Position Title: Principal Cloud Security Architect (P5)
Company Summary
Crown Castle is the nation’s largest provider of shared communications infrastructure: towers, small cells and fiber. Whenever you make a call, track a workout or stream music and videos, we’re the ones providing the communications infrastructure that makes it possible to transform the way we live and work. From 5G and the internet of things to drones, autonomous vehicles and AR/VR, we enable the technologies that help people stay safe, connected and ready for the future. Crown Castle is publicly traded on the S&P 500, and one of the largest Real Estate Investment Trusts in the US.
Role
The Principal Cloud Security Architect will direct and guide other technology teams within Crown Castle for all matters related to cloud security strategy and implementation, including Security Tools within Cloud ecosystems (Azure and AWS), Network IPS/IDS, Identity and Access Management (IAM), User Entity and Behavior Analysis (UEBA), Zero Trust, DevSecOps, Security Access and Service Edge (SASE) and Security Frameworks and Methodologies, and Threat Modeling.
The successful candidate will partner with leaders across the business to develop and deliver solutions that support business strategies and protect Crown Castle’s intellectual property and customer data globally. They must be knowledgeable about how security architecture fits into the broader security program as well as how it supports the transformation of the organization’s digital infrastructure.
Responsibilities
Collaborate closely with cross-functional teams to ensure that advanced and innovative security measures and best practices are integrated into all cloud technology solutions.
Actively participate in various enterprise architecture forums to champion cloud security interests and provide expertise on security-related issues.
Assist technical teams in migrations from on-prem systems to cloud platforms while establishing and maintaining a high level of security and compliance.
Create and maintain security strategy plans and roadmaps. Influence the planning and execution of the roadmap with measurable benchmarks to show progress (or deficiencies requiring additional attention).
Develop and maintain Security Architecture process and artifacts that enable the enterprise to implement security capabilities that are clearly aligned with the business, technology, and threat drivers.
Serves as the subject matter expert in secure cloud technology design, development, and implementation in support of products, solutions, and business functionality enablement.
Drafts and reviews cloud related policies, standards, and guidelines to ensure security is designed and delivered to meet business use cases and requirements.
Establishes architecture design principles and practices to improve performance, effectiveness, security, compliance, and scalability of solutions.
Collaborates with business teams to understand vision and scope for cloud solutions and defines the security requirements.
Partners with cross-functional teams to assess cloud security risks by establishing security architecture with a focus on threat detection, security control enforcement, and incident response.
Draft project plans for security services or technology implementations and coordinate with stakeholders across the organization.
Strategize and design security architectures for next generation cloud systems. Possess a firm understanding of the offerings within Amazon Web Services (AWS) as well as other leading cloud service providers.
Based on business requirements, plan and design cloud-native architecture that adheres to cloud security frameworks, standards, and best practices.
Ensure relevant audit and security logs are collected to a central location and exposed to the correct teams for triage, analysis, and incident response.
With a solid understanding of next generation cloud platforms and serverless technologies, act as the ambassador and principal technical representative for Enterprise Security while engaging with other senior technical leaders throughout Crown Castle in the design and implementation of cloud and hybrid solutions.
Develop and execute strategies to mature our security posture throughout the enterprise, as well as mentoring more-junior security architects and analysts.
Determine baseline security configuration standards for operating systems (e.g., OS Hardening), network segmentation, web application firewall, mobile devices, etc.
Review security technologies, tools, and services, and make recommendations to the broader security team for their use, based on security policy and procedures as well as financial and operational metrics.
Expectations
Ability to work independently with minimal direction; self-starter/self-motivated
Ability to communicate highly complex technical information clearly and articulately for all levels and audiences
Remain current with new security threats and assess systems to ensure they can defend the business.
Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership
Research, validate and deploy solutions meeting security and business needs
Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively (technical writing experience is a plus)
Education/Certifications
Bachelor of Science degree in Computer Science, Engineering, or related field
CISSP, CISA, CISM, CCSP or other relevant security related designation(s) required
Ten (10)+ years of experience with hands-on Security Architecture and/or Engineering
Five (5)+ years of experience with Amazon Web Services (AWS) and Microsoft (MS) Azure
Experience with SaaS, IaaS, and PaaS architectural solutions within Amazon Web Services, Microsoft Azure, and other cloud providers
Experience in Cloud, DevSecOps, Container Security, IAM patterns, WAF/CDN/DDoS services, security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies
Experience in security architecture methodologies like SABSA, OSA, O-ESA, security framework and standards like NST CSF, ISO, PIC, SOC2, and best practices like CIS benchmarks, defense in depth
Experience with data protection, cryptography, key management, identity, and access management (IAM), network security within SaaS, IaaS, PaaS, and other cloud environments
Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies
Broad knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls
Experience architecting SIEM systems, threat intelligence platforms, security automation and orchestration solutions, IDS/IPS, file integrity monitoring (FIM), data loss prevention (DLP) and other network and system monitoring tools
Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies
Strong interpersonal and communication skills; ability to work as part of a cross-functional team environment
Organizational Relationship
Reports to: Senior Manager, Security Integrations
Title(s) of direct reports (if applicable): none
Working Conditions: Full remote. Provide 24x7 on-call support as needed. Some travel may be required.
We offer a total benefits package and professional growth development for teammates in any stage of their career. Along with caring for our teammates, we’re an active member in the communities where we live, work and do business. We have a responsibility to give back, which we do through our Connected by Good program. Giving back allows us to improve public spaces where people connect, promote public safety and advance access to education and technology.
For New York, Colorado, California and Washington residents the hiring range offered for this position is $150,000 - $180,000 annually. In addition to salary, employees are eligible for an annual bonus of up to 30% of annual salary and restricted stock. Employees (and their families) are eligible for medical, dental, vision, and basic life insurance. Employees are able to enroll in our company’s 401k plan. Employees will also receive 18 days of paid time off each year and 12 paid holidays throughout the calendar year.
#LI-Remote
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
