National Grid Security Solutions Architect, Security in Waltham, Massachusetts
Every day we deliver safe and secure energy to homes, communities, and businesses. We are there when people need us the most. We connect people to the energy they need for the lives they live. The pace of change in society and our industry is accelerating and our expertise and track record puts us in an unparalleled position to shape the sustainable future of our industry.
To be successful we must anticipate the needs of our customers, reducing the cost of energy delivery today and pioneering the flexible energy systems of tomorrow. This requires us to deliver on our promises and always look for new opportunities to grow, both ourselves and our business
The Security Solutions Architect serves as a security lead/visionary and will act as an expert in many areas of security, describing in business terms the impact of security policies, standards, technology standards and architecture on the business. This person will provide security direction to the program/project(s) based on the business requirements and focus areas.
The Security Solutions Architect must be able to interpret high level business requirements and communicate them to highly technical security engineers; conversely, they must also be able to articulate highly technical issues to a non-technical business audience.
The Security Solutions Architect is to provide minimum security requirements and to ensure that the delivered solution is fit for purpose and effective when transitioned in to service. The Security Solutions Architect will identify security services to be integrated into the overall solution and work with the security tower teams to ensure implementation of the servicesTo serve as a security lead/visionary and act as an expert in many areas of security; to describe in business terms the impact of security policies, standards, and architecture.
o Providing a security service steer to the program, on security related matters.
o Ownership and definition of the security scope/architecture for a variety of projects deployed globally
o Drive security requirements, architectures, patterns and approaches via the company's processes.
o Day to day engagement with development teams to advise and consult on security matters
o Work closely with project teams, DevOps teams to ensure solution complies with baseline security requirements
o Removing impediments for the successful delivery of the security related solutions
o Provide technical security input as required by the security policy development team.
o Coordination of technical design/review activities with various segments within the Security team.
o Accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business.
o Accountable for ensuring residual risk is captured and owners are identified and accept the risks.
Knowledge and Capabilities:
• Security Technology
o Appreciation of wider information security related principles, likely to be gained in industry or from a consultancy background.
o Skilled in creating technology standards and experience with presenting security requirements and necessary security services to the security and/or enterprise governance boards for acceptance and approval.
o Proven experience in cloud security solution, Azure hands on experience preferred
• Security Services
o Knowledge of Cloud fundamentals - Design Patterns, Shared Security, Monitoring.
o Experience with cloud-based security controls (secure web gateway, next gen firewall, cloud access security broker).
o Strong background in defining security requirements across network, database, operating system and application.
o Good understanding of security testing process SAST/DAST/Vulnerability Assessments/DevSecOps pipeline/Pen testing etc.
o Knowledge on security solutions such as IDS/IPS, secure remote access, firewalls, encryption, secure protocols, data protection, data loss prevention and identity management solutions.
o Strong knowledge of data and information flows, information governance, network protocols.
o Knowledge of security hardening techniques and policy development, particularly operating system hardening (e.g. Windows, UNIX, Oracle).
o Experience in integration with a SIEM, or working within a system monitoring environment.
o Experience in vulnerability and risk management processes
• Project Engagement
o Experience of incorporating security controls at each stage of the software development lifecycle process
o Experience of designing and managing security controls within service providers and the cloud.
o Proven track record of successfully delivering business requirements to time and budget constraints.
o Familiar with contract management, ensuring security controls are referenced within the agreement
• Collaborative Working
o Strong communication (Written and Verbal), leadership and partnering skills.
o Able to demonstrate a high degree of credibility and influence senior stakeholders within the Organization.
o Prepared to challenge the program and IS colleagues and have the “difficult conversations” where needed in the interests of National Grid
o Able to operate as a highly independent worker and as part of a strong team/collaborative approach
• Preferably somebody who has done hands on IT in the past and understands the pragmatic approach sometimes required.
• Educated to degree level (or equivalent combination of education and experience).
• Security Qualifications such as Azure Security Associate/Azure Solution Associate/CISSP/CCSP/ etc.
• Information Security Certifications/Qualifications such as CISSP and MSc Information Security preferred but not necessary for this role
This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Internal candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.
National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team