Principal Security Architect
Job Locations CZ-Prague | RO-Bucharest Requisition ID 2021-57422 Category Research & Development
What's the role?
Security, Privacy, and Continuity (SPC) is a centralized organization that secures HERE products and services, ensures best-in-class security and privacy for customers and employees, and protects the organization against physical and virtual threats. SPC is a globally distributed team of security and privacy professionals and is growing to keep pace with HERE's expanding business and customer base.
Securtity Architects - The team
You will join HERE’s team of Security Architects who are transforming how HERE’s security controls are mandated, implemented, maintained and monitored. We are building Continuous Security Controls Monitoring in cooperation with the other Security and Privacy teams, and using its enterprise-wide observability to influence technology investment and implementation decisions by Research & Development and IT. As HERE expands its industry-leading advantage in Location Services, we simultaneously present an ever brighter target for those who would abuse our capabilities and resources. Join a highly agile team at the nexus of HERE’s defenses and help keep the Internet a safe place to live and work. Teams with a diversity of brains, backgrounds, and personalities build more resilient solutions, so we prefer diverse teams at HERE, and strongly encourage non-traditional candidates to apply.
Main Responsibilities
- Influence leaders of teams to elevate the priority of security controls implementation when risk is overly high and, equally, advocate on behalf of risk acceptance when risk is sufficiently low given the business opportunities under consideration
- Create software prototypes and automation tools that assemble data about system weaknesses to aid in understanding the scope and breadth of risk.
- Coach others in building threat models for HERE technology systems, which connect available threat intelligence to common attack techniques, and link those to their applicability to HERE systems.
- Author and/or curate guidance documentation that recommends how developers and engineers may quickly harden their systems.
Who are you?
You are highly experienced technical security professional with broad scope focused on data-driven analysis of HERE’s complex technology systems to uncover systemic security weaknesses, assess the level of risk they present to HERE, and advise practical techniques or adaptations for mitigating or reducing that risk. In this role will commonly apply data analysis, risk assessment and threat modeling techniques, and coordinate various teams in the development of mitigation solutions. You take initiative and seek to influence improved security in teams throughout the enterprise. Furthermore:
- Many years of experience securing IT systems and infrastructure
- Fluency with one or more scripting or application programming languages
- Direct experience with the software development lifecycle and the tradeoffs encountered therein
- Examples from your experience where you used data to showcase progress and accomplishment
- Ability to communicate how security principles and secure architectures help prevent intrusion and abuse of complex multi-system IT solutions
- Comfort and confidence adapting communication approach to reach a variety of audiences, from non-technical business personnel to Ph.D.-educated technology experts
- Demonstrated ability to influence consensus across domains
HERE is an equal opportunity employer. We evaluate applicants without regard to race, color, age, gender identity, sexual orientation, marital status, parental status, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.
