Security Architect

Description

Having recognized the advantages of remote work, such as improved employee morale, increased productivity, and positive impacts on both employee wellbeing and the environment, we are proud to be a digital-first company. Our digital-first work environment, combined with our conveniently located offices and collaborative workspaces, provides our team with the freedom and flexibility to work in the most productive way for them.

About us

Tecsys is a fast-growing innovator offering supply chain solutions to industry leading healthcare systems, hospitals, and pharmacy businesses to distributors, retailers, and 3PLs. We work with industry leaders to transform their supply chains through technology. If you thrive on tackling interesting challenges with continuous learning opportunities, then Tecsys could be a good fit for you!

About this Role

We are seeking an experienced Security Architect with deep expertise in software security, encryption and AWS to lead the design and implementation of secure, scalable cloud solutions. This role is crucial for to support our FedRamp and SOC2 certifications and ensuring our solutions meet the highest standards of security, performance, resilience, and compliance. In that role, you will work closely with teams across the entire organization and will be a technical reference in security and cloud architecture. You will also stay up to date on industry trends and assess the relevance of adopting emerging technologies and best practices.

 Key Responsibilities:

• Secure our solutions: Work with IT, Cloud Operations, and Development teams to design and build robust security architectures across AWS environments, ensuring compliance with SOC2 and FedRAMP. Design and implement secure encryption strategies, ensuring the protection of sensitive data both at rest and in transit across AWS environments
• Integration of Security Practices: Work closely with IT, Cloud Operations and Development teams to integrate security best practices into the infrastructure design and software development lifecycle.
• Continuous Compliance: Define and design built-in continuous compliance capabilities to effectively manage security audits and enforce security controls within the solution.
• Threat Modeling: Conduct threat modeling exercises with IT, Cloud Operations, and Development teams to identify and remediate potential cyber risks within cloud applications and infrastructure.
• Defense-in-Depth Strategy: Design and support the implementation of a defense-in-depth strategy to protect against advanced and emerging threats.
• Governance, Risk, and Compliance: Collaborate with the Governance, Risk, and Compliance lead to ensure designs meet FedRAMP and SOC2 controls required for certification. Ensure alignment with policies and standards following industry standards such as the NIST framework, CIS benchmarks, AWS best practices, and key industry-specific regulations. Oversee the creation and maintenance of architecture documentation, and contribute to certification and compliance documentation, including risk assessments and system security plans (SSPs).
• Subject Matter Expertise: Act as a subject matter expert on cloud security, providing guidance and recommendations to technology leaders. Manage and facilitate clear communication between cross-functional teams and stakeholders, including security, compliance, and development, to ensure alignment. Provide technical guidance and best practices to development teams on secure coding, encryption, and data protection.
• Stay Informed: Stay updated on the latest security trends, tools, and technologies, and effectively communicate these developments to various stakeholders.
• Continuous Improvement: Drive continuous improvement initiatives to enhance the security posture of our cloud environments.

Qualifications required

• 10+ years of hands-on experience in developing Full-Stack applications.
• 5+ years of experience in SaaS architecture and implementation, with a strong focus on security architecture and encryption.
• In-depth knowledge of encryption techniques including symmetric and asymmetric encryption methods, PKI, TLS/SSL, HSMs, FIPS 140-2/140-3 standards and data-at-rest and in-transit encryption.
• In-depth knowledge of SOC2, NIST, and cloud infrastructure security.
• Strong understanding of cloud-native services and application security.
• Experience conducting threat modeling and implementing defense-in-depth strategies/controls.
• In-depth knowledge and experience of cloud-native technologies and patterns, including microservices architecture, containerization (Docker), container orchestration (Kubernetes), and serverless computing (AWS Lambda).
• Demonstrated ability to facilitate alignment and collaboration across multiple teams, including security, development, operations, and compliance, ensuring cohesive project execution.
• Excellent communication skills, with the ability to translate complex architectural and security concepts to non-technical stakeholders.
• Ability to understand the business perspective while prioritizing technical work, effectively translating business needs into impactful decisions.
• Strong proficiency in both written and verbal English communication essential for effective correspondence with clients, suppliers, business partners, and colleagues beyond the province of Quebec.

What could give you an edge while applying?

• Familiarity with CIS benchmarks, AWS best practices, NIST, FedRamp, ISO27000.
• Experience with FIPS-compliant tools and libraries (e.g., OpenSSL FIPS module, Bouncy Castle for Java).
• Experience with DevSecOps practices, CI/CD pipeline security, and integration of encryption tools into CI/CD pipelines for automated security testing and validation
• Familiarity with NIST 800-53 security controls and their application in a SaaS context.
• Experience with vulnerability management, SIEM tools configuration, and security incident response process creation
• Hands-on experience with Java software security architecture and secure coding practices.
• Experience with Kubernetes: In depth knowledge of Kubernetes for container orchestration, including managing, scaling, and automating application deployments
• Proficiency in governance, risk, and compliance (GRC) practices.
• Relevant certifications (e.g., AWS Certified Solutions Architect, CISSP, CISM).
• Master’s degree in Cybersecurity, Computer Science, or a related experience.

Requirements

At Tecsys, we are committed to fostering a diverse and inclusive workplace where all employees feel valued, respected, and empowered. We believe that diversity drives innovation and strengthens our ability to deliver exceptional solutions. We welcome and encourage applicants from all backgrounds, experiences, and perspectives to join our team.

Tecsys is an equal opportunity employer. Accommodation is available for applicants selected for an interview.

NB: if you are applying to this position, you must be a Canadian Citizen or a Permanent Resident of Canada.