Security Strategy and Architect

**Summary**:
Shape the Future of Global Security Engineering. Join our Security Engineering team, reporting to the Snr. Director of IT Security Architecture and Engineering, and play a pivotal role in shaping our security posture.

You’ll collaborate with all IT functions to establish consistent and effective security approaches spanning **cloud (AWS, Azure, ADO)**, **on-premises infrastructure**, and **end-user computing**. From adopting robust frameworks and architectural blueprints to pioneering the integration of new security technologies, you’ll be instrumental in ensuring the resilience and high performance of our security solutions—with the exciting opportunity to contribute directly to the organization's overarching security strategy.

**Responsibilities**:
**Description**

Define and guide the implementation of security architectures and engineering standards for global cloud environments (AWS, Azure, ADO) to ensure a robust security posture.Collaborate with Development, Operations, Enterprise Architecture, and Security teams to align security strategy with business objectives and regulatory requirements.Contribute to technical security discussions and working groups, promoting best practices and architectural patterns across environments.Architect, implement, and maintain secure cloud infrastructure and services using automation tools (Terraform, Snyk, AppCheck, security-as-code).Monitor and troubleshoot cloud security performance, availability, and incidents using cloud security monitoring platforms and SIEM integrations.Optimize security, resilience, scalability, and cost-effectiveness of cloud environments through design principles and best practices.Champion the security vision, strategy, policies, and capabilities with IT leadership, ensuring security enables business outcomes.Define long-term strategic direction for cloud security services and architectures in collaboration with IT leadership and partners.Define and maintain security-focused SLAs with partners and vendors.Ensure consistent adherence to organizational and regulatory security requirements across environments.Identify, review, and securely implement new IT solutions with security embedded throughout the lifecycle.Lead proactive threat protection efforts by architecting secure solutions, enforcing policies, and mitigating attack vectors.Maintain project and production schedules for cloud-related security initiatives and deployments.

**Education Requirement**:

- Completion of a bachelor’s degree in Information Systems/Technology or equivalent combination of education and work experience.

**Knowledge and Skills**:

- Extensive knowledge in designing, deploying, and supporting secure AWS and/or Azure cloud environments.
- Expertise in Infrastructure-as-Code (IaC) using **Terraform**.
- Solid understanding of secure CI/CD pipelines and integration within **Azure DevOps** using tools such as **Snyk**, **AppCheck**, and **Wiz**.
- Proficiency in threat modeling, risk assessment, and system analysis techniques.
- Strong knowledge of secure networking principles in cloud environments (network segmentation, firewalling, connectivity).
- Ability to explain complex security concepts clearly to both technical and non-technical stakeholders.
- Experience collaborating with cross-functional teams to integrate security practices.
- Expertise in analyzing workflows and defining security tasks to ensure compliance and efficiency.
- Strong understanding of security attack vectors and mitigation strategies across IT environments.
- In-depth knowledge of relevant security frameworks (NIST CSF, CIS Benchmarks) and compliance standards (ISO 27001, SOC 2, GDPR).
- Proven experience evaluating and implementing emerging security technologies.

**Experience Required**:

- Minimum **3 years** of experience in security architecture and engineering.
- Strong experience in securing cloud platforms:

- ** AWS**:

- IAM, Security Groups, NACLs, WAF, KMS, CloudTrail, Security Hub, GuardDuty, Inspector
- VPC security, Lambda security, S3/RDS security, CloudFormation
- ** Azure**:

- Azure AD, Microsoft Defender for Cloud, Azure Firewall, NSGs, Key Vault, Monitor
- Azure Policy, Sentinel, VNet, Azure Functions, Storage/SQL/ARM security
- ** Application Security**:

- Snyk, Wiz, AppCheck

**Decision Making / Interaction Requirements**:

- Contribute to the development of Crawford’s security strategy and cloud service adoption plans.
- Define and enforce security architecture standards and best practices.
- Align global cloud team efforts with business objectives and project timelines.
- Manage relationships with cloud providers and vendors to ensure optimal service levels.
- Identify and mitigate security risks, vulnerabilities, and compliance issues.

**Special Requirements / Certifications**:

- ** AWS and/or Azure certification preferred**, but not mandatory.