Aderant has an exciting new opportunity for a Senior Security Architect to join our dynamic team!
Aderant is a global industry leading software company providing comprehensive business management solutions for law firms and other professional services organizations with a mission to help them run a better business. We are motivated by a collective desire to drive the legal industry to the forefront of innovation. With over 2,500 clients around the world, including 95 of the top AmLaw 100 firms, we are changing the outside perception of the legal sphere; where there was once resistance to modernization, we are creating a culture that embraces new ideas and technology.
At Aderant, the “A” is more than just a letter. It is a representation of how we fulfill our foundational purpose, serving our clients. It embodies our core values and reminds us that to achieve success, every day must start with the “A”. We bring the “A” to life by fostering a culture of innovation, collaboration, and personal growth. We encourage our diverse teams to bring their whole selves to work – ideas, experience, and passion – to drive our mission forward. Our people are our strength!
As a Senior Security Architect, you will report to the Senior Director of Cybersecurity, Governance, & Privacy and be responsible for designing, implementing, and maintaining the security architecture for our SaaS products and internal business systems. You will work closely with the Product Development, Engineering and Cloud Ops teams to establish and align the cloud security strategy, evaluate new systems, review proposed application changes, and provide guidance on application security and coding best practices.
This is a highly technical role that will require significant expertise in secure cloud architecture, secure software development best practices, and application and network security.
The ideal candidate is passionate about information security technology and is excited to play a foundational role in a highly respected team. They should be self-motivated and have effective communication skills to interact with all levels of the business including senior leadership.
Provide input to engineering, cloud operations, IT, and product teams on the design, architecture, development, configuration, and maintenance of secure enterprise technology and SaaS products throughout the product lifecycle.
Fortify our current cloud infrastructure and shape new cloud initiatives to support our applications.
Perform security architecture design reviews and threat modelling of our products (cloud and on-prem)
Provide guidance and consultation to teams to ensure that security requirements are met effectively and efficiently using the appropriate technologies.
Plan, research, and design security architecture for IT and Cloud systems.
Partner with development teams to communicate security requirements, review designs, and promote control frameworks to ensure secure goals are met.
Develop, review, and approve installation requirements for LANs, WANs, VPNs, firewalls, routers, and related network devices.
Determine security protocols by evaluating business strategies and requirements.
Act as a technical security SME and escalation point for technical information security-related issues.
Respond to and investigate security incidents and provide thorough post-event analyses.
Review the design and implement secure cloud architecture solutions, including VPC configurations, security groups, IAM policies, encryption mechanisms, Kubernetes infrastructure, and logging and monitoring for the cloud environment.
Spearhead compliance to secure coding standards via SAST, DAST, and SCA scanning within the SDLC.
Collaborate with development teams to remediate systemic security vulnerabilities and offer guidance on the prioritization of vulnerabilities and address systemic security issues effectively.
Disseminate security guidance on product architecture as well as newly identified security threats and vulnerabilities, and security industry advisories that may impact the development community.
Act as the technical point of contact for product teams as it relates to secure cloud architecture, CI/CD, and remediation guidance.
Explain technical positions/risks to business leaders, and business positions/risk to technical leaders to achieve appropriate security outcomes.
Research and evaluate emerging security trends, threats, and technologies, and recommend appropriate solutions and enhancements.
5+ years of experience with any combination of the following: threat modeling, secure coding practices, secure architecture, security engineering, identity management and authentication, cryptography, system administration and network security, cloud computing.
Experience with public, private, and hybrid cloud security controls in AWS and Azure.
Background in application and code security, with experience in implementing security in the software development lifecycle, including adherence with OWASP Top 10, OWASP Application Security Verification Standard, and SANS CWE Top 25. Ability to implement and integrate remediation strategies.
Knowledge of traditional Cybersecurity and technology architectures, including identity and access management, firewalls, network segmentation, server and appliance virtualization, web traffic management and security, comprehensive data protection, and logging and monitoring.
Knowledge of current Cybersecurity and technology architectures such as zero trust, IaaS, PaaS, SaaS, virtualization, containerization, DevOps, Agile, and software-defined networking across a variety of environments and deployments.
Ability to lead complex security projects from start to finish including stakeholder management and balancing business needs with security requirements.
Understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment.
Knowledge of common vulnerabilities and attack vectors, ubiquitous encryption technologies and common authentication protocols.
Experience using static, dynamic, and software composition analysis application security testing toolsets and contextualizing the risk of software flaws.
Experience securing containerized and serverless applications.
Advanced written and verbal communication skills, including the ability to respond directly via email or in person to client technical security inquiries and escalations.
Excellent problem-solving, critical thinking, interpersonal, and collaboration skills.
Ability to analyze security logs and identify potential threats
Ability to create comprehensive security documentation and reports
Preferred Qualifications:
Industry relevant certifications (e.g. CISSP, CCSP, CISM, CASP+, ISSAP, AWS Solutions Architect, Azure Cybersecurity Architect)
Understanding of or experience with industry and regulatory frameworks and standards, including but not limited to: ISO 27001 and 27002, AICPA SOC 1 controls and SOC 2 Trust Services Criteria, General Data Protection Regulation (GDPR) articles and recitals, and California Privacy Rights Act (CPRA).
Success in implementing effective Secure SDLC frameworks across a large corporation
Experience with Infrastructure as Code (IaC) tools including CloudFormation, CDK, and Terraform
Experience with incident detection, response, and recovery
Required Technical Experience:
Cloud security models and best practices
Cloud native security tools and services
Integration of security practices into CI/CD pipelines
CrowdStrike Falcon or similar tech
Network and Web Application vulnerability management solutions
SIEM products
Knowledge of data masking, tokenization, and secure data storage solutions
Automation of security testing and compliance checks
Software Powered by iCIMS
www.icims.com