Primary Location: 3003 Summit Blvd, North Hills, NY, US
Division: Cox Automotive
Job Level: Individual Contributor
Shift: Day Job
Requisition Number: 202202682_25290552
At Cox, we're forward-thinking innovators who put people first. Our award-winning workplace culture is centered on inclusion and kindness, and we're looking for people to join our mission to be a force for good in the world. Come build a better future with us across automotive, communications, the environment and more.
We want to do everything we can to keep our employees safe and healthy. Therefore, where permitted by applicable law, you will need to be fully vaccinated against COVID-19 to be considered for this U.S.-based job. Reasonable accommodations for medical and religious objections will of course be considered.
Keep reading to learn more about this opportunity to join the Cox family of businesses.
Cox Automotive is looking for an experienced Principal Security Architect to join our team. The Principal Security Architect is responsible for designing security solutions that protect the business, but also allow the business to execute and innovate. The Principal Security Architect works closely with many diverse and dynamic teams, including, but not limited to, security engineering, IT infrastructure, application development, security operations, security audit and end users. This position is also responsible for architecting solutions to secure business-to-business initiatives, third-party relationships, outsourced solutions and vendors.
The Principal Security Architect provides expert guidance for addressing current security issues, but has the foresight to see where the industry is headed and proactively deliver optimal secure solutions. The architect is expected to think like an adversary and identify how solutions should evolve as the threat landscape changes. A senior-level role, the architect possesses strong communication and organizational skills, and the ability to guide less experienced coworkers. The architect provides technical leadership to delivery and solution design team members.
Primary Responsibilities and Essential Functions:
- Delivers strategic thought leadership to the ERS team and extends the strategy into the broader business, IT and Architecture functions. Defines and takes ownership of a multiyear capability, coverage, maturity, and effectiveness model that is used to measure the progress toward a desired target state for security
- Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership.
- Evaluate, analyze and provide direction on the current domestic and international enterprise Information Security Infrastructure for (EDR, IDS/IPS, Encryption, FW, Email Security, WAF, Bot Mgmt, DDoS protection, etc.) to ensure security best practices are implemented and identify areas for improvement
- Evaluates the current state and provides future state cloud security reference architecture. Architects friction-less preventative and detective security controls to be built into multi-cloud environments for Azure, AWS, OCI and works with ERS to provide guidance on continuous improvement
- Provides Cybersecurity integration and automation architectures for the next gen cloud native security stack that is identity and API driven. Provides guidance on reducing/mitigating the attack surface on the identity stack and designing for Zero-Trust Identity Protections
- Deeply understands the threat landscape and emerging threats (ie Ransomware) that may impact Cox Automotive and knows how to architect leading strategies to mitigate risk
- Leverages threat inteligence for strategic architectural decisions in order to recommend security enhancement projects to improve the posture of the organization. Defines threat models and countermeasures to prioritize risk remediation and security enhancements
- In depth understanding of vulnerability management best security practices for Mobile, App, and Infrastructure security and embedding of toolsets within a CI/CD pipeline
- Evaluate the current state and develop secure reference architectures and/or patterns for company applications, DevOps (CI/CD) for containerized and virtualized systems, infrastructural components, and application and system patching and hardening capabilities
- For ongoing cloud, network, system, application and telephony projects, work with the respective technology teams to design a robust, reliable, and integrated IT security architecture covering the entire enterprise and addressing issues as prioritized by Enterprise Risk & Security (ERS)
- Provide architectural leadership and design capabilities to ensure Network Architecture is properly implemented and maintained.
- Act as an Advisor on technology solutions and IT processes in accordance established Cox Automotive (CAI) practices and industry best practices to the portfolio teams
- Assist Risk Management & Compliance team with development of domestic and international security policies, standards and reference models to be implemented in the appropriate areas of CAI networks
- Analyze current System, Network and Application reference models
- Maintain and update the security model, technologies and standards for system architects and designers
- Provide Security Architecture design services to portfolio teams during their engagement within the established solutions development lifecycle (SDLC)
- Provide architectural representation for ERS through the SDLC by reviewing, developing architectural plans and preparing architecture documentation and associated artifacts for internal ERS projects through-out the SDLC
- Design future architectural solutions to assist ERSs development of a three-year security strategy
- Evaluate and monitor emerging security architectural trends in the industry and develop a robust reporting methodology for delivering the results of this analysis to ERS Management
- Review and contribute to the incident management process to provide architectural solutions to address root cause of incidents
- Influence the planning and execution of incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
- Minimum of 8 - 10 years experience in the information security industry
- Experience with Amazon Web Services (AWS) and/or Microsoft Azure
- Demonstrated security platform design and implementation experience
- Proven experience with cloud security in AWS/Azure/OCI, application/API security, firewalls, IDS/IPS, sandboxing, threat intelligence, vulnerability assessment and mitigation, SIEM, auditing, encryption, data loss prevention, threat intelligence, SASE, Zero-trust network access solutions, mobile application/system security
- Experience driving measurable improvement in monitoring and response capabilities at scale.
- Security frameworks (NIST, MITRE ATT&CK, Diamond Model, Kill Chain)
- Expert Visio documentation experience
- Excellent verbal communication, organizational, presentation and planning skills
- Experience translating business direction into required security controls and collaborating from SME to C-Level
- Experience with PCI, GDPR compliance
- Demonstrated experience assessing risk and developing security controls at a business-appropriate level
- BS/BA degree or equivalent experience is required
Who We Are
About Cox Automotive
Theres nothing ordinary about Cox Automotive. We are people of every background driven by our passion for mobility, innovation, client success and community outreach. We make buying, selling and owning (or simply using) cars easier for everyone. Touching more than 40,000 clients across five continents, we bring together the best brands and the best teams to propel the automotive industry forward. Some of those team members work for our iconic consumer brands like Autotrader and Kelley Blue Book, while others are creating the future of automotive at industry-facing brands like Dealer.com, Manheim and vAuto.
We are the Cox family of businesses. Weve been making our mark since 1898 by building and evolving world-class businesses, staying true to our values, and encouraging top talent to always look for growth and impact while building a career with us. Our primary divisions - Cox Communications and Cox Automotive - are driving a new wave of innovation, powering smart cities with powerhouse broadband communications and pioneering greener, more progressive transportation alternatives for individuals and fleet operators. Were also expanding into new spaces like cleantech and healthcare to rev up our momentum toward building a better future for the next generation. Were looking for the talent today who will be our leaders tomorrow. Sound intriguing? Learn more about where we are today, where we hope youll be going with us, and the common purpose that unites us at coxenterprises.com.
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individuals age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.
Web Reference : AJF/359634311-202
Posted Date : Sat, 02 Jul 2022
Please note, to apply for this position you will complete an application form on another website provided by or on behalf of Cox Automotive. Any external website and application process is not under the control or responsibility of IT JobServe