Cyber Security Architect
Technology | Los Angeles, CA | Full Time
We are currently hiring for a dynamic and collaborative Cyber Security Architect!
At Verifi, you will be part of a dynamic environment that supports interdepartmental collaboration, fuels creativity and provides you with an opportunity to take ownership and play an intricate part in our company’s success.
You will work alongside the brightest and most remarkable individuals in the industry and you will have an immediate impact on our aspirations for global domination and disruption of the payments space. And you will do all this, while challenging your career, giving back to the community and creating new friendships.
Join Verifi and you join the leader in the eCommerce marketplace for payment and risk management.
In this role, you will be responsible for ensuring that our systems are designed and implemented according to corporate security policies and best security practices. As a key liaison with our Compliance and Information Security department, you will translate their requirements into well-architected solutions and work within the Technology department to implement them. This position requires strong experience in performing penetration testing and vulnerability management/assessment services for applications, network systems, operating systems and database/storage solutions. Candidate should have experience with black box, grey box, and white box testing. Additionally, they should have the ability to manually perform vulnerability tests (not be reliant upon commercial security tools) as well as heavy experience with exploitation.
High level job responsibilities will include, but are not limited to, the following:
- Perform internal and external vulnerability assessments as well as penetration
- Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases
- Perform network reconnaissance and security forensics on systems
- Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
- Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
- Understand complex business and information technology management processes
- Execute advanced services and supervise staff in delivering basic services
- Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
- Understand clients' business environment and basic risk management approaches
- Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche products and service lines
- Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions
- Generate innovative ideas and challenge the status quo
- Build and nurture positive working relationships with clients with the intention to exceed client expectations
- Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services
- Work with Compliance and Technology teams to understand application or service requirements, then translate those into securely designed enterprise solutions.
- Participate in systems design efforts to provide a security perspective and architectural guidance.
- Perform ongoing evaluations of systems, processes, and procedures for any security concerns, and recommend appropriate improvements.
- Keep the CTO, Security Director, and other management apprised of the security status of our environments and systems.
- During audits and remediation efforts, e.g. PCI, coordinate the timely production of technical evidence and implementation of any remediation tasks.
- Assess third-party solutions and the associated implementation/integration effort when needed.
- Educate the software development team on coding best practices and test strategies.
- Build, deploy, and track security measurements for our computer systems and networks.
- Design infrastructure to alert the technical and security teams of detected vulnerabilities and intrusion attempts.
- Maintain knowledge of financial industry trends, current security issues, security best practices, and new security technologies
Required qualifications include:
- Bachelor's Degree or equivalent in Computer Science, Software Engineering or related
- Minimum 7 years of experience in a technical security role, preferably in a PCI environment
- Experience in enterprise security architecture including review, design, implementation, and operations.
- Knowledge of computer forensics, including determining the source of an incident and preserving evidence.
- Deep understanding of security considerations for web-based services in a mixed environment that includes Linux, Windows, VMs, and Docker containers.
- Familiarity with MySQL security topics.
- Thorough understanding of network topologies, protocols including SMB and TLS, firewalls, ACLs, and VPNs.
- Expertise with Windows security topics, including Active Directory; OS, patch, and system management; VDI; and malware protection.
- Strong familiarity with a majority of the following: AWS security concepts, encryption and key management, data leakage prevention, intrusion prevention and intrusion detection systems, web application firewalls.
- Hands-on experience with security testing tools, such as Metasploit, Wireshark, Nessus, nmap, etc.
- Ability to read and analyze network packet captures
- Experience with security forensic analysis
- Experience with firewall, router, and switch security
- Knowledge of security best practices: NIST, CIS, Cisco, Juniper, Checkpoint, Microsoft, Unix/Linux, etc
- Experience with virus analysis, malware analysis and honeypots
- Knowledge of security auditing techniques
- Knowledge of computer control environments
- Ability to perform vulnerability assessments and penetration testing using manual testing techniques, scripts, commercial and open source tools
- Experience in exploiting vulnerabilities
- Ability to read, write and modify scripts
- Experience with network reconnaissance
- Experience with OWASP
- Experience with wireless penetration testing
- Experience with password cracking
We are located in Los Angeles and offer:
- Work from home Friday's!
- Dynamic, stimulating and open environment with opportunity for personal development.
- Medical, Dental, Vision, Life Insurance
- 401k w/ match, Paid Time Off, and Paid Holidays
- Paid parking and complimentary food
- Socially conscious and community oriented company
- Energized employment filled with activities and events
- Competitive Base Salary, plus bonus, and stock options