View all jobs

Security Architect- Managed Services

Toronto, Ontario
KPMG Canada is looking for an experienced individual to fulfil the role of a Managed Services - Security Architect in our Information Technology Services team.
This is an exciting opportunity for an individual who has deep experience in multi-cloud technologies, solution architecture and security to spearhead our deep dive in DevSecOps and embedding security into solution architecture life cycle.
Security Architect will work with business clients, Architects and Senior team members to provide practical security solutions for multi-cloud-based platforms

Working with business, Security and other ITS technical team members, Security Architect will assist with technical security architectural requirements, design, and delivery. Work in a collaborative fashion with team members including security analysts, project managers, solution architects, business, and QA analysts. Provide technical consultancy and guidance, as needed, to other ITS teams as well as internal business service lines

What you will do:
  • Responsible for aligning and translating business requirements into secure solutions, reviewing technical architectures for applications and products to ensure they meet security standards and creating reference architectures that can be leveraged by technology functions across the firm to develop secure solutions in a multi-cloud environment.
  • Perform assessment of existing platforms and processes to understand limitations and weaknesses to identify security challenges and identify opportunities for efficiencies, as well as for improvements in security controls
  • Build technical and security architectures in Azure, AWS or GCP for defined workloads
  • Participate and provide guidance in the design, development and delivery of technical security solutions that aligns to industry standards and business goals.
  • Perform as a subject matter professional on DevSecOps and cloud technology security with responsibilities to coach other members of the broader Technology Architecture function with ITS.
  • Develop and maintain security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
  • Provide analytical and technical security recommendations to other team members and stakeholders and identify requirements based upon need or as the result of a security issue that puts organizations systems at risk 
  • Conduct code reviews of applications to determine security flaws or other issues that would impact the confidentiality, integrity, or availability of the software.
  • Coordinate with DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices to the Sr. Manager of Security or CISO
  • Configure and implement cloud security services, including identity and access management, detective controls, infrastructure protection, and data protection.
  • Analyzing requirements for security tools and technology (SIEM, Endpoint Protection, Vulnerability Management, DLP, other).

What you bring to the role:
  • 5+ years’ experience with architecting, designing, and implementing cybersecurity systems, solutions, and tools for on-premise and cloud environments.
  • Bachelor’s or master’s degree in Information Technology, Computer Science, or a related work experience, or equivalent.
  • Previous security experience in a consultancy role collaborating with internal ITS teams as well as business teams.
  • Understanding of information security standards (e.g., ISO, PCI DSS, NIST CSF etc.), rules and regulations related to information security and data protection.
  • Experience interpreting business, technology, and threat drivers, and develop practical security roadmaps to deal with these drivers.
  • Experience reviewing application code for security vulnerabilities.
  • Experience in developing DevSecOps practices while focusing on securing open systems solutions.
  • Experience with application security, experience with application integration, secured apps, embedding security with CI/CD pipelines, secure coding practices exposure, ability to run pen test.
  • Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
  • Full-stack knowledge of IT infrastructure:
    • Applications
    • Operating systems (Windows & Linux)
    • IP networks (WAN, LAN)
  • Experience designing the deployment of applications and infrastructure into public cloud services (Microsoft Azure).
  • Experience in building cloud architecture with Azure, using Azure Resource Manager, Azure IaaS, PaaS offerings
  • Experience and understanding of Infrastructure as Code, Automation, and Orchestration
  • Some out of hours support maybe required.
  • The ideal candidate will maintain one or more of the following certifications

Share This Job

Powered by