Principal IT Security Architect (AppSec)

If you're passionate about building a better future for individuals, communities, and our country-and you're committed to working hard to play your part in building that future-consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

Job Profile Summary:

The Principal Security Architect is a position of technical expertise, influence, and leadership in the security technology realm. The Principal Security Architect is highly passionate and is a deeply technical Security

Expert to help the University and its employees develop sound security practices. WGU Principal Security Architects will deliver security solutions, risk and control guidance, lead proof-of-concept projects, and conduct workshops. Experience determining, verifying and documenting security flaws in accordance with industry best practice.

Essential Functions and Responsibilities:

• Work with developers as part of the Software Development Life Cycle

• Cultivate secure coding standards based on industry accepted frameworks.

• Understand how to identify, exploit, and remediate common application vulnerabilities through use of tools and code review.

• Prioritize and track assigned security issues.

• Enforce secure development standards and requirements.

• Familiarity with compliance & security standards across the enterprise IT landscape deep understanding of enterprise risk management methods and techniques to drive successful outcomes in a complex environment.

• Harden networks, containers, VMs, and other cloud infrastructure to reduce risk of cloud security misconfigurations.

• Write and implement policy-as-code to automate the enforcement of compliance and security configuration management.

• Working knowledge of cloud computing technologies.

• Familiarity with archive, backup/recovery and business continuity processes in distributed operations

• Demonstrated ability to think strategically about business, product, and technical challenges.

• Assist with penetration testing, incident handling/digital forensics, continuous monitoring, intrusion detection/prevention, vulnerability management.

• Functions equally well in abstract, conceptual, and architectural work as in granular technical implementation and configuration work.

• Participate in tactical projects as they arise to clarify and respond to identified security risks across different technical domains.

• Assist in the development of cloud security policies and procedures.

• Build and maintain relationships across the University to promote cloud security initiatives.

• Identify gaps in the University's security model, suggest solutions including tools and processes.

• Engage with security architects to capture design requirements for cloud architectures and implementation strategies.

• Create new processes, identify new threats and mitigation strategies.

• Performs other related duties as assigned.

Knowledge, Skill and Abilities:

• Experience with security industry standards and best practices. Proven experience with interpretation and implementation of those standards in a corporate environment.

• High integrity. Will be working with sensitive data.

• Operate Information security tools and processes.

• Execute established security practices with consistency and discipline.

• Hands on experience integrating security into the various stages of a CI/CD pipeline.

• Solid understanding of core AWS services including compute (EC2, ECS, Lambda), network (VPC, Subnets, Security Groups), storage (S3, EFS, EBS), database (RDS), and identity (IAM).

• Complete understanding of cloud security engineering principles as applied in the support of, and integration with, key business and strategic priorities.

• Ability to contribute new intellectual capital through deep knowledge and direct professional experience in a subject matter area or technical domain within this function.

• Experience maintaining cloud resources using infrastructure-as-code (CloudFormation, CDK, etc.).

• Scripting language experience (Bash, Python, etc.) with strong working knowledge of automation.

• Strong analytical and technical skills.

• Good written and oral communication skills.

• Knowledge of threat modeling and risk assessment strategies.

• Highly technical and analytical, possessing 7 or more years of IT implementation experience.

Competencies:

Organizational or Student Impact:

• Works proactively; anticipates and prevents highly complex problems crossing disciplines.

• Develops and establishes technical/business processes.

• Will provide highly innovative solutions for extremely specialized, complex technical issues.

• Fully understands and quantifies program risks with broad, significant impact.

Problem Solving & Decision Making:

• Develops and accomplishes goals and objectives independently.

• This individual builds, leads, and integrates multiple project teams and broad assignments, driving decisions and results.

• Provides strategy and guidance to develop technical talent.

• Sets and models high standards for effective interactions across groups.

Communication & Influence:

• This individual communicates with experts within and outside the organization related to significant advancements specific to technology.

• Works to influence others to accept and understand technical direction, new concepts, practices, and approaches. Requires ability to communicate and influence senior executive leadership regarding matters of strategic importance to the organization.

• Frequently conducts briefings to senior leaders both within and outside of the technical function.

Leadership:

• Responsible for providing guidance, coaching, and training to other employees across the University within an area of expertise.

• Typically, responsible for managing large, complex project initiatives or strategic importance solutions to the organization, involving large cross-functional teams.

• Individual may have direct reports, but generally fewer than three.

Job Qualifications:

Minimum Qualifications:

• The individual is acknowledged across groups as an expert in the area of technical discipline or thought leader.

• Typically requires a University Degree or equivalent experience.

• 12 years of prior relevant experience.

• Advanced degrees (Master's or PhD) may be required for certain disciplines and reduce the experience requirement by 2-4 years.

Department Specific Minimum Qualifications:

Preferred Qualifications:

• Strong experience with distance education and distance learning students is preferred.

• CISSP Certification

• Masters Degree in IT seucir9ity, compliance or risk management

• ISACA Certifications.

• Experience working with application security platforms

• Working knowledge of intrusion detection methodologies and techniques for detecting intrusions via intrusion detection technologies.

• Solid understanding of the AWS well architected framework with working experience on implementing the security pillar of the framework.

• CCSP, CCSK, CISSP and AWS certifications.

• Working knowledge of federated single sign on (SSO) solutions.

• Experience with designing and implementing native AWS security tools like Guard Duty, Security Hub, IAM access analyzer, Macie, Inspector, and WAF.

• Technical knowledge of securing containers and apply security controls to container orchestration platform

• Ability to assist in establishing a DevSecOps process using available AWS services

• Practical working experience establishing AWS IAM user groups, roles, and policies

Why join WGU?

• You will be part of a growing, diverse, inclusive workforce, committed to creating pathways to a better life for our students by expanding access to education for everyone

• We provide comprehensive dental, vision, and medical benefits, with paid parental leave and inclusive family forming benefits

• We offer generous retirement and HSA company contributions

• We offer paid time off, and depending on role, options for flexible and remote work

• You will also have opportunity for continuous learning! Employees and their families receive discounted undergraduate and graduate WGU tuition

*Current WGU employees must submit their internal application prior to 3/20/2023 to be considered for this position*

Disclaimer: This Job Description has been designed to indicate the general nature, essential duties, and responsibilities of work performed by employees within this classification. It does not contain a comprehensive inventory of all duties, responsibilities, and qualifications that are required of the employee to do this job. Duties, responsibilities and activities may change at any time with or without notice. This Job Description does not constitute a contract of employment and the University may exercise its employment-at-will rights at any time.

As an equal opportunity employer, we recognize our strength lies in our people and commit to creating an inclusive environment where all can thrive, regardless of race, age, gender orientation, sexual orientation, religion, or disability.

#LI-AW2

#LI-Remote

As an equal opportunity employer, WGU recognizes that our strength lies in our people. We are committed to diversity.