Senior Security Architect

Senior Security Architect

Department: Information Technology

Employment Type: Full Time

Location: Crystal Building 40 W20th St

Reporting To: Jay Haque

Compensation: $130,000 - $145,000 / year

Description

Overview
The Senior Security Architect will focus on enhancing the effectiveness of cybersecurity practices, increasing automation, and integrating security measures into the development pipeline. This role involves hands-on oversight of key security tools and processes to ensure the organization's security posture is continuously improving.
This position will have a wide breadth of access across the cybersecurity tools ecosystem and will focus on adoption, automation, and continuous improvements. This includes tools across the security landscape - vulnerability management, configuration management, SIEM/Logging, access management, secure application development practices, SOAR, etc. 
The role will interface with key stakeholders across the business including other technology teams and business department leaders and have significant influence on the cybersecurity ecosystem and focus on the hands-on execution of security measures, including implementing, optimizing, automating, and troubleshooting technical defenses.

We are looking for someone we can count on to: Manage:

• Cybersecurity tools and processes
• Technical systems and capabilities including automation and distribution
• Relationships with technology partners 
• Roadmap of improvements and enhancements
• Relationships across engineering teams (networking, devops, systems, app dev, etc.)

Teach:

• General cybersecurity awareness and business justifications 
• Best practices employed to secure computing environments
• Methods of using available toolsets to improve overall cyber posture
• Work closely with other departments to ensure understanding of cybersecurity
• Work with colleagues across the business to ensure clear expectations are set

Learn:

• NYPL’s cybersecurity tools
• Automation mechanisms - SOAR, scripting, APIs, etc.
• Understand Library’s unique place in providing network access as a means to accomplish its mission.
• NYPL’s business and services to better understand the organization's risk profile.
• Emerging technologies that simplify security management

Improve:

• Operational efficiency
• General awareness of cybersecurity
• Cohesion amongst toolset
• Security posture management across engineering teams

Some expectations for this role are that within: 1 month, this person will:

• Understand the organization’s risk profile and cybersecurity tools
• Assess current cybersecurity technical processes and identify potential areas for improvement
• Begin engaging with key stakeholders across security, development, and infrastructure teams

3 months, this person will:

• Start implementing approved improvements or automation for routine security tasks; being actively hands-on on these platforms and systems (Windows, Linux, Networking)
• Enhance integration between security tools for improved visibility and incident response
• Begin incorporating security testing into the development pipeline

6 months and beyond, this person will:

• Fully integrate security testing suggestions into the development workflow
• Continue refining automation processes and security practices across infrastructure
• Propose ongoing improvements based on performance metrics

Responsibilities: 

• Oversee the management and optimization of key cybersecurity tools and processes, including vulnerability and configuration management, SIEM, secure development practices, and other common technologies
• Implement automation and process improvements for routine security tasks to improve operational efficiency
• Integrate security testing and secure development practices into the CI/CD pipeline for continuous security coverage
• Assess and report on the organization’s cybersecurity posture, recommending improvements based on identified risks
• Collaborate with stakeholders across technology teams and business units to ensure alignment with cybersecurity initiatives
• Provide security guidance and training to teams to increase cybersecurity awareness and best practices
• Stay informed on emerging security technologies and trends to enhance the cybersecurity ecosystem

Required Education, Experience & Skills

Required Education & Certifications

• Bachelor's degree preferred, but not required

Required Experience

• 5+ years administering cybersecurity tools 
• Prior experience as a technologist in a role of systems engineering, network engineering, or application development
• Experience collaborating across IT support groups and business units

Required Skills

• Deep technical expertise within at least one domain of technology - systems (windows/linux), networks, or application development. 
• Hands-on automation experience using scripting and or specific cybersecurity tools, etc.
• Strong understanding of cybersecurity concepts and hands-on experience with tools aligned with the NIST framework, including vulnerability management, SIEM, vulnerability/patch management, and endpoint protection
• Proficiency in integrating security testing and secure development practices into CI/CD pipelines
• Experience automating security processes and workflows to improve operational efficiency
• Strong analytical skills to assess risks, identify gaps, and propose security improvements
• Ability to communicate effectively with technical and non-technical stakeholders to drive security initiatives
• Knowledge of cloud security principles and practices across modern infrastructure environments
• Familiarity with secure coding standards and application security practices

Managerial/Supervisory Responsibilities

• N/A

More...

Core Values
All team members are expected and encouraged to embody the NYPL Core Values:

• Be Helpful to patrons and colleagues
• Be Resourceful in solving problems 
• Be Curious in all aspects of your work
• Be Welcoming and Inclusive

Work Environment

• Office setting

Physical Duties

• Lift/move equipment up to 25 lbs

Pre-Placement Physical Required?

• No

Union/Non Union
Non-Union

FLSA Status
Exempt

Schedule

• Occasionally travel to NYPL sites
• Hybrid 3 - in office / 2 - remotely;  as workload permits
• Available on-call after hours and weekends for emergencies

This job description represents the types and levels of responsibilities that will be required of the position and shall not be construed as a declaration of all of the specific duties and responsibilities for the role. Job duties may change if Library priorities change. Employees may be directed to perform job-related tasks other than those specifically presented in this description as needed.

The New York Public Library Salary Statement
At the Library, we believe that pay transparency and pay equity are important to ensuring we source the best candidates and keep the best employees. When making a determination as to the appropriate salary for a candidate, we consider a variety of factors such, including, but not limited to, the position requirements, the skills, prior experience, and educational background required or preferred for the job, the scope and impact of the role within the organization, internal peer equity, and the candidate's specific training, experience, education level, and skills. No single factor is conclusive; the Library reserves the right to consider any and all relevant factors and make a decision consistent with its policies.
Union Salaries are determined by collective bargaining agreement(s).