Security Architect
Gamestop, Inc.

Job Info

---

Description:

SUMMARY

Working independently, the Security Architect works on the cutting edge of information security and is constantly learning about new technology and how it relates to GameStop's dynamic environment. The Security Architect secures enterprise information by determining security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures; mentoring team members. This position requires not only deep skills in identifying security risk, but also the ability to design practical security solutions that support the business. This role interacts with a supervisor as frequently or infrequently as needed by either; nearly all routine decisions and some non-routine decisions may be made without a supervisor's prior approval. The foundation of this position is to enable the business by providing cloud technologies, refining the traditional data center, performing security code reviews, working on third-party code security reviews, evaluating new technologies, and participating in architecture review and alignment meetings. This position is a face-to-face, relationship based role and is a cornerstone of our architecture practice.

ESSENTIAL JOB DUTIES AND RESPONSIBILITIES*

• Deep and thorough understanding of architecture, design, and the integration of solutions into the enterprise
• Technical mastery of encryption
• Understand and articulate asymmetric encryption and how it applies to forward and reverse proxies
• Public Key Infrastructure (PKI)
• Key Management Practices
• Amazon Web Services (AWS) design and security
• Security Assertion Markup Language (SAML)/SSO application and design
• Web Application Firewall (WAF) application and design
• Security Information Event Management (SIEM) application and design
• Privileged account design
• Web content filtering design
• Static and dynamic code review tool patterns
• Principles of least privilege for identity, network, and data access
• Network based intrusion based detection/prevention (IDS/IPS)
• Understanding of the Payment Card Industry (PCI) and how scope, design, and support are modeled to DSS compliance
• Conducts risk assessments, security audits and technical testing to ensure compliance with information security policies
• Review system and network designs to ensure compliance with corporate security policies and security best practices
• Become the organizations trusted-advisor for all security issues
• Evaluate business strategies and requirements and help formulate a security strategy for the organization
• Prepares system security reports by collecting, analyzing, and summarizing data and trends
• Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
• Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments

RELATED COMPETENCIES

• Continuous Improvement - Originates action to improve existing conditions and processes; uses appropriate methods to identify opportunities, implement solutions, and measure impact
• Decision Making - Identifies and understands issues, problem, and opportunities; uses effective approaches for choosing a course of action or developing appropriate solutions; takes action that is consistent with available facts, constraints, and probable consequences
• Technical/Professional Knowledge and Skills - Having achieved a satisfactory level of technical and professional skill or knowledge in position-related areas; keeps up with current developments and trends in areas of expertise

BASIC AND PREFERRED QUALIFICATIONS (EDUCATION and/or EXPERIENCE)

• Minimum 8 years of professional experience, with 8+ years of experience in information security and/or IT risk management
• 5 + years of hands-on experience as a security practitioner, implementing a variety of solutions across multiple disciplines
• 5+ years of experience architecting solutions with a concentrated focus on security
• 3+ years of experience performing network and application security penetration testing and/or threat assessments preferred
• Experience in a retail environment preferred
• High school diploma or GED required; Bachelor's degree from an accredited program in Computer Science, Information Technology, or related program preferred
• Security certification(s) preferred (CISSP or various SANS Certs)

MINIMUM QUALIFICATIONS, JOB SKILLS, ABILITIES

• Possess proficient analytical, problem solving and decision making skills
• Ability to identify, escalate and solve information security problems
• Ability to provide support to SOX compliance initiatives
• Working understanding of the Payment Card Industry Data Security Standard (PCI-DSS) and how to interpret PCI requirements into a complex global interconnected retail and distribution center environment
• Working knowledge of IT infrastructure and network security concepts, protocols, technologies, threats, vulnerabilities and exploits.
• Proficient understanding of access control and authentication infrastructure (Microsoft AD, LDAP, RADIUS, two-factor authentication) related to data, wireless, and voice networks
• Proficient in analyzing network architecture and devices including firewalls, switches, routers, VPN Concentrators, and segmented VLAN environments
• Proficient with security tools and techniques, including performing internal and external network vulnerability assessments and penetration tests and developing reports based on results
• Working knowledge of risk management techniques and mitigation practices in order to perform risk assessments on various aspects of a global business
• Ability to remain flexible and adapt to changing priorities with promptness, efficiency and ease
• Consistently demonstrates a commitment to GameStop policies and procedures, including but not limited to, attendance, confidentiality, conflict of interest, and ethical responsibilities

 

This job has expired.