Previous Job
Previous
Information Security Architect
Ref No.: 18-07839
Location: McLean, Virginia
Start Date / End Date: 09/17/2018 to 03/29/2019
Description:
The Information Security Architect (ISA), is an integral member of the Freddie Mac Information Security Architecture and Engineering (ISA&E) team. This particular position will require the ISA to:
  • Work closely with Enterprise, Solution and Security Architects and Engineers to develop and update the Information Security Architecture Patterns (ISAP), and Non-Functional Requirements (NFRs).
  • Develop an ISA&E document control, review, and update process.
  • Identify ISA&E services and document associated processes.
  • Collect, interpret, evaluate, and validate security requirements, functions and processes associated with applicable ISAPs and NFRs.
  • Identify and document the security risks associated with each ISAP and NFR (both mitigated and residual).

The ISA shall understand the concepts and application of the following architecture and design principles and practices:
  • Cloud security (IaaS, PaaS, and SaaS) across multiple cloud platforms such as Azure, AWS, and Google.
  • Network security and segmentation
  • Data security
  • Application security (Multi-Tier Web and Client-Server)
  • End-Point Security (desktops, laptops, servers, etc.)
  • Mobile device security (smartphones, tablets, iPads, etc.), to include Bring Your Own Device (BYOD)
  • Authentication and Authorization models and techniques (to include multi-factor authentication)

The ISA shall have a comprehensive understanding of the following technologies:
  • Next Generation Firewalls
  • External Secure Web Gateways and CASBs
  • Network and Host-based IDS/IPS
  • Data Loss Prevention
  • Data Masking
  • Encryption (Symmetric and Asymmetric)
  • User Behavior Analytics
  • Malware and Spam/Phishing Detection and Prevention
  • Security Information and Event Management (SIEM)
  • Identity and Access Management (IAM)
  • Azure & AWS
  • ADFS and other federated technologies
  • Mobile Device Management & Mobile Application Management

Experience:
  • BA/BS degree in Computer Science, Information Systems or a related technical field, or the equivalent combination of education and experience.
  • 10+ years of information technology experience, preferably within the financial services industry.
  • Minimum of 8 years' experience working as an Information Security Professional, preferably within the architecture or engineering disciplines.
  • Minimum 5 years' experience working as an InfoSec Solutions Architect

Preferred:
CISSP (+ ISSAP), CCSP, SABSA (F1 & F2 minimum)

CISSP Certification 7 - 10 Years

Education: Bachelor Degree.