Jan 22, 2020
The Security Engineering & Architecture team is responsible for embedding and delivering security into major transformation programs across the enterprise. This team identifies security risks, prioritizes delivery of security controls, develops security architectures, evangelizes security, develops security roadmaps and acts as the primary CISO representative within major programs. As a direct report to the Manager, Security Engineering, with dotted line reporting to VP, Information Technology Security Officer, you will have the following responsibilities: Work closely with enterprise architects, engineering, and security specialists to ensure adequate security solutions and controls are in place throughout Pearson's AWS environment and to ensure program objectives are met. · Design, architect and build security solutions, frameworks, automation and orchestration to secure Cloud Infrastructure and Applications specifically around AWS. · Provide security guidance and oversight to engineering and operational teams by participating in design reviews · Hands-on technical expertise in building security capabilities in code and deploying infrastructure in code using Cloudformation, lambda, python, terraform etc. · Detailed understanding of AWS Security principles and services, AWS Config, Organisations, IAM, KMS, WAF, Shield, Trusted advisor, Inspector, GuardDuty, AWS networking etc. · Experience with Chef, Puppet, Salt, or Ansible in production environments at scale · Support the organization's goals in secure cloud adoption through hands on interaction with development teams to cultivate a security first mindset. - Assess and understand Pearson's current security posture and future architecture, providing recommendations for improvement and risk reduction; • Develop the business, information, and technical artifacts that constitute the enterprise information security architecture and solutions; • Serve as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and security policies, industry regulations, and best practices; • Research, design, and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors; • Contribute to the development and maintenance of Pearson's information security strategy; • Evaluate and develop secure solutions, based on approved security architectures; • Analyses business impact and exposure, based on emerging security threats, vulnerabilities and risks; • Communicate security risks and solutions to business partners and IT staff; • Design security configuration guidelines for information technology devices and systems, as well as mechanisms for assessing compliance within those guidelines; • Design and build controls to address security risks and events as identified; • Embrace a culture of continuous service improvement and service excellence; and • Stay up to date on security industry trends. Skills and Experience Experience • Deep understanding of cloud technologies and services with enterprise-level design experience (AWS, Azure, etc); • Strong experience with AWS security solutions and in securing AWS workloads; • Understanding and experience securing CDN technologies (Akamai, Cloudfront, etc.), effective authentication and authorisation strategies for edge-node served content, and general content protection strategies; • Strong experience in application and Web security, with deep experience of OWASP ASVS, secure SDLC processes and microservices; • Strong experience with security technologies, including NextGen Firewalls, DLP, web filtering, NAC, IDS/IPS, IdAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management; • Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams; • Current understanding of Industry trends and emerging threats; • Proven ability in security process and organizational design, including ITIL. · 5 - 7 years+ in Information Security space; · Bachelor's Degree in Computer Science, Engineering or equivalent. Master's Degree preferred. · Strong experience with AWS Security, with a passion to make security realistic, achievable and interwoven with the business fabric; · Strong experience in migrating enterprise companies from traditional data center infrastructure, application and data designs to hybrid or fully-cloud enabled practices. · Strong experience in Application Security, with deep experience of OWASP ASVS, Secure SDLC processes and Microservices; · Strong experience with a broad range of security technologies, including NextGen Firewalls, DLP, NAC, IDS/ IPS, IdAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware and vulnerability management; · Strong experience designing and implementing encryption solutions such as PKI and encryption at rest technologies. · Strong business acumen with the ability to build business cases for technology initiatives and to effectively communicate the value proposition to non-technical stakeholders. · Some proven ability in security process and organizational design including ITIL; · Current understanding of Industry trends and emerging threats. · Well-rounded background in network, host and database security; · Experience implementing security controls in an enterprise IT environment; · Experience driving a culture of security awareness; · Experience administering network devices, databases, and/or web application servers; and · Highly self-motivated with the ability to identify areas of focus and tackle new challenges with or without direction. · Ability to work within a dynamic and fast paced international environment · Ability to build rapport with other team members and relevant teams · Very good communications, presentation and negotiations skills · Technically innovative · Able to express technical and non-technical concepts in clear verbal and written English · Very good written skills to document complex concepts in a comprehensive, yet readable manner · Encourages people to be open and share their views · Considers a range of options that meet the needs of all stakeholders · Ability to use own initiative to solve technical problems · Delivery Focused · Takes responsibility for projects and strategic initiatives · Demonstrate clear and measurable results through the development of KPIs, goals and milestones · Drive innovation and best practice · Strive for standardization and simplification in all aspects of work · Able to balance the needs of the business against the desire for the best solution possible. AWS Security knowledge AWS Certified Experience building security solutions Experience with applications around AWS Professional IT Accreditations AWS Certified Solutions Architect, CISM, CCSA, CCSE, CISSP Minimum Education Required • 9 years+ in information security space; • Bachelor's degree in computer science, engineering or equivalent. Master's degree preferred; • One or more professional IT accreditations (AWS Certified Solutions Architect, AWS Certified Security Specialty, CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CCIE Security). Desirable • Background in publishing and knowledge of enterprise-level content management, related strategies and security challenges; • Well-rounded background in host, network, database, application security including mobile and web; • Knowledge of security best practices for mobile and web applications based on microservices and componentized UX strategy, secure session management for mobile and web applications; • Experience administering network devices, databases, and/or web application servers; • Highly self-motivated with the ability to identify areas of focus and tackle new challenges with or without direction; • Ability to work within a dynamic and fast paced international environment; • Experience implementing security controls in a self-service environment; • Experience driving a culture of security awareness; • Ability to express technical and non-technical concepts in clear verbal and written English.
Raleigh, NC, USA