Security Architect jobs at Alcoa - 40 jobs

We're the producers, creators and marketers of beer, wine and spirits brands that people love. At Constellation Brands, we're driven to push boundaries and think beyond today to deliver products and experiences that resonate now, tomorrow and well into the future. With operations in the U.S., Mexico, New Zealand and Italy, our premium portfolio of iconic brands includes Modelo Especial, Corona Extra, Modelo Cheladas, Pacifico, Victoria, The Prisoner Wine Company, Robert Mondavi Winery, Kim Crawford, Schrader Cellars, Lingua Franca, Casa Noble Tequila, and High West Whiskey. But we're just getting started. Our ability to stay on the forefront of consumer trends has fueled our success since our founding in 1945 and will guide us in creating the next generation of products and experiences Worth Reaching For. Position Summary: The Identity Security Architect is a security-minded, hands-on individual with security engineering experience to support our converged security capabilities, focused on identity management (IDM) at Constellation Brands, Inc. The candidate must have strong operational knowledge of the security tool landscape and have a record of accomplishment optimizing and automating processes to achieve measurable efficiency and accuracy gains. This role is integral to the information security program, and works directly alongside the security architecture / engineering, security operations, operational technology (OT) / industrial control system (ICS), governance, risk, and compliance (GRC), technology infrastructure and network teams. Responsibilities: * Be a thought leader and hands-on expert in the company for a significant technical capability related to security identity management (IDM). * Collaborate with senior security leaders on building IDM strategy and milestones and communication with executives. * Lead IDM security engineering projects, tool evaluations, deployments, user experience improvements and mentor other engineers. * Design and implement security processes to support security architecture and engineering using best-in-class security engineering principles; experience with ISO/IEC, NIST, MITRE etc. standards are a plus. * Security tool operations - running, maintaining, optimizing, and configuring rules for various tools across IDM. * Lead secure design and architecture reviews with an understanding of threat modeling. * Create and implement identity security metrics and measurements and process automation - understand how to measure monitoring / incident response processes and how to improve them based on historical data. * Partner with Security Operations (SecOps), Operational Technology (OT) / Industrial Control System (ICS) Engineers to identify and evaluate best in class security solutions and plan production deployments and help document runbooks accordingly. * Candidate must be available 24/7/365. Minimum qualifications: * Bachelors in one of the following disciplines: Cybersecurity, Information Assurance, Computer Engineering, Electrical Engineering, Systems Engineering, Management Information Systems, or similar technical field and minimum of 8+ years related experience with a CISSP or equivalent. * Strong understanding of identity security architecture and engineering concepts at the enterprise level. * Demonstrated past contributor and "plugged-in" to the threat intelligence community and various industry sources. * Understand what it means to "think like a hacker" and take the attacker viewpoint. * Hands-on experience improving the overall IDM user experience. * Authentication space knowledge: * Multi-factor authentication (MFA). * Identity Federation & Single Sign-On (SSO). * Implementing SAML, OIDC, and OAuth. * Security knowledge of various technology & protocols - FIDO, PKI, Mobile MFA, OTP, FIDO key, Biometric authentication, behavior & risk-based authentication. * Implementation experience with web, device (laptop, etc.), infrastructure, and API authentication use cases. * Access Management space knowledge: * Privileged Access Management for admin and privileged accounts. * Access control solution for Linux, Windows servers, Kubernetes/docker, databases, Clouds, and other PAM use cases. * Integration with cloud systems including AWS, Azure, GCP, etc. * Active Directory integration experience. * Identity Governance space knowledge: * Experience with onboarding applications into an IDM solution. * Experience with creating and managing user access campaigns. * Experience with automating IDM critical workflows. * Familiarity with financial audit, Sarbanes-Oxley (SOX), and regulatory compliance processes. * Collaborate with internal and external auditors as required. * Hands-on experience performing incident response duties. * Ability to communicate effectively with various levels of technical expertise or non-expertise (written, verbal, presentation skills). * Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently. Preferred qualifications: * Security operations and threat intelligence experience. * Strong communicator who can partner internationally with senior security and enterprise team members. * Self-starter who takes initiative with strong conviction. ADA Physical/Mental/Workplace Requirements * Occasional lifting up to 25 lbs. * Sitting, working at desk/personal computer for extended periods of time * Primary work environment is professional corporate office * Ability to travel commercially and internationally Location Rochester, New York Additional Locations Canandaigua, New York, Chicago, Illinois, San Antonio, Texas Job Type Full time Job Area Information Technology The salary range for this role is: $114,300.00 - $207,800.00 This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. Our compensation is based on cost of labor. For remote locations or positions open to multiple locations, the pay range may reflect several US geographic markets, including the lowest geographic market minimum to the highest geographic market maximum. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee's pay position within the salary range will be based on several factors including, but not limited to, the prevailing minimum wage for the location, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, any collective bargaining agreements, and business or organizational needs. At Constellation Brands, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate. We offer comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees. Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law. Equal Opportunity Constellation Brands is committed to a continuing program of equal employment opportunity. All persons have equal employment opportunities with Constellation Brands, regardless of their sex, race, color, age, religion, creed, sexual orientation, national origin or citizenship, ancestry, physical or mental disability, medical condition (cancer or genetic characteristics), marital status, gender (including gender identity or gender expression), familial status, military or veteran status, genetic information, pregnancy, childbirth, breastfeeding, or related conditions (or any other group or category within the framework of the applicable discrimination laws and regulations).