Enterprise Security Architect

Position Description

This position is responsible for the overarching design of security solutions and systems to ensure the protection, integrity and confidentiality of customer, vendor, employee, and business information in compliance with organization policies and standards and have a consistent technical direction.

The Security Solutions Architect will utilize proven consulting skills to deliver security architecture, design and engineering services with a specific focus on the security domain. Ensures security solutions are aligned effectively with CarMax’s evolving business strategies and information technology capabilities. Provide project architecture direction to create conceptual and logical designs and supporting documentation ensuring the security concerns are represented throughout Act as a security subject matter expert, utilizing current information security technology disciplines and industry standards to ensure confidentiality, integrity and availability of CarMax’s information assets. Provide strong expertise in Information Security support including compliance driven initiatives. Deliver “hands-on” security architecture expertise in information security disciplines in support of the CarMax Environment. Stay abreast of security trends and new technologies that will enhance CarMax’s current and future data security architecture. Perform security related services and process assessments and evaluations based on NIST, OWASP, ISO and ITIL standards and guidelines for all Change and project initiatives across multiple technologies, platforms and legacy systems. Responsible for leading and directing security components throughout systems development lifecycle including requirements definition, proposal development, functional, non-functional, technical design, vendor analysis and selection, construction and testing with strong disciplines across networks, application security, Middleware, database security with risk identification and enterprise wide tokenization/encryption: VPN technologies such as PKI, IKE, IPSEC, SSL/HTTPS and digital certificate management. Utilize information security tools to identify potential threats, dynamic and static scans for vulnerabilities and respond to security violations. Participate in IT security audit activities both internal and external, ensuring compliance to Federal regulations, Sarbanes-Oxley, Data Privacy acts and Payment Card Industry standards.

PRIMARY DUTIES AND RESPONSIBILITIES

Security Methodology:

  • Ability to design complex security systems that impact multiple infrastructure domains across IT Operations and Development teams
  • Champion of the methodology by demonstrating ownership of the design aspects of the operations lifecycle
  • Passionate about supporting & ownership of all areas of security systems
  • Consistently shows the ability to mentor others in the production of all artifacts required of an Engineer, Analyst or Principal Analyst
  • Analyze business and technical requirements to determine system design requirements, identify potential issues, and perform cost analysis related costs to each project.
  • Ability to strategically analyze the risks, benefits and opportunities associated with a proposed design or solution
  • Broad understanding of the business processes implemented across organization.
  • Able to effectively estimate time required for technical efforts for projects of all sizes

Technical Expertise:

  • Responsible for reviewing and mentoring the successful work of others in evaluating the business objectives, detailing security user stories/requirements and generating technical specifications for all security systems within IT operations.
  • Demonstrated ability to design and implement security infrastructure, applications, networks, systems and equipment that impact multiple environments across all of IT.
  • Proven experience designing modifications to existing systems, designing reusable components, and elimination of redundancy in designs throughout IT Operations.
  • Demonstrate technical infrastructure architectural knowledge, playing a vital role in design of production, staging, QA and development infrastructures running in a 24×7 environment
  • Experience in multiple large projects in leading the definition, selection, and implementation of security tools, technologies, and processes
  • Establishes level of service standards and operating procedures for overall security system availability and individual system components
  • Produce design documents to effectively hand over to other departments for successful implementation
  • Knowledge of current and emerging industry technologies

Customer Interaction and Business Knowledge:

  • Ability to understand the business requirements as well as provide a proposal of the appropriate security solution
  • Broad understanding of the business processes supported across all team’s environments
  • Ability to lead customer/project meeting(s) for project definitions, needs assessments and design reviews that impact all areas of a team’s systems
  • Drives architectural consensus with the team while maintaining awareness with other teams

Leadership:

  • Able to influence the security technical direction of others in order to drive all projects to successful completion within the architectural standards and guidance
  • Proven ability to effectively communicate architectural standards and leading practices
  • Ability to develop and deliver technical training and business understanding for engineers and analyst.
  • Ability to drive through obstacles and time constraints to successfully deliver a project to completion

Additional Responsibilities:

  • Partner with the Architecture team to gain consensus and establish security architecture standards, patterns, policies, and leading practices
  • Investigating new technologies and techniques and researching ongoing industry developments
  • Assist in forecasting security technology implementation budgets

SPECIALITIES:

Security Systems:

  • Network security technologies: Firewalls, Network Access Controls, Intrusion Detection, Intrusion Prevention, wireless security
  • Vulnerability management: Application Firewalls, SEIM, Anti-Virus, penetration testing
  • Data Loss Prevention, Secure coding and configuration standards
  • VPN technologies such as PKI, IKE, IPSEC, SSL/HTTPS and digital certificate
  • Web Application security
  • Tokenization and encryption solutions

Enterprise Systems:

  • Windows server and Red Hat Enterprise Linux Operating Systems
  • Active Directory Services
  • Mobile Device Management (MDM)
  • End User Computing
  • Citrix
  • Remote access
  • VMware
  • SAN
  • .net

Position Requirements

  • Proven ability to effectively communicate concepts to a broad based team
  • In-depth experience with security architecture design concepts and techniques and the ability to communicate those concepts to a broad based audience
  • Experience in creating and designing security solutions throughout the team’s environment and effectively communicating the rationale behind the designs
  • Broad understanding of all aspects of the team’s technical infrastructure requirements including scalability, and usability
  • Proven experience with working effectively with multiple areas of the business community in order to gather requirements and translate those requirements into architectural designs
  • Work with consultants to guide the security technology direction in order to meet the security architectural strategy
  • Demonstrated ability to compare and contrast alternative approaches to meet objectives while assessing risk both quantitatively and qualitatively
  • Possess strong organizational and time management skills
  • Demonstrated flexibility

Education and/or Experience:

Typically 10+ years within Information Technology with a concentration on Information Security, Application Security. Security design and implementation experience required.

4 year bachelor’s degree in Computer Science or IT related course of study preferred

Experience in a broad range of IT systems (see Specialties section) required

In depth knowledge of information security industry frameworks and standards NIST, OWASP, ISO-27001/2, SANS, Cobit and ITIL

Information security practices such as PCI, ITGC’s, HIPAA and Privacy

Security certifications (CISSP, CISM, MCSE, Security +, CCNA or CCNP) preferred.


Back to top