Cloud Security Architect
New York, NY

Job Description

Summary

The Cloud Security Architect will design and develop Cloud Security Architecture, controls for public and hybrid cloud systems. This is hands-on position with will directly contribute to the execution to Lazard's business and technology transformation strategy, cloud architecture and lead design and implementation of security controls around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS).

Cloud Security Architect will serve as the central point of contact for Information Security for Information Technology, Application and Infrastructure and LOBs teams within the organization for all matters related to cloud security.

Cloud Security Architect is responsible for driving the adoption of the culture, practices, processes and tools that will enable the Data Science team to securely adopt DevOps practices.

The successful candidate will have a deep understanding of Cloud, DevOps and the various points at which development and operations could be improved by culture, practices, and automation to improve the stability, security, resiliency, efficiency and speed of development.

The Cloud Security Architect will partner with Information Technology and Business Support to:

* Develop Cloud Deployment/Architecture, Cloud Security and Controls Framework aligned to security frameworks CSA, CIS and NIST for multi-cloud environment.
* Design and develop security architectures for cloud and cloud/hybrid based systems. Possess a firm understanding of the offerings within Amazon Web Services (AWS), Microsoft Azure platforms and SaaS applications such as O365, Dynamics, SalesForce, Slack, Box.
* Design and implement cloud-native architectures and designs that will allow those requirements to be met with a minimal degree of risk to Organization and with appropriate security controls present.
* Designing and Developing Cloud-specific security policies, standards and procedures e.g. Identity and Access Management (SSO, SAML), and Privilege Management, Firewall management, SSL/IPSec, Encryption Key Management (BYOK), Security incident and event management (SIEM), Data protection (DLP, encryption), Vulnerability Management in partnership with Infrastructure Services, and Application Development.
* Conducting cloud security analysis of prospective clients Cloud platforms/environments based on Industry best practice Cloud Cyber Risk Framework.
* Performing Cloud Security Assessments of Cloud platforms/environments using industry standard frameworks such as ISO, CSA-CSM and NIST.
* Executing on Cloud security engagements during different phases of the lifecycle assess, design, and implementation.
* Troubleshooting system level problems in a multi-vendor, multi-protocol network environment.
* Develop and improve communication, collaboration, and integration between Data Science developers, Information Security, and IT operations
* Automate the application delivery pipeline and develop core services that automate steps where manual activities currently exist
* Adoption of SDLC worfklow (JIRA), Automated security scanning, Automated deployment (AIM)

Support the adoption of Agile methodology across Information Security in partnership with Application Development LOBs.

Qualifications

* 5+ years experience with Cloud platforms such as Amazon Web Services (AWS), Azure, Google Cloud Platform, O365
* 5+ years of experience driving the adoption of and achieving successful DevOps practices across organizations
* 5+ years experience with Security Architect and/or Engineering.
* 5+ years of experience with agile development (Scrum, Kanban, etc.)
* Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development (Application Security), data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments
* Experience with service-oriented architecture for cloud-based services.
* Working knowledge of common and industry standard cloud-native/authentication mechanisms (OAuth, OpenID, etc).
* Experience with Privilege Account management (CyberArk) preferred.
* Experience with perimeter security and firewall technologies (Cisco, Fortinet) preferred.
* Experience with Golden Image pipeline implementation preferred.
* Experience with Infrastructure as Code Automation (Terraform, CloudFormation, ARM) preferred.
* Experience with Application and Infrastructure code scanning (Inspec, HubbleStack, Veracode, SonaType) preferred.
* Experience with Log management and monitoring (Sumologic) preferred.
* Experience with Container technologies (Docker, Kubernetes, EKS, AKS) preferred.
* Experience with deployment orchestration, automation, and security configuration management (Jenkins, Ansible, Packer) preferred.
* Experience with Vulnerability Management (Rapid7) preferred.
* Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
* Experience with enterprise applications (architecture, development, support, and troubleshooting).
* Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
* Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.
* Experience with enterprise architecture and working as part of a cross-functional team to implement solutions.
* Strong interpersonal and communication skills; ability to work in a team environment
* Ability to work independently with minimal direction; self-starter/self-motivated
* Proven ability to work creatively and analytically in a problem-solving
* Excellent communication (written and oral) and interpersonal skills
* Demonstrated and strong leadership and management skills
* CISSP, AWS, Azure certifications preferred.

About Lazard

Lazard, one of the world's preeminent financial advisory and asset management firms, operates from 43 cities across 27 countries in North America, Europe, Asia, Australia, Central and South America. With origins dating to 1848, the firm provides advice on mergers and acquisitions, strategic matters, restructuring and capital structure, capital raising and corporate finance, as well as asset management services to corporations, partnerships, institutions, governments and individuals. For more information on Lazard, please visit www.lazard.com. Follow Lazard at @Lazard