Security Architect

Security Architect

Location: Greater Los Angeles, CA

• Work alongside other architects as core team member of the platform architecture team and be recognized as expert in the Security domain of the architecture
• Ensure that the solution addresses both functional and non-functional needs, and adheres to enterprise guidelines for consistency, scalability, security, and reliability
• Build technology strategy documentation and architecture artifacts
• Perform a feasibility study of security products and platforms to define which is the most suitable and viable to support on our platforms.
• Assess the security considerations of compute, storage, messaging/API, and networking layers of the system across the solution platform being built
• Document all the security requirements or changes needed to the compute, networking and Storage management layers
• Identify and document all the requirements for avionics/aircraft loading and offloading components
• Identify and document all the security requirements for running various virtualization & containerization platforms
• Drive/Assist with work toward achieving security certifications of the solutions

• Proven hands-on experience on IoT platforms design and operation, embedded and real-time systems.
• Familiarity with hardware based security techniques including system-on-chips.
• Familiarity with security implementation techniques and development of security testing for IoT like devices
• Experience with commercial PKI, Threat Management and SIEM Solutions

• Expert knowledge of the security controls used to enforce various levels of confidentiality, integrity, and availability.
• Previous experience with designing and/or testing aircraft avionics systems as well as knowledge of civil aviation certification regulations and processes.
• Considerable expertise or experience in at least one of following security domains (Threat Modeling, SAST, DAST, Offensive Red Teaming or Penetration Testing, Authentication & Public Key Infrastructure (PKI), Vulnerability Management, Data Security or Cryptography).
• Strong knowledge of the concepts, principles, structures, and standards used to design, implement, monitor, and secure hardware designs such as Secure Boot, Trusted Boot, Measured Boot, Secure Enclave, Trusted Platform Module (TPM), Real Time Operating Systems (RTOS), hardware based encryption, trusted execution, Public Key Infrastructure (PKI), Vulnerability Management, etc.
• Experience working with Linux, SELinux, Xilinx and NXP processors is preferred

Experience with C, C++, Python, Assembly, etc.

• Understanding/Knowledge of global frameworks and standards like NIST, FIPS, RTCA DO-178C, DO-326A, DO-355, DO-356A, ISO 27001/27002, ITIL, GDPR, DFARS, etc.
• Technical certifications are not required but considered an asset are: CISSP, ISSAP, ISSEP, GCIH, GCIA, GCFA, GPEN, GCFE, CCNA, CCNP, CEH, Security+.

• Strong collaboration skills working cross functionally with internal and external customers
• Experience presenting to broad audiences from technical to executive level
• Ability to formulate and communicate ideas clearly in a business environment, including presenting in front of varied internal and external audiences
• Experience building ecurity Architecture and Infrastructure for distributed and disconnected systems
• Experience with PII based systems and knowledge of PCI DSS, PSD2 is preferred

• Experience with Microsoft Azure, AWS and Google Cloud Platform and Technologies

• Experience with Feature-rich web applications
• Experience with Streaming and AVOD applications is a plus
• Demonstrated experience architecting solutions with one or more compliance frameworks.
• Five or more years working in a distributed and heterogeneous computing environment (Linux, Windows).
• Experience in transforming legacy systems to global – common solutions.

• Infrastructure and virtualization technologies on embedded and edge computing systems
• Experience building infrastructure for embedded and edge computing system
• Experience working on Open Stack platform
• Any relevant certification: CISSP, CCSP, or similar; Linux Certification