Description:
At CohnReznick, we’re united by a common mission to create opportunity, value, and trust for our clients, our people, and our communities. Whether it’s working alongside your peers to solve a client challenge, or volunteering together at the local food bank, there are so many ways to find your “why” at the firm.
We believe it’s important to balance work with everyday life – and make time for enjoyment and fun. We invest in a robust Total Rewards package that includes everything from generous PTO, a flexible work environment, expanded parental leave, extensive learning & development, and even paid time off for employees to volunteer.
YOUR ROLE.
Responsibilities Include But Are Not Limited To
- Conduct secure design reviews and threat modeling exercises for new projects, features, and architectural changes, ensuring alignment with industry standards, regulatory requirements, and organizational security policies
- Assess and ensure conformance to architectural standards, reduction of technical debt, and adaption of enterprise assets (systems, services and information) for key programs
- Collaborate closely with development teams to provide guidance and support in addressing security vulnerabilities discovered during design reviews, code reviews, and testing phases
- Develop and maintain secure reference architectures that serve as blueprints for designing and implementing secure systems and applications, tailored to the specific needs and technologies used within the organization
- Collaborate with DevSecOps on their test tools for SAST, DAST, IAST and run-time security controls applicable to both on-premise and Azure Cloud
- Work closely with cross-functional teams, including development, infrastructure, and compliance, to integrate security into the software development lifecycle and infrastructure provisioning processes
- Provide expertise and guidance on security-related matters, including encryption, authentication, access control, secure communication protocols, and data security
- Own develop standards for vulnerability management across systems
- Stay abreast of industry trends, emerging threats, and best practices in security architecture and design, and assess their applicability to the organization's security posture
- Identify opportunities within the business units where architecture is not meeting standards and provide a clear roadmap and prioritization for the business units to be aligned. Work directly with the teams as they introduce new technologies
- Stay current with emerging security threats, trends, and technologies, ensuring the firm's software development architecture remains robust and adaptive to evolving risks
- Collaborate with the CISO to develop security roadmaps aligned with business objectives and security principles
- Engage with stakeholders, including IT, legal, and compliance teams, to align security objectives with broader organizational goals
Your Experience.
The successful candidate will have:
- Infinite curiosity, analytical skills and attention to detail
- Familiarity with security frameworks such as NIST CSF, ISO 27001, CMMC
- Experience working with development and engineering teams to build security solutions
- Experience in all areas of cybersecurity, networking, on-premise and cloud applications
- Hands-on experience with threat modeling, risk assessments, and vulnerability management in hybrid IT environments
- Strong understanding of authentication, and authorization, including multi-factor, step-up, and single sign-on. Password-less is desired, but not required
- Strong understanding of encryption, specifically certificate and token-based cryptology
- Understanding of network protocols and topologies
- Experience with defense-in-depth strategies, understanding of incident response
- Experience with Python, Bash, PowerShell, JavaScript, SQL
- Exceptional communication and collaboration skills, with the ability to engage effectively with both technical and non-technical stakeholders
- Self-starter with the ability to work independently and lead strategic initiatives
- Adaptability to a fast-paced and dynamic work environment
- Minimum 5+ years of progressive experience in cybersecurity / information security with at least 2 years in a senior architect of equivalent role with a focus on secure coding practices, common vulnerabilities (e.g. OWASP Top 10)
- Degree in Computer Science/Information Systems/Cybersecurity, or equivalent related degree or work experience
- Relevant certifications such as CISSP, CISM, CCSP, or Azure Security Engineer are strongly preferred