Job Description
Job Description
ComResource is looking for a Principal Security Analyst.
We need someone to assist in designing, testing, implementing, and maintaining secure systems across both on-premise and cloud environments. This role will lead initiatives to enhance security posture, evaluate system vulnerabilities, and ensure best practices are embedded in architectural designs.
Responsibilities:
- Plan, research, and design secure IT architectures for cloud and on-prem environments.
- Review and enhance existing security measures, identifying weaknesses and areas for improvement.
- Oversee the installation requirements and validation for LANs, WANs, VPNs, routers, firewalls, and related network infrastructure.
- Develop and test security systems, establish disaster recovery procedures, and respond to security incidents.
- Provide expert guidance on new projects, including secure development principles and architecture.
- Evaluate system changes for risk, document impacts, and propose mitigation strategies.
- Design and implement security controls that align with frameworks such as NIST, OWASP, and PCI DSS.
- Perform threat modeling, code reviews, and risk assessments on deployed applications.
- Collaborate with internal teams to drive continuous improvement and automation.
- Monitor and respond to emerging threats, technologies, and vulnerabilities.
- Lead complex projects, mentor security team members, and promote a culture of security awareness.
- Support budgeting, forecasting, and cost models for security services and architecture initiatives.
Essentials:
- Bachelor’s degree in Computer Science, Information Systems, or related field.
- 7–10 years of experience in security architecture and engineering.
- CISSP or CCSP certification required; additional certifications such as CISA or CISM preferred.
- Expertise in secure systems design, application security, cloud deployments (Azure & AWS), and SDLC/DevOps.
- Familiarity with security controls including firewalls, IDS/IPS, SIEM, DLP, endpoint monitoring, and vulnerability management tools.
- Strong understanding of frameworks like NIST 800-53/171, GDPR, CCPA, OWASP.
- Experience with architecture principles (e.g., SABSA, TOGAF) and methodologies (Agile, Waterfall, Hybrid).
- Technical knowledge of Kubernetes, APIs, containers, CI/CD pipelines, and infrastructure as code (IaC).
- Exceptional verbal and written communication skills, with the ability to articulate complex security concepts.
Desired:
- Demonstrated ability to influence across technical and executive teams.
- Proven leadership on enterprise-wide security initiatives.
- Experience with forensic investigations, user training, and cloud-native security solutions.
- Ability to manage competing priorities and foster collaboration across IT teams.
- Track record of developing scalable, compliant security solutions and policies.
Req ID: AM44809344