Security architect job description

Santa Clara Valley (Cupertino),California,United States

Hardware

+ Typically requires 5+ years of experience

+ Solid background of applied cryptography

+ Working experience in definition of secure systems

+ Experience in threat modeling and weaknesses analysis

+ Knowledge of SoC architecture, microprocessor architecture a plus

+ Exposure to OS security

+ Excellent interpersonal skills

+ Ability to independently pursue new ideas and innovations

+ Good knowledge of Verilog/VHDL

+ Experience in C/C++ and interpretive language such as Perl/Python

**Description**

As part of the Platform Architecture organization, the Security Architecture team has a mission to provide rock-solid security foundation to Apple's products. We evaluate security threats, define security features, architect security solutions. We collaborate with the software teams to ensure seamless security systems. We work together with different silicon teams throughout the entire design flow to guarantee state-of-the-art security goes into various in-house and out-sourced silicon chips. This position will be a key role to help us fulfill our mission with the following core responsibilities: - Analysis of Hardware and Software attack vectors - Definition of Hardware and Software security related features - Architecture of security solutions in HW and SW - Development of evaluation plans for both HW and SW - Communication with multi-functional teams

**Education & Experience**

MSEE/CE required

**Additional Requirements**

**Apple Footer**

Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (Opens in a new window) .

Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants. United States Department of Labor. Learn more (Opens in a new window) .

Apple is required to comply with a COVID-19 vaccination mandate issued by the New York City Department of Health. We will verify the vaccination status of all New York City team members who are working at an Apple Store, office, or partner store in New York City. New York City Department of Health Learn more (Opens in a new window) .

Apple will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law. If you're applying for a position in San Francisco, review the San Francisco Fair Chance Ordinance guidelines (opens in a new window) applicable in your area.

Apple participates in the E-Verify program in certain locations as required by law. Learn more about the E-Verify program (Opens in a new window) .

Apple is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. Apple is a drug-free workplace. Reasonable Accommodation and Drug Free Workplace policy Learn more (Opens in a new window) .

We are looking for a talented **Security Architect** to join our team specializing in Systems/Information Technology for our Corporate Business Segment in Columbus, IN. This position is hybrid.
**In this role, you will make an impact in the following ways:**

+ Responsible for assessing, defining, and championing the IT architecture strategies, principles, policies, and standards in alignment with Cummins IT strategy and governing their use.

+ Coordinate with project teams to create, document, assess and/or validate the application and infrastructure architecture artifacts / designs for specific systems to meet Cummins security policies, governance, compliance, and regulations and review the architecture artifacts with the stakeholders.

+ As required, help drive and manage other Architects on the team and work on architecture activities.

+ Assist leadership teams on Cummins IT strategic initiatives and Architecture initiatives as needed.

**Qualifications**

**To be successful in this role you will need the following:**

+ College, university, or equivalent degree in Information Technology, Business or a related subject required.

+ Minimum 6 years of relevant experience required.

+ IOT security

- Experience with PKI infrastructure, key management, and securing devices using x.509certificates.

- Understanding the secure boot process for devices

- Knowledge of FIPs 140.2

+ API Security

- AWS and Azure native cloud and cloud security concepts

- Understanding of CDN, WAF, and Firewalling technologies

- Ability to understand code vulnerability and testing methodologies using SAST, DAST, and SCP

- Familiarity with Docker containers and container security

- Knowledge of cybersecurity frameworks (NIST, GDPR, ISO27001 etc)

**Compensation and Benefits**

Base salary rate commensurate with experience. Additional benefits vary between locations and include options such as our 401(k) Retirement Savings Plan, Cash Balance Pension Plan, Medical/Dental/Life Insurance, Health Savings Account, Domestic Partners Coverage and a full complement of personal and professional benefits.

**Cummins and E-verify**

At Cummins, we are an equal opportunity and affirmative action employer dedicated to diversity in the workplace. Our policy is to provide equal employment opportunities to all qualified persons without regard to race, gender, color, disability, national origin, age, religion, union affiliation, sexual orientation, veteran status, citizenship, gender identity and/or expression, or other status protected by law. Cummins validates right to work using E-Verify. Cummins will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization.

**Job** SYSTEMS/INFORMATION TECHNOLOGY

**Primary Location** United States-Indiana-Columbus-US, IN, Columbus, 301 Irwin Building

**Job Type** Experienced - Exempt / Office

**Recruitment Job Type** Exempt - Experienced

**Job Posting** Sep 26, 2022, 9:58:50 AM

**Unposting Date** Ongoing

**Organization** Corporate

The Core Development team in JPMorgan Chase's Cybersecurity & Technology Controls group designs and implements controls that harden our global software procurement, build systems, and deployment capabilities across our firm's infrastructure. We obsess on the efficacy and utility of these mechanisms to make the software development experience at JPMorgan Chase simple and safe.

As a Security Architect, you will work with our partner teams to perform architecture reviews and advise in secure software procurement, build, and deployment solutions. In this important role you will contribute systems that support the global financial services of billions of customers worldwide.
Your Role and Responsibilities:

+ Report to functional lead of the program and partner with product teams to assess and standardize security practices, raise the security bar on product environments, and harden the product features.

+ Partner with and mentor your peers to guarantee a high standard of delivery by educating, challenging, and advising product teams on common standards and threats.

+ Experience with Security fundamentals, including: cryptography, modern memory safety, operating system internals, and web services security.

+ Experience with related security threats, including: cloud security, operating system/hypervisor security, and application security.

+ Experience with common open standards, including: mTLS, OpenID, and the shared responsibility model

+ Perform risk assessment and threat modeling activities.

+ Scope application security assessments and penetration tests.

+ Contribution to security training development and implementation.

+ Lead the evaluation of security controls, such as libraries and frameworks, their development and their deployment.

+ Guidance in the development of prototypes, Proofs of Concept and Reference Models for shared security controls at our Firm.

Required Skills:

+ Desire to up-skill and self-develop

+ 4+ years of experience within a software security team or similar operating environment.

+ BA/BS in computer science, information security, related discipline, or equivalent work experience.

+ Proficiency in one or more object-oriented programming languages: Java, C#, or Python.

+ Software engineering experience with a current focus on secure application development.

+ Penetration testing experience. Must be knowledgeable and familiar with common tools techniques and processes.

+ Experience with common application flaws, and how to fix them.

Desired Skills:

+ Information security professional certifications encouraged, such as SANS GIAC, CISSP

+ Experience teaching application security and secure development practices; in 1:1 situations or to large teams.

+ Experience with DevOps processes in a Cloud/SaaS environment.

+ Experience architecting, securing, and operating one or more public cloud environments: Amazon Web Services, Google App Engine, Azure, and Oracle Cloud.

+ Experience with service-oriented architectures and web services security.

+ Experience with one or more emerging programming languages: Go, Rust

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.

As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.

Equal Opportunity Employer/Disability/Veterans