The job of cybersecurity architect is a senior-level position responsible for planning, designing, testing, implementing and maintaining an organization’s computer and network security infrastructure. The role requires thorough knowledge of the employer’s business and a comprehensive understanding of the technology it uses to conduct operations.
Several key attributes of an effective cybersecurity architect include:
- The ability to think like a malicious hacker to anticipate and defend one’s organization against information security risks
- The ability to think like a business executive, manage security team members and communicate effectively with key stakeholders
- The experience and technical expertise to build security infrastructure from scratch or update existing systems in response to ongoing changes in the security landscape, including new risks and adherence to applicable regulations
Technical skills and knowledge:
- Knowledge of ISO 27005
- Basic Penetration Testing skills
- Knowledge of Network and System Administration
- Fluent in English
The duties of a cybersecurity architect may include the following:
- Design, build, implement and support enterprise-class security systems
- Align organizational security strategy and infrastructure with overall business and technology strategy
- Identify and communicate current and emerging security threats
- Design security architecture elements to mitigate threats as they emerge
- Plan, research and design robust security architectures for any IT project
- Perform or supervise vulnerability testing, risk analyses and security assessments
- Create solutions that balance business requirements with information and cybersecurity requirements
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers
- Test security systems to ensure they behave as expected
- Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications
- Provide supervision and guidance to a security team
- Define, implement and maintain corporate security policies and procedures
- Train users in implementation or conversion of systems
- Regularly communicate vital information, security needs and priorities to upper management
Technical skills and knowledge:
- Windows, UNIX and Linux operating systems
- VB.NET, Python, C/C++/C#, Java/J2EE, ColdFusion, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle
- Thorough understanding of relevant industry security standards and protocols including ISO27001 and National Institute of Standards and Technology (NIST); Control Objectives for Information and Related Technologies (COBIT); Committee of Sponsoring Organizations (COSO) of the Treadway Commission, a joint initiative to combat corporate fraud
- The ISO 27001 specifications for an information security management system
- Router, switch and VLAN security; wireless security
- Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies
- Fluent in English
Certifications like CISSP, GDSA or similar are a big plus.
Minimum requirement: Bachelor degree in Computer Engineering or similar