Consultation Services Security Architect

Job Description & Summary

The Opportunity

A career in Information Security, within Internal Firm Services, will provide you with the opportunity to develop and support our internal security technologies and services across the entire global and local PwC network. You’ll focus on cloud and application security strategy and be at the forefront of designing, developing, and implementing information technology including hardware, software, and networks that enhances security of internal information and protects our firm's intellectual assets.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

What you will be doing:

• Primary regional contact with technology delivery teams, BISO/CISO, and management to accomplish the following:

  • Assure that security is properly built into the technology during the design phase by engaging early with development teams to educate them around security by design

  • Champion use of best practices and approved tools in alignment with industry best practices

  • Act as the first point of escalation to address technical customer service concerns

  • Define, influence, communicate and drive the Application Security vision and strategy across the PwC Network of firms.

• Lead and support cloud hygiene

  • Create detailed deployment guides for every cloud component prior to deployment

  • Utilization of application security tools to scan applications for application security risks

  • Create and implement a QA process to assure that cloud components are implemented per the deployment guides

  • Develop cloud monitoring process that provides a comprehensive view of an applications  compliance posture

  • Evaluate and train cloud implementation team and architects in cloud best practices

• Emerging technology review

  • Take lead on analysis of new technologies as they become available in the market. 

  • Create and present, at the senior management level, strategic directives to allow the firm to implement new technologies safely and quickly

  • Engagement with development teams to articulate complex application security risks

  • Develop and communicate a point of view on key global trends, and how they impact clients.

What we need from you:

• Experience with deployment orchestration, automation, and security configuration management (Jenkins, Bridgecrew, Puppet, Chef, Terraform, Ansible, CloudFormation, or ARM templates)

• Ability to identify and mitigate potential threats when configuring public cloud services

• 8+ years experience as a Cloud Security Engineer, Cloud Engineer, Cloud Security Architect, Cloud Security Ops, or a related field

• At least 3+ years of relevant experience as a cloud enablement expert

• Ability to work on multi-cloud environments like AWS, GCP, and Azure

• Deep knowledge of effective controls for Application Security, Cloud & Services Hosting, Identity and Access Management, Data Protection, Borderless Connectivity, Endpoint Security, and Cyber Security Operations

• Conversant with ISO 27002:2005/2013 information security standard

• Managing multiple security assessments and changing priorities, simultaneously

• Knowledge and experience of API security architecture, authentication and authorization and industry best practices

• Hands on engineering experience with enterprise security technology both on-prem, private and public cloud

• Familiar with containerization technologies as well as orchestrator solutions (CaaS, CLaaS, Kubernetes)

• Background in engaging business & technology stakeholders at all levels to gather long term goals & requirements

• Deep understanding of security technology at an enterprise & solution level

#LI-DI1 #LI-Remote