Principal Cybersecurity Solution Architect II

Description

Principal Cybersecurity Solution Architect II

Syneos Health® is a leading fully integrated biopharmaceutical solutions organization built to accelerate customer success. We translate unique clinical, medical affairs and commercial insights into outcomes to address modern market realities.

Every day we perform better because of how we work together, as one team, each the best at what we do. We bring a wide range of talented experts together across a wide range of business-critical services that support our business. Every role within Corporate is vital to furthering our vision of Shortening the Distance from Lab to Life®.

Discover what our 29,000 employees, across 110 countries already know.

WORK HERE MATTERS EVERYWHERE

Why Syneos Health

• We are passionate about developing our people, through career development and progression supportive and engaged line management technical and therapeutic area training peer recognition and total rewards program.
• We are committed to our Total Self culture - where you can authentically be yourself. Our Total Self culture is what unites us globally, and we are dedicated to taking care of our people.
• We are continuously building the company we all want to work for and our customers want to work with. Why Because when we bring together diversity of thoughts, backgrounds, cultures, and perspectives - we're able to create a place where everyone feels like they belong.

Job Responsibilities

JOB SUMMARY

The Cyber Security Principal Solution Architect will be responsible for transforming the way Syneos Health protects applications, software and code that it uses to support the company to accelerate patient therapies to market and thereby increase cyber threat resiliency.

This role will be a member of the Office of the CISO and a member of enterprise security architects. As a key subject matter expert and leader within the team, this role will use a data and risk-based approach to driving enterprise initiatives, formulating requirements, patterns, and solutions to achieve risk mitigation. To be successful, this role will act as a technical influencer, build cross-functional and organizational partnerships to deliver modern security engineering and operational solutions.

As an architect you will partner with the software engineering organization to design software security solutions, participate in proof of concepts and enable the engineering organization to deliver secure, operational solutions. The role will own the software security program and initiatives and be responsible for reporting on progress to leadership and stakeholders.

The scope of responsibility includes but not limited to supporting the transformation of security engineering into the early phases of enterprise delivery through defined Secure SDLC, Source code management, application security, and the transformation of DevSecOps across the enterprise.

The role will bring an everything-as-code security mindset to be applied across applications, API's and platform engineering.

To be successful, the role will need to define and identify technical and business risks along with enterprise requirements that can be consumed by a shared-responsibility model for engineering and operational controls. Be a transformation agent by advocating for modern secure engineering principles and automation.

Excellent oral and written communication skills, as well as effective organizational abilities, are essential due to the detailed and time-bound nature of the work and the extensive collaboration with others.

JOB RESPONSIBILITIES

o Use a data-driven approach to identifying areas of risk

o Publish metrics and KPI's

o Set enterprise requirements for secure software development based on common cyber security frameworks such as NIST, Hitrust, CSF. SafeCode, OWASP etc

o Contribute to enterprise security policies and standards.

o Evolve Secure SDLC standards and processes

o Define, own, and drive the company's software security strategy and roadmap, acting as the key security voice for software security

o Promote DevSecOps solutions and culture

o Establish secure code management practices

o Improve automated CI / CD pipelines with appropriate security services

o Automate enterprise security requirements into backlogs

o Champion cloud application and platform security engineering practices.

o Delivery enterprise security patterns for software engineering

o Participate in Proof of Concepts with the software engineering organization .

o Being a strategic advisor in software security.

o Being a transformation agent in promoting a modern security engineering mindset.

o Performing design reviews to identify security architecture flaws.

QUALIFICATION REQUIREMENTS

What we are looking for :

5-7 years of experience in software security or related roles.

Proven track record building and transforming secure software and platform engineering practices

Building road maps and creating initiatives to address enterprise goals.

Experience partnering with engineering teams to achieve security goals.

Strong familiarity with source code management

Strong familiarity software exploitation techniques and Mitre @ttack framework.

Strong knowledge of cloud platform security (AWS, Azure, Oracle Infrastructure Cloud)

Someone with strong engineering mindset that software engineering experience

Experience implementing pipeline automation and source code management

Additional standout skills :

Hands-on experience with modern engineering technologies such as Kubernetes and Containers

Experience with securing Terraform or other IaC platforms

Delivered secure coding practices to large engineering teams

Familiar with API Security

Enabling DevSecOps within large organizations

Education.

Security Architecture TOGAF / SABSA

Cloud security certifications for OCI, AWS or Azure (Azure preferred)

Get to know Syneos Health

Over the past 5 years, we have worked with 94% of all Novel FDA Approved Drugs, 95% of EMA Authorized Products and over 200 Studies across 73,000 Sites and 675,000+ Trial patients.

No matter what your role is, you'll take the initiative and challenge the status quo with us in a highly competitive and ever-changing environment. Learn more about Syneos Health.

Additional Information

Tasks, duties, and responsibilities as listed in this job description are not exhaustive. The Company, at its sole discretion and with no prior notice, may assign other tasks, duties, and job responsibilities. Equivalent experience, skills, and / or education will also be considered so qualifications of incumbents may differ from those listed in the Job Description. The Company, at its sole discretion, will determine what constitutes as equivalent to the qualifications described above. Further, nothing contained herein should be construed to create an employment contract. Occasionally, required skills / experiences for jobs are expressed in brief terms. Any language contained herein is intended to fully comply with all obligations imposed by the legislation of each country in which it operates, including the implementation of the EU Equality Directive, in relation to the recruitment and employment of its employees. The Company is committed to compliance with the Americans with Disabilities Act, including the provision of reasonable accommodations, when appropriate, to assist employees or applicants to perform the essential functions of the job.

Summary

JOB SUMMARY The Cyber Security Principal Solution Architect will be responsible for transforming the way Syneos Health protects applications, software and code that it uses to support the company to accelerate patient therapies to market and thereby increase cyber threat resiliency. This role will be a member of the Office of the CISO and a member of enterprise security architects. As a key subject matter expert and leader within the team, this role will use a data and risk-based approach to driving enterprise initiatives, formulating requirements, patterns, and solutions to achieve risk mitigation. To be successful, this role will act as a technical influencer, build cross-functional and organizational partnerships to deliver modern security engineering and operational solutions. As an architect you will partner with the software engineering organization to design software security solutions, participate in proof of concepts and enable the engineering organization to deliver secure, operational solutions. The role will own the software security program and initiatives and be responsible for reporting on progress to leadership and stakeholders. The scope of responsibility includes but not limited to supporting the transformation of security engineering into the early phases of enterprise delivery through defined Secure SDLC, Source code management, application security, and the transformation of DevSecOps across the enterprise. The role will bring an everything-as-code security mindset to be applied across applications, API's and platform engineering. To be successful, the role will need to define and identify technical and business risks along with enterprise requirements that can be consumed by a shared-responsibility model for engineering and operational controls. Be a transformation agent by advocating for modern secure engineering principles and automation. Excellent oral and written communication skills, as well as effective organizational abilities, are essential due to the detailed and time-bound nature of the work and the extensive collaboration with others.

Skills Required

Terraform, Containers, DevSecOps, Kubernetes, Application Security, API Security, secure sdlc