Full-Time Sr Cloud Software Security Architect
Motorola Solutions is hiring a remote Full-Time Sr Cloud Software Security Architect. The career level for this job opening is Expert and is accepting USA based applicants remotely. Read complete job description before applying.
Motorola Solutions
Job Title
Posted
Career Level
Career Level
Locations Accepted
Share
Job Details
We are seeking a highly skilled and experienced Compliance & Security Architect to join our team. In this role, you will be responsible for technical solutions and methods ensuring the compliance and security of our cloud platform and products, and technically leading our organization through the process of maturity and compliance to security frameworks. You will also collaborate with our Data Privacy teams to maintain compliance with data privacy regulations. You will represent our cloud platform team in external audits and presentations to customers about the cybersecurity solutions and methods that make our platform secure to meet specific standards and regulations.
Responsibilities:
- Develop and own the technical requirements needed to implement the NIST Cybersecurity framework, while following industry best practices and benchmarks like OWASP, CIS, and DoD.
- Create architecture diagrams, a tech inventory, security methods, and solutions that align with standard cloud security principles , such as the 'well architected framework' of Azure and AWS
- Make sure we're building security into our cloud platform from the ground up, including secure architecture, design, coding, and vulnerability management.
- Create comprehensive documentation for how we've implemented security across the system. This includes overviews of Kubernetes cluster security, FIPS-compliant cryptography, authentication/encryption methods, and network architecture.
- Guide product development teams on application and use of risk analysis techniques and procedures.
- Work with Product Managers and Engineering Teams to understand how our products work and help them implement security methods and technologies that comply with NIST 800-53.
- Perform technical gap analysis (including threat and risk assessments) and work with Product Management and Risk Owners to prioritize security and compliance work.
- Be the technical expert as we work towards maturity, compliance, and accreditation to security frameworks like ISO 2700x, FedRAMP, CJIS, Canada CCCS, and Australia IRAP.
- Keep documentation up-to-date (technical requirements, architecture/design diagrams, technical methodologies) and maintain required evidence repositories, asset registers, security risk registers, and business continuity plans. Participate in site-level management reviews.
Requirements:
- Experience with US security policies, frameworks, and standards such as CJIS, FedRAMP, etc.
- Knowledge of emerging cybersecurity trends and new technologies.
- Proven track record of implementing NIST 800-53 cybersecurity framework or Center of Internet Security controls by authoring security requirements within a product development cycle.
- Proven track of creating architecture diagrams, security requirements, and technical solution papers at various levels of detail.
- Proven articulation and communication skills in writing and verbally while conducting technical presentations to diverse audiences.
- Proven experience with using and applying cryptographic solutions for integrity, non-repudiation and confidentiality. Practical experience with Public Key Infrastructure is highly desired.
- Practical knowledge of Authentication and Authorization technologies and protocols as apply to both interactive users and service connections.
- Knowledge of security analysis through the creation of architecture, network connection, and data flow diagrams.
- Experience performing security analysis to identify gaps against security compliance standards.
- Excellent interpersonal skills and the ability to work effectively with team members to find solutions to complex problems.
- Experience with security management tools to automate security processes and procedures, such as POA&M, is highly desirable.
- Knowledge of key cloud architectures and cloud security best practices.
- Experience with AWS, Microsoft Azure, and Google cloud platform, particularly with their security methodologies and toolsets, is highly desired.
- Experience with microservices and microservice orchestration technologies is highly desired.