IT Security Architect, Cloud & Products

Lincoln Electric is the world leader in the engineering, design, and manufacturing of advanced arc welding solutions, automated joining, assembly and cutting systems, plasma and oxy-fuel cutting equipment, and has a leading global position in brazing and soldering alloys. Lincoln is recognized as the Welding Expert™ for its leading materials science, software development, automation engineering, and application expertise, which advance customers' fabrication capabilities to help them build a better world. Headquartered in Cleveland, Ohio, Lincoln Electric is a $4.2B publicly traded company (NASDAQ:LECO) with over 12,000 employees around the world, with operations in 71 manufacturing and automation system integration locations across 21 countries and maintains a worldwide network of distributors and sales offices serving customers in over 160 countries.

Location: Euclid - 22801 
Employment Status: Salary Full-Time 
Function: Information Technology 
Req ID: 25884 

​

​

Summary

This role is a strategic position designed to ensure that security is seamlessly integrated into the lifecycle of cloud infrastructure and product offerings. This role will focus on designing, reviewing, and implementing robust security solutions to protect sensitive data and business logic within a portfolio of products and software applications, including cloud-based and on-premises solutions. 

The IT Cyber Security Architect works closely with cross-functional teams to achieve cyber security business objectives. This role supports the implementation of secure development practices, threat modeling, architecture, design, vulnerability assessments and security verification, as well as defining the security standards for a variety of products, cloud applications and infrastructure, security tools and processes.  **MUST be a US Citizen and currently with a US based company**
 

Key Responsibilities

•    Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
•    Design and implement robust security architecture for cloud environments (AWS, Azure, Google Cloud) and product platforms and implement security solutions and capabilities that are aligned with business, technology, and threat drivers
•    Collaborate with cross-functional teams to define security requirements for new and existing products or applications
•    Lead threat modeling sessions to identify and mitigate potential security risks
•    Perform security architecture reviews, identifies gaps in security architecture across cloud and on-premises solutions, and develops a security risk management plan
•    Design and develop secure product and software architecture for various commercial products
•    Develop- security product and software strategy plans and roadmaps based on sound enterprise architecture practices for all environments, including cloud and on-premise infrastructure
•    Develop- and maintain- security architecture artifacts (e.g., models, templates, standards NFR’s, and procedures) that can be used to leverage security capabilities in projects and operations
•    Collaborate with development and operations teams to integrate security into the software and product development lifecycle (SDLC & PDLC)
•    Provide guidance and training to internal teams on security best practices
•    Lead security-related projects and initiatives, ensuring timely and effective delivery
•    Partner with development teams to proactively communicate product security requirements and promote control frameworks to ensure secure goals are met
•    Explain technical positions/risks to business leaders and business positions/risks to technical leaders to achieve appropriate security outcomes
•    Coordinate- with the privacy office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
•    Engage with vendors to select solutions and conducting architectural reviews of their offerings as needed
•    Track- developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
•    Conduct regular security assessments and audits of the platforms
•    Stay current with the latest security trends, technologies, and regulatory requirements
•    Serve as the primary liaison between the enterprise architect and the systems security engineer and coordinates with system owners and security engineers on the allocation of security controls as system-specific, hybrid, or common controls.

 

Education & Experience Requirements

•    Bachelor's degree in Computer Science, Information Technology, or a related field, Information Technology or equivalent through certification and or training.
•    10+ years of hands-on experience in architecting and solving challenging technical problems, preferably in a multinational corporate security environment in three or more of the following areas: product security (preferred) or cloud security (preferred), application security, information security, and digital platform security.
•    In-depth knowledge of “Secure by Design”.
•    CCSP (Certified Cloud Security Professional) and/or security certifications, such as CISSP, CISA, CRISC, and CISM.
•    Experience with Open Security Architecture (OSA), The Open Group Architecture Framework (TOGAF), Sherwood Applied Business Security Architecture (SABSA), SANS' GAIC.
•    Understanding of industry regulatory and compliance requirements like FedRAMP, PCI-DSS, NIST, HIPAA.
•    Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF.
•    Core Product security and Software development background of 5+ years.
•    Ability to articulate security requirements for build and delivery pipelines.
•    Strong, hands-on experience in Threat Modeling and Security Architecture Reviews as per industry standards.
•    Strong, hands-on expertise in Microsoft Azure, GCP, and AWS to secure cloud applications and SaaS products.
•    Strong, hands-on experience in Secure SDLC, PDLC, SAST, SCA, DAST, Container Security and Penetration testing.
 

Lincoln Electric is an Equal Opportunity Employer. We are committed to promoting equal employment opportunity for applicants, without regard to their race, color, national origin, religion, sex (including pregnancy, childbirth, or related medical conditions, including, but not limited to, lactation), sexual orientation, gender identity, age, veteran status, disability, genetic information, and any other category protected by federal, state, or local law.