Cybersecurity Solutions Architect

Job Description

Job Responsibilities JOB SUMMARY The Cyber Security Solution Architect will be responsible for transforming the way Syneos Health protects applications, software and code that it uses to support the company to accelerate patient therapies to market and thereby increase cyber threat resiliency. This role will be a member of the Office of the CISO and a member of enterprise security architects. As a key subject matter expert and leader within the team, this role will use a data and risk-based approach to driving enterprise initiatives, formulating requirements, patterns, and solutions to achieve risk mitigation. To be successful, this role will act as a technical influencer, build cross-functional and organizational partnerships to deliver modern security engineering and operational solutions. As an architect you will partner with the software engineering organization to design software security solutions, participate in proof of concepts and enable the engineering organization to deliver secure, operational solutions. The role will own the software security program and initiatives and be responsible for reporting on progress to leadership and stakeholders. The scope of responsibility includes but not limited to supporting the transformation of security engineering into the early phases of enterprise delivery through defined Secure SDLC, Source code management, application security, and the transformation of DevSecOps across the enterprise. The role will bring an everything-as-code security mindset to be applied across applications, API s and platform engineering. To be successful, the role will need to define and identify technical and business risks along with enterprise requirements that can be consumed by a shared-responsibility model for engineering and operational controls. Be a transformation agent by advocating for modern secure engineering principles and automation. Excellent oral and written communication skills, as well as effective organizational abilities, are essential due to the detailed and time-bound nature of the work and the extensive collaboration with others. JOB RESPONSIBILITIES Mature and modernize the enterprise software security program and initiatives to manage risks and enable technology solutions: o Use a data-driven approach to identifying areas of risk o Publish metrics and KPI s o Set enterprise requirements for secure software development based on common cyber security frameworks such as NIST, Hitrust, CSF. SafeCode, OWASP etc o Contribute to enterprise security policies and standards. o Evolve Secure SDLC standards and processes o Define, own, and drive the companys software security strategy and roadmap, acting as the key security voice for software security Partner with software and platform engineering teams to: o Promote DevSecOps solutions and culture o Establish secure code management practices o Improve automated CI/CD pipelines with appropriate security services o Automate enterprise security requirements into backlogs o Champion cloud application and platform security engineering practices. o Delivery enterprise security patterns for software engineering o Participate in Proof of Concepts with the software engineering organization . Educate and drive engagement of modern secure software principles within the organization by: o Being a strategic advisor in software security. o Being a transformation agent in promoting a modern security engineering mindset. o Performing design reviews to identify security architecture flaws. QUALIFICATION REQUIREMENTS What we are looking for: 5-7 years of experience in software security or related roles. Proven track record building and transforming secure software and platform engineering practices Building road maps and creating initiatives to address enterprise goals. Experience partnering with engineering teams to achieve security goals. Strong familiarity with source code management Strong familiarity software exploitation techniques and Mitre @ttack framework. Strong knowledge of cloud platform security (AWS, Azure, Oracle Infrastructure Cloud) Someone with strong engineering mindset that software engineering experience Experience implementing pipeline automation and source code management Additional standout skills: Hands-on experience with modern engineering technologies such as Kubernetes and Containers Experience with securing Terraform or other IaC platforms Delivered secure coding practices to large engineering teams Familiar with API Security Enabling DevSecOps within large organizations Education. Security Architecture TOGAF/SABSA Cloud security certifications for OCI, AWS or Azure (Azure preferred)