We are looking for a Senior Security Architect to join Sopra Steria Apps Services on a project developed for one our clients. European Commission DIGIT is the internal IT hosting services provider for the EC and other European Institutions. The role is part of a large team of architects; this team designs services that are consumed by applications in various domains.
The Security and Compliance Architect holds a critical position, ensuring that our corporate information systems not only comply with but also excel beyond the standards such as CMMI and ISO.
This role demands a sophisticated blend of compliance oversight coupled with a robust technical skill set.
The architect will ensure systems' security, enhance operational efficiency, and guarantee adherence to necessary regulatory compliance standards, with a particular emphasis on cloud solutions.
Note that we can only offer cooperation to people who are located in Poland and have EU citizenship.
Mission/activities:
- Planning, prototyping, engineering, implementing, operating, and monitoring complex information systems,
- ensuring systems’ security,
- enhancing operational efficiency,
- providing adherence to necessary regulatory compliance standards,
- implementation of cloud solutions.
- Good knowledge of compliance standards: spearhead compliance projects to certify that all corporate information systems meet or exceed these benchmarks.
- Expert system architecture and engineering: perform detailed hands-on work related to designing, prototyping, and engineering of cybersecurity solutions, extending to configuring and operating cloud Security.
- Evaluate and enhance existing systems for better efficiency and compliance, and design new cybersecurity architectures to fulfil evolving requirements.
- Operational excellence and security management: oversee the daily operations of cybersecurity systems (e.g. Vulnerability Scanners), prioritizing stability, performance, and security.
- Implement continuous monitoring strategies to detect and actively remediate vulnerabilities to meet SLA requirements, including cloud security capabilities to safeguard information integrity and reliability.
- Strategic stakeholder engagement: collaborate with internal stakeholders, including Service squads, operational leaders in various CoEs, and senior management, to ensure that cybersecurity practices are seamlessly integrated with organizational strategic goals and compliance demands.
- Audit, reporting, and progressive improvement: conduct comprehensive audits of information systems to assess compliance with required standards and identify improvement opportunities. Generate detailed reports on audit outcomes, system performance, and compliance status. Lead efforts to mitigate gaps and enhance system capabilities, with an emphasis on continuous improvement.
- Knowledge sharing and mentorship: Offer expert advice and training to team members and stakeholders on compliance standards, best practices in system security, and technical procedures, including those related to cloud security solutions. Ensure all team members possess the necessary knowledge and skills to support compliance and security efforts effectively.
Tech stack on the project:
- Operating systems — Windows, Unix, and Linux
- IP networks — WAN and LAN
- DevSecOps
- API Architectures
- Cloud Architecture
- AWS
- Kubernetes
- Microsoft Azure security solutions
Must have requirements
- +10 year of experience in multiple IT areas
- Min. 5 years of experience working in medium- to large-scale IT environments as a security architect or other security design functions.
- Advanced cybersecurity knowledge
- Industry standards knowledge (CMMI, ISO 9001)
- University degree in Information Technology, Computer Science, Cybersecurity or related field
- Very good understanding of network security concepts
- Excellent understanding of authentication and authorization mechanisms and protocols
- Cryptography and latest cryptographic standards (PKI)
- Working knowledge of OWASP Top 10
- Fullstack knowledge of IT infrastructure: applications, databases, Windows OS, Unix, Linux, IP networks (WAN, LAN), DevSecOps, API Architectures
- Service oriented mindset
- Good communication skills
- English B2/C1
- Being open to occasional business trips and visits in our office in Katowice
- EU citizenship
Nice to have requirements:
- Cloud certification or proven expertise in AWS security
- Advanced Cybersecurity Certification (e.g. CISSP, CISM, or equivalent)
What we offer:
BENEFITS (UoP): Luxmed, Multisport, Worksmile, educational platforms, language courses, referral bonus, copyrights, life insurance
DEVELOPMENT OPPORTUNITIES (UoP and B2B): certifications (paid by the company) plus bonus for successful passing, conferences, Tech Lunches
The recruitment process for this position consist of three stages:
- a short phone call with a recruiter (30 min max)
- 1h long interview on Teams (with both general and technical questions)
If you find this offer interesting and you would like to learn more about the project, send us your up-dated CV in English containing the clause:
„I agree to the processing by Sopra Steria Polska Sp. z o.o. my personal data contained in my CV for the recruitment process and further recruitment processes.”