Returning Candidate?

Director Security Architecture

Director Security Architecture

Job ID 
9837
Type 
Regular Full-Time
Company 
Fred Hutchinson Cancer Research Center
Location 
US-WA-Seattle
Category 
Information Technology

More information about this job

Overview

Fred Hutch has ambitious goals when it comes to eliminating cancer and infectious disease. We are using data science in bold new ways to achieve them.  As a result, the Fred Hutch Information Security team is growing our security engineering team. We are looking for a Principal Security Architect to take a lead role in developing, evangelizing and deploying leading edge technical security strategy for Fred Hutch. Reporting to the Senior Director of Information Security, you will drive long term security thought leadership throughout the diverse Fred Hutch technical community. You will also engage directly with Fred Hutch engineering teams as a trusted advisor on our most complex and exciting projects, help develop and drive a “secure by design” philosophy into service architecture & deployments and systematically identify & eliminate vulnerabilities with well-engineered security solutions.  This role will serve as a technical expert with deep knowledge across all of the security domains as well as expert level knowledge of underlying technologies.  This position will be a proven technical leader, with a strong ability to collaborate and execute in complex technical and organizational environments. If this sounds like you, come help Fred Hutch in the fight against cancer and infectious disease by ensuring the security of our technical environments and information!

 

 

This leadership position will be a highly visible technical security authority and a key representative of the Information Security team. The security engineering function drives robust & pragmatic long term technical security strategy and addresses critical technical vulnerabilities in our cloud, hybrid and on-prem environments. Consistently moving the security needle with key project, process and engineering teams through the Fred Hutch environment requires strong communication, collaboration and technical security skill sets. You will be a key security solutions-development engineer, a trusted advisor and a seasoned influencer and evangelist who can anticipate emerging technical challenges and successfully engage directly with multiple teams within Fred Hutch as well as key partners outside of the organization. This is a new role and an awesome opportunity for the right leader to help develop a strong technical program that has true impact from the ground level. You will be closely supported by the Information Security team and peer organizations, but will have the freedom to develop this function using your unique blend of technical leadership skills and experience. The team likes to do great security work and have fun doing it. A great sense of humor is a definite plus! 

Responsibilities

Technical leadership - Drive the development, adoption and consistent implementation of security architecture principles, policies and standards throughout the technical stack and across a broad range of environments, including international locations

Security solutions - Lead the design & development of engineered solutions that improve security states, address technical vulnerabilities and eliminate operational practices that put the organization at risk; team closely with the Security Remediation function to proactively identify, prioritize and pursue remediation of security issues

Consulting - Serve as key security architecture SME and influential, trusted advisor on a broad range of leading edge project engagements; develop and refine the Security consulting model, customer experience and security “product” offering

Thought leadership - Represent the security function in a wide range of settings; serve as a key strategic influencer on diverse internal projects and collaborations with external partners

Versatility - Demonstrate a consistent customer centric approach and technical versatility, especially with new and innovative technological approaches to research and clinical projects

Operations - Provide hands-on engineering guidance for Assurance technologies and processes owned and operated by the security organization

Collaboration -  work with the Security Risk Management function to develop impactful, data driven insight into security states and risks across the Fred Hutch environment

Interpersonal - Serve as a coach and mentor to junior members of the Information Security Office team and to members of peer teams; display high integrity and executive level perceptive ability; demonstrate a consistent drive for collaboration that enables projects and teams to be successful and secure

Qualifications

Required Qualifications & Experience:

  • BS in Computer Science, Software Engineering, Information Technology or equivalent experience required; MS or Security certificates a plus
  • 8-10 years of experience in technical security domains; minimum of five years in a technical security leadership position at Security Architect level
  • Senior management level presence, influence and judgment required
  • Demonstrated experience implementing InfoSec Assurance principles and operational processes across complex technical environments
  • Implementation of technical security architectures within a large enterprise environment; experience in implementing and managing core security architecture processes and programs
  • Threat modeling across the stack in multi-OS environments, strong understanding of security solution development in multi-platform Cloud (AWS, Azure) and hybrid environments
  • Strong understanding of cryptographic principles and PKI, networking and network security analysis, server infrastructure operations and datacenter security
  • Development of detection/alarming methodologies and SIEM platforms, breach response & resiliency in multi-OS server & desktop environments
  • Subject matter expertise in web application security and secure development processes (SDL), including tools & mitigation of identified vulnerabilities
  • Subject matter expertise in Identity and Network isolation strategy and implementation in dynamic environments
  • Understanding of information security Governance and Policy/Standard development and Information Security compliance frameworks, including FISMA/NIST 800-53, HiTrust and EU Data Protection principles
  • Must have excellent verbal, written, and presentation communication skills, strong interpersonal skills and the ability to work effectively across project teams
  • Must be versed in explaining technical solutions to multiple technical teams, non-technical teams and senior management
  • Must demonstrate a keen understanding of security as a business enabler

 

Preferred Qualifications and Experience:

  • Experience in health care, research or other highly regulated discipline
  • Penetration testing and vulnerability remediation methodology & execution
  • Experience with secure configuration and deployment of enterprise wide cloud services – Okta, Cloudera, O365 and Cloud Management Platforms
  • Software development, network administration, AD/LDAP administration, Agile Scrum/Kanban experience
  • CISSP, CISM or SANS - GIAC certification
  • Experience designing and deploying distributed applications leveraging service-oriented architecture principles
  • Expert level skills in security team operations (including Assurance operations) in complex technical environments
  • Experience with device and network based forensics, malware analysis, threat intelligence and security evangelization programs