Cyber Security Architect - Application and Data Integration Security
Franklin, TN, United States
Community Health Systems
CHS has been developing and operating healthcare delivery systems committed to helping people get well and live healthier for nearly 40 years.Job Summary
As a member of the Cyber Architecture team, the (Application and Data) Integration Security Architect will be responsible for leading a wide range of security architecture activities including the investigation, development, and deployment of new capabilities that enhance the security posture of the enterprise specifically around (Application and Data) Integration Security including (but not limited too): Secure Coding practices, Infrastructure as Code (IaC) Security, API Security, CI/CD pipelines, Application Security Testing (DevSecOps), Cloud-Native Application Protection Platform (CNAPP) as well as Data Integrations via API. The Architect will serve as an (Application and Data) integration security expert accountable for the development of security reference architectures in specific capability areas (e.g., Security by Design, Application Security Testing, Web Application and API protection, etc. in alignment with the National Institute of Standards and Technology (NIST) – Cyber Security Framework, NIST SP 800-53, and OWASP.
The Architect will guide technology platform decisions to reflect defined (application and data) integration security capabilities and architectures, business impact and exposures, emerging threats, vulnerabilities, regulatory requirements, and risks. The Integration Security Architect will work with Enterprise Architects, other functional area architects (i.e., Network Security, IAM, Cloud Security, Data Protection, and Platform Security), project teams, and security specialists to ensure adequate platform security solutions are in place throughout the enterprise including CHS-owned facilities and data centers, 3rd party cloud IT systems and platforms, and will communicate the risks and solutions to business and IT partners.
Essential Functions
- Define and document a Security Reference Architecture/Strategy (s) for (Application and Data) Integration Security capabilities at the enterprise level utilizing the NIST – CSF, NIST SP-800.53, OWASP publications as guiding principles.
- Create (Application and Data) Integration Security “Implementation Patterns” for Web Applications, Mobile, Cloud-Native, and API implementations that can be utilized by project teams when needed.
- Aid in the development and maintenance of (Application and Data) integration security standards based on National Institute of Standards and Technology (NIST) recommendations, specifically NIST 800-53
- Lead multiple projects focused on the implementation of new (Application and Data) integration security tooling that protects the CHS enterprise.
- Responsible for thoroughly documenting all (Application and Integration) security tooling from an Architecture perspective including the creation of Solution Architecture documents, Architecture Decision documents, Operations Manual documents, and other work-products.
- Accountable for thoroughly documenting all (Application and Integration) integration security capabilities from an Architecture perspective including the creation of Reference Architecture documents, Architecture Strategic Direction documents, Capability Roadmaps, and other work-products.
- Partner with Back Office – Cloud, Network Security, Platform Security, Data Protection, and Vulnerability Management team(s) to develop, implement, and (where needed) enhance enterprise (Application and Data) integration security architectures and solutions.
- Business and Soft Skill expectations:
- Communicate and interact effectively and professionally with co-workers, management, customers, etc.
- Maintain complete confidentiality of company business.
Qualifications
- Bachelor's Degree in Cyber Security, Computer Science, Information Systems (or other related field) or equivalent work experience required
- Master's Degree in Cyber Security, Computer Science, Information Systems (or other related field) or equivalent work experience preferred
- Duration:
- 10+ years of IT or information security, and
- 5+ years of Data Protection
- Activities:
- Designed and implemented Data Protection and/or Data Loss Prevention technologies within “on-premise” and/or 3rd Party cloud platforms.
- Served as architecture or expert thought leader for Data Protection technology and influenced the strategy to address internal or external business and regulatory issues with respect to protection of sensitive data.
- Worked in process-driven structured environments, and participated in process optimization activities.
- Competencies:
- Advanced knowledge of security principles, issues, and Data Protection techniques and/or Data Loss Prevention implementations across “on-premise” and/or 3rd Party cloud platforms.
- Proactive identification and solving of complex problems
- Strong understanding of systems development lifecycle to provide technical leadership for multifunctional projects or initiatives.
- Effective communication of technical concepts to a non-technical audience.
Licenses and Certifications
- Nice to have: CISSP, CCSP, GCSA
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security CCSP CI/CD CISSP Cloud CNAPP Computer Science DevSecOps IAM Network security NIST NIST 800-53 OWASP Strategy Vulnerabilities Vulnerability management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.