited supervision & be able to work effectively in a global diverse environment.
• Review the security requirements, draft Threat Modelling
• Strong understanding of Cyber Security concepts
• Experience with performing or reviewing enterprise risk assessments
• Experience with evaluating or writing security standards/baseline to meet compliance requirements
• Ability to work independently with limited supervision
• Ability to collaborate with Cloud Security Architecture for an integrated security governance program for the organizations

Qualifications: BS in Network Security with 5 years of Experience

• Possesses leadership skills to be able to directly and or indirectly influence the business functions to successfully implement security projects.
• Demonstrated proficiency with the IT Security Common Body of Knowledge required for enabling security concepts on varied technology.
• Demonstrated experience in maintaining common IT security technologies such as firewall, VPN, PKI, E-business and web technologies, vulnerability & risk assessment, intrusion detection, event correlation, DMZ, Extranet, etc
• Intermediate to advanced knowledge of routing, switching, and bridging in LAN/WAN multi-national environments
• Experience in Secure DevOps and container technology, experience in Cloud Security and technologies
• Expertise and demonstrated experience in architecting and deploying AWS solutions serving operational and analytical needs from both an infrastructure (security, controls, Active Directory, SIEM, DAM, DLP, etc. ) and data (securing and managing access to, conversion approaches, archiving, monitoring, etc)
• Experience in influencing customers and extended Project Teams
• Communicating effectively in writing as appropriate for the needs of the audience
• Certifications like CISSP, CCSP
• Excellent understanding of application security architecture best practices and principles
• Excellent understanding of API security best practices
• Excellent understanding of common data protection technologies (this includes implementation), such as Cryptography, Tokenization, Hashing, etc.
• Strong knowledge of network security protocols and best practices

Qualifications: BS in Network Security with 5 years of Experience

• Well-rounded knowledge across the security domain
• Strong understanding of Managed Security Services
• Hands-on experience in cloud-managed security services
• Architecture experience in defining and designing Security Operations center
• Proven experience in pricing models and estimations
• Hands-on experience in writing RFP responses, proposal management
• Hands-on experience in creating and delivering presentations
• Strong understanding of pricing models, financial management for RFPs
• Hands-on experience with managed security services and their estimation methodology
• Ability to define and design security controls
• Strong understanding of Identity and Access Management & Authentication across leading platforms
• Hands-on experience with Onprem and cloud-based identity management systems solutions and architecting
• Ability to grasp concepts, directions and impacts of new approaches to traditional & attribute-based methods
• Ability to identify the key gaps in customer security strategies and product portfolio and recommend solutions
• Highlight key differentiators among the leading vendors delivering security solutions

Qualifications: BS in Information Technology with 6 years of Experience

• Work with onsite, offshore, and cross-functional teams of analyst developing broad IT and business-focused solutions
• Be a lead go-to person with IT Provider clients about security technologies, end-user buying behavior, and vendor strategies
• Produce innovative, thought-leading, impactful, analytically-deep, fact-based research
• Possess a strong understanding of Identity provisioning, access management, privileged identity management & entitlement management
• Have a broad understanding of overall security technologies and services and the key vendors in the security market
• Understand vendor strategies and the long-term business impact from a financial perspective, end-user buying behavior, and key market trends are impacting the overall security market size and growth
• Work history in roles such as architect, presales solution lead
• Excellent verbal and written skills, comfortable presenting ideas and issues to different levels within and outside of the organization, including executive leadership, customers, auditors, governance committees, etc.
• Relevant Experience typically a minimum of 10 years within the security domain
• Strong project planning and management skills, strong team-working ethos
• Exceptional influencing and leadership skills
• Strong knowledge of Threat modeling and Risk Assessment methodologies and/or frameworks
  
• Understanding of Azure/AWS native security services and security best practices

Qualifications: BS in Cybersecurity with 7 years of Experience

• Expert knowledge of Cyber Security standards, frameworks, and architectural patterns leveraged in the secure design and delivery of cloud services and solutions across Application, Mobile, Cloud, Infrastructure, and Network Security
• Broad knowledge of the Security Product Market and Toolsets (SIEM, PAM, Vulnerability Management)
• Experience implementing security controls using industry-leading standards - NIST Cybersecurity Framework, OWASP, Centre for Internet Security, ISO 27001
• Solid understanding of security protocols, cryptography, and authentication/authorization methods
• Experience in vulnerability identification, threat modeling assessments, and the implementation of application and platform security remediation plans
• Experience completing forensic-level analysis of Penetration Tests and Vulnerability scans, explaining results, and advising on remediation recommendations to both technical and non-technical audiences
• Experience advising cross-functional technical teams and partners on implementing security best practices
• Comfortable participating in and completing internal and customer-facing security audit reviews
• Experience working with Oracle database and middleware technologies including WebLogic, ORDS, Data Guard, PLSQL, etc., familiarity with SQL Server a bonus.
• Solid understanding of multi-tenancy architecture and security requirements running on multi-node cluster environments
• Knowledge of networking security (DNS, Firewalls, Switches, Load Balancers, subnets, TLS, SAML)
• Experience working on Secure SDLC Implementations
• Good understanding of security tools and mechanisms (IDS/IPS, antivirus, anti-malware, authentication mechanisms, IAM, PKI, encryption, DevSecOps etc.)

Qualifications: BS in Computer Science with 6 years of Experience

• Extensive technical experience working in network and infrastructure security
• Experienced in collaborating with the business to design network and infrastructure strategies
• A broad understanding of cyber security principles and frameworks
• Demonstrate how balance security control requirements with important business and operational priorities
• Well-versed in communicating complex technical content to a range of non-technical audiences
• Successful at building relationships and collaborating to resolve challenging situations
• Demonstrate experience of leading and developing individuals directly and getting work done through others
• Experienced at balancing high-pressure work and tight deadlines
• Knowledge of ISO 27002, ISO 27005, and ISA/IEC 62443
• Excellent written/verbal/communication in French and English mandatory, listening and facilitation skills
• Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
• Able to analyze technical risks and vulnerabilities and to design the appropriate architecture for the Industrial environment
• Good understanding of OT environments
• Have the technical depth to assist with the build and design of security solutions for projects and closely collaborate with the appropriate people to get the job done.

Qualifications: BS in Information Systems with 10 years of Experience

• Experience as an Application Security Architect operating at an enterprise level
• Expertise with Application Security or Platform Security
• Will be engaged on multiple, highly visible projects during their career at BMO. 
• Have excellent time management and organizational skills.
• Knowledge of microservice application architecture patterns and security best practices.
• Knowledge of Risk Management lifecycles based on an established framework such as NIST CSF, ISO27001/17/18, FFIEC, and OSFI.
• Knowledge of policy and security architecture frameworks such as SABSA
• Information Security certification is preferred e.g. CISSP, CISSLP, GIAC, etc.
• Knowledge of computer or network systems hardware and software theory, practice, concepts, and technology relevant to organizational vision
• Sufficient business knowledge to assess the impact of applied technology on customer’s business processes.
• Knowledge of project management methodology and its applicability to successful delivery of technical change.
• Understands the strategic technical direction of Middleware, Continuous Integration and Continuous Deployment Testing, Systems Management, Enterprise Data & Access Layers, Pertinent Styles of Computing.
• Understanding and problem-solving ability of Information Technology of various scale, degree, and dimensions of complexity
• Proficient in the techniques that go into producing designs of complex systems, including requirements discovery and analysis, formulation of solution context, identification of solution alternatives and their assessment, technology selection, and design configuration.

Qualifications: BS in Computer Science with 8 years of Experience

• Familiar with network protocols and networking infrastructure.
• Knowledge of Information security risk, and industry best practices 
• Knowledge of technical areas such as data warehouses, mainframes, networks, applications, etc.
• Knowledge of Corporate Policies, Standards, and operating procedures relating to information security risk.
• Knowledge of the technology domain the architecture is being developed for. E.g. Databases, Product, Service, etc.
• Deep technical and system-level expertise in one or more technology areas.
• A seasoned professional with a combination of education, experience, and industry knowledge.
• Expert verbal & written communication skills
• In-depth analytical and problem-solving skills
• Knowledge of Automation techniques (Terraform, Jamf, GPO, SSCM).
• Strong problem-solving skills and ability to work under pressure with limited supervision.
• Ability to lead the definition of project plans and projects.
• Strong ability to multi-task and prioritize multiple projects
• Working knowledge of TCP/IP or OSI network protocol stack, including major protocols such as IP, ICMP, TCP, UDP, SMTP, HTTP, and SSH.

Qualifications: BS in Data Science with 7 years of Experience

• Experience in Identity and Access Management concepts and tooling.
• Working knowledge of popular cryptographic algorithms and protocols such as RSA, SHA, Kerberos, and TLS.
• Experience administering and automating centralized logging architectures and SIEM tools.
• Experience in static and dynamic code review tooling.
• Experience with vulnerability assessment and penetration testing tools.
• Experience with programming and scripting languages and text manipulation tools (RegEx, Java/PHP, Python, Powershell).
• Be a team leader and facilitate brainstorming sessions.
• Experience designing, executing, and reporting on security awareness programs including simulated phishing attacks.
• Knowledge of Intrusion Detection and/or Intrusion Prevention Systems. 
• Experience working with security tooling in public cloud environments (AWS, Azure).
• Experience with Identity and Access Management concepts and tooling (Cyberark, Thycotic, Sailpoint, LDAP, AD).
• Experience working with external auditors as well as executing tasks related to internal audits.
• Administration experience in an Active Directory-based identity environment including experience integrating Active Directory with SSO tooling (Okta, Ping Identity, etc).
• Configuration and operation of tooling to support a Vendor Management process (OneTrust, TrustARC, etc).
• Design and maintenance of questionnaire forms in the tool 
• Ability to process results and assess the risk of vendor responses.

Qualifications: BS in Cyber Operations with 8 years of Experience

• Relevant Information Technology experience (such as system admin or network engineering).
• Specific experience within some, or all, of the following: application security architecture, computer networking, cryptography, security engineering and architecture, programming, vulnerability assessments, and operating systems.
• Configuration of SIEM tools including log aggregations, alarm management, and integration into an incident management process.
• Administration of a vulnerability scanning tool for both internal and external scans.
• Working knowledge of security best practices and standards such as ISO27001, HIPAA/HITECH, HITRUST CSF, NIST 800-53.
• Previous Healthcare industry experience.
• Experience automating recovery or investigation activities using a scripting language such as PowerShell, Python, etc.
• Experience running projects including setting meetings and managing action items.
• Current knowledge of cyber Department of Defense (DoD) S&T (Science & Technologies) environment and acquisition process, ideally experienced in systems/software security technology development and implementation on Government programs.
• Excellent verbal and written skills necessary to clearly articulate technology development and market entry strategies to both internal and external organizations
• Experience with docker/container platforms that include Kubernetes, Mesosphere, etc.
• Hands on experience with large-scale package implementations like Siebel CRM, PeopleSoft.
• Experience in administering messaging solutions that include IBM MQ, Tibco EMS, Confluent Kafka, etc.
• A proven record of demonstrated skills in identifying of cyber needs, working with R&D customers/partners to shape requirements, and developing advanced cyber systems for DoD customers.

Qualifications: BS in Cyber Operations with 6 years of Experience