67 Security Architecture jobs in New York

Company description

Publicis Sapient is a digital transformation partner helping established organizations get to their future, digitally enabled state, both in the way they work and the way they serve their customers. We help unlock value through a start-up mindset and modern methods, fusing strategy, consulting and customer experience with agile engineering and problem-solving creativity. United by our core values and our purpose of helping people thrive in the brave pursuit of next, our 20,000+ people in 53 offices around the world combine experience across technology, data sciences, consulting, and customer obsession to accelerate our clients’ businesses through designing the products and services their customers truly value.

Overview

As a Senior Engineer - Threat Modeling you will be a part of a smart cross-functional team delivering digital business transformation solutions to our clients. This position entails an individual contributor role focused on Security Architecture and Threat Modeling, encompassing governance, evaluation of public cloud services, and conducting security reviews for Public Cloud Providers. Collaboration and partnership with Engineering, Information Security, Program Management, and Development teams are essential. The candidate will conduct technical architecture reviews to pinpoint security opportunities, identify exploitable threats, and propose mitigation strategies.

Your Impact:

• Conduct thorough threat modeling exercises utilizing established methodologies and frameworks.

• Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.

• Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.

• Deliver comprehensive threat models and related tasks within specified timeframes.

• Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.

• Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.

Qualifications

We are seeking an ideal candidate with 8+ years of experience in a range of technologies and processes including:

• Proficiency in GCP - essential

• Strong knowledge of security architecture principles, frameworks, and best practices

• Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.

• Overall experience in Cybersecurity: 5+ years

• Security practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentation

• Knowledge of cloud security frameworks

• knowledge of Rest API

• Knowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)

• Familiarity with Jira or other ticketing systems – essential

• Technical architecture design and review skills – essential

• Ability to identify vulnerabilities using CWE or OWASP

• Knowledge of operating systems and their hardening techniques

• Understanding of development concepts such as CICD, Pipelines, and SDLC

• Penetration testing knowledge is also super useful

• Familiarity with Cloud Development Kit (CDK) and GitOps

• Experience operating in a DevOps/agile team environment

• Understanding of docker, Kubernetes, serverless architecture, and Helm

• Exposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and Databricks

• Strong analytical skills, diligence, and attention to detail

• Willingness to conduct research using vendor documentation

• Capability to create and maintain high-quality documentation

• Possession of an adversary mindset

• Continuous learning attitude towards new technologies and methodologies

• Strong problem-solving skills

• Excellent communication and collaboration abilities

• Ability to build and nurture relationships across cross-functional teams

Set Yourself Apart With:

• Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL

• Relevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.

• Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)

• Experience working in regulated environments

• Exposure to agile development, DevOps, SecOps and scrum teams

• Hands-on-experience with cloud security designs on Azure

• Development experience (python, Node)

• Strong desire to learn and contribute solutions and ideas to broader team

Additional information

• Flexible vacation policy; time is not limited, allocated, or accrued

• 16 paid holidays throughout the year

• Generous parental leave and new parent transition program

• Tuition reimbursement

• Corporate gift matching program

Base Pay Range: USD 140,000 - 185,000 (varies depending on experience)

The range shown represents a grouping of relevant ranges currently in use at Publicis Sapient. Actual range for this position may differ, depending on location and specific skillset required for the work itself.

As part of our dedication to an inclusive and diverse workforce, Publicis Sapient is committed to Equal Employment Opportunity without regard for race, color, national origin, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity, or religion. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at or you may call us at +1- .

• Conduct thorough threat modeling exercises utilizing established methodologies and frameworks.
• Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.
• Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.
• Deliver comprehensive threat models and related tasks within specified timeframes.
• Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.
• Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.

• Proficiency in GCP - essential
• Strong knowledge of security architecture principles, frameworks, and best practices
• Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.
• Overall experience in Cybersecurity: 5+ years
• Security practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentation
• Knowledge of cloud security frameworks
• knowledge of Rest API
• Knowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)
• Familiarity with Jira or other ticketing systems - essential
• Technical architecture design and review skills - essential
• Ability to identify vulnerabilities using CWE or OWASP
• Knowledge of operating systems and their hardening techniques
• Understanding of development concepts such as CICD, Pipelines, and SDLC
• Penetration testing knowledge is also super useful
• Familiarity with Cloud Development Kit (CDK) and GitOps
• Experience operating in a DevOps/agile team environment
• Understanding of docker, Kubernetes, serverless architecture, and Helm
• Exposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and Databricks
• Strong analytical skills, diligence, and attention to detail
• Willingness to conduct research using vendor documentation
• Capability to create and maintain high-quality documentation
• Possession of an adversary mindset
• Continuous learning attitude towards new technologies and methodologies
• Strong problem-solving skills
• Excellent communication and collaboration abilities
• Ability to build and nurture relationships across cross-functional teams

• Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
• Relevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.
• Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
• Experience working in regulated environments
• Exposure to agile development, DevOps, SecOps and scrum teams
• Hands-on-experience with cloud security designs on Azure
• Development experience (python, Node)
• Strong desire to learn and contribute solutions and ideas to broader team

• Conduct thorough threat modeling exercises utilizing established methodologies and frameworks.
• Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.
• Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.
• Deliver comprehensive threat models and related tasks within specified timeframes.
• Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.
• Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.

• Proficiency in GCP - essential
• Strong knowledge of security architecture principles, frameworks, and best practices
• Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.
• Overall experience in Cybersecurity: 5+ years
• Security practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentation
• Knowledge of cloud security frameworks
• knowledge of Rest API
• Knowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)
• Familiarity with Jira or other ticketing systems - essential
• Technical architecture design and review skills - essential
• Ability to identify vulnerabilities using CWE or OWASP
• Knowledge of operating systems and their hardening techniques
• Understanding of development concepts such as CICD, Pipelines, and SDLC
• Penetration testing knowledge is also super useful
• Familiarity with Cloud Development Kit (CDK) and GitOps
• Experience operating in a DevOps/agile team environment
• Understanding of docker, Kubernetes, serverless architecture, and Helm
• Exposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and Databricks
• Strong analytical skills, diligence, and attention to detail
• Willingness to conduct research using vendor documentation
• Capability to create and maintain high-quality documentation
• Possession of an adversary mindset
• Continuous learning attitude towards new technologies and methodologies
• Strong problem-solving skills
• Excellent communication and collaboration abilities
• Ability to build and nurture relationships across cross-functional teams

• Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
• Relevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.
• Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
• Experience working in regulated environments
• Exposure to agile development, DevOps, SecOps and scrum teams
• Hands-on-experience with cloud security designs on Azure
• Development experience (python, Node)
• Strong desire to learn and contribute solutions and ideas to broader team

• At least 4 years of experience in Cyber Threat Intelligence initiatives, including enhancing prevention, detection, response and recovery efforts through various technical and operational methods.
• Proficient in Python.
• Ability to leverage REST API's to build tool and platform integration.
• Proficient in git version control and git life-cycle development.
• Excellent verbal and written communication skills are required.
• Basic understanding of Agile development model.

• Experience working with OpenCTI.
• Experience developing parsers for text-based resources.
• Understanding of public cloud platforms and experience with utilizing platforms such as Azure, AWS or Google Cloud.
• Experience working in a security environment and/or supporting security teams from a technical standpoint.
• Familiarity with using version control source-code repositories

• Develop and update custom parsers / connectors for the Operational Defense Intelligence Network (ODIN), CTI's primary internal workbench. These parsers / connectors are used to automate the importation of data and reports into ODIN from our internal and external intelligence and data sources, which are critical to core CTI functions and workflows, including disseminating intelligence to the Threat Observables and Reports (ThOR) platform. CTI requires development of several additional parsers / connectors to meet organizational requirements (including importing internal data sources) as well as support periodic updates and tuning of existing parsers / connectors. Access to shared threat intel and models provide a wider view into the network threat spectrum as provided by multiple threat models, vendors and industry partners.
• Design and implement solutions that enhances the security posture of tools across multiple platforms.
• Develop security content for tools and technologies that the Threat Management team relies on to ensure business as usual functioning.
• Integrate innovative and custom technology to improve accuracy of alerts and notifications received by teams within Threat Management.
• Create well documented and clearly articulated code, process and services documentation.
• Understanding REST and SOAP API usage and implementing solutions utilizing APIs from Cyber Command utilized solutions, that enhance detection and response capabilities of the OTI Threat Management.
• Work closely with Cyber Command Security Sciences team to ensure continuous improvement of the security posture of key tools and technologies that protect the City of New York.
• Handle special projects and initiatives as assigned.

Unser Anspruch: Premium. Unsere Produkte: Komplexe Bordnetzsysteme, zentrale Elektrik- und Elektronikkomponenten, exklusives Interieur sowie Batteriesysteme fr die Elektromobilitt. Unsere Kunden: Audi, BMW, Jaguar, Land Rover, Maserati, Mercedes-Benz, MINI, Porsche, VW sowie kalifornische Automobilhersteller.

Anstellungsart: Vollzeit

Vertragsart: Unbefristet

In dieser Architektur-Rolle leiten Sie einen wesentlichen Beitrag zu unserer Cyber-Resilienz und stellen die Anforderungen der Informationssicherheit unternehmensweit sicher, indem Sie unter anderem den Weg in die Digitalisierung sicher gestalten oder innovative Lsungen fr die Cybersicherheit entwickeln und implementieren.

Ihre Aufgaben

• Ausrichtung und Koordinierung der Informationssicherheitsfunktionen anhand der Unternehmensweiten Sicherheitsstrategie und Sicherheits-Roadmap
• Untersttzung der Werke & Funktionen bei der Umsetzung der definierten Informationssicherheitsanforderungen, z.B. durch Beratung in Geschftsprojekten
• Vorantreiben und Umsetzen von (globalen) Projekten zur Informationssicherheit um Sicherheitsrisiken zu mitigieren
• Erarbeiten von Sicherheitslsungen, regionale Sensibilisierung und Simulationen von Cyber-Security-Bedrohungen
• Erstellen eines Risikoprofils fr Projekte und Assets und deren Auswirkungen auf Bereiche der Informationssicherheit
• Beobachten und Erkennen von Trends, um Konzepte zu entwickeln und Handlungsempfehlungen vorzuschlagen
• Entwickeln von Informationssicherheitslsungen, Simulationen, Automatisierungen und Reporting-Tools in der Informationssicherheit.
• Auswahl und Entscheidung ber die Ausrichtung der (IT-)Sicherheits-Tool-Landschaft auf die Bedrfnisse aller Funktionen
• Sicherstellung der qualitativen Bewertung und Spezifikation in Projekten und Proof of Concepts
• Definition, Umsetzung und kontinuierliche berprfung von Prozessen, Strategien und Techniken zum Schutz von Vermgenswerten und Informationen

Ihr Profil

• Abgeschlossenes Studium (z.B. Informatik, Wirtschaftsinformatik, Cybersicherheit, Betriebswirtschaft) oder vergleichbarer beruflicher Werdegang
• Mehrjhrige Berufserfahrung in der Informationssicherheit sowie fundierte Kenntnisse im Bereich IT-Infrastruktur und IT-Sicherheit
• Gute Kenntnisse in gngigen Programmiersprachen
• Sehr gute Kenntnisse ber IT/OT-Systeme und deren Sicherheitsarchitekturen
• Breites Wissen im Themengebiet IT/OT-Security und in der Informationssicherheit
• Sehr gute Deutsch- und Englischkenntnisse
• Bereitschaft zu gelegentlichen Dienstreisen

Chancen und Aufstiegsmglichkeiten fr Mitarbeitende mit dem entsprechenden Anforderungsprofil.

Bewerbungen von geeigneten Schwerbehinderten/Gleichgestellten (m/w/d) sind ausdrcklich erwnscht.
Insofern Sie darauf hinweisen mchten, geben Sie dies bitte im Lebenslauf oder Anschreiben an.

Wir freuen uns auf Ihre Online-Bewerbung!

Ihr Ansprechpartner

Description

Network Security Engineer

Hybrid Work Schedule

Buffalo, NY

Merchants Insurance Group is a leading Property and Casualty Insurer in the Northeast and is looking for an experienced Network Security Engineer for our Information Technology team to join our Corporate Headquarters located in Buffalo, New York.

The Network Security Engineer will become part of a dedicated Information Technology team focusing on the overall security and operation of the network to include reviewing and recommending cost effective, efficient and secure transfer of voice and data communications to and from the infrastructure.

Merchants Insurance Group, rated A- (Excellent) with a stable outlook by the A.M. Best Company, is proud to be one of Buffalo Business First’s Best Places to Work in Western New York (2023-2025), a Fast Track company (2019-2024), and a Top Private Company (2019-2025). Merchants has been granted Ward’s 50 designation as a top-performing property-casualty insurance company for four consecutive years. In October 2024, Newsweek and Statista included Merchants Insurance Group on their first-ever America’s Most Reliable Companies list, which highlights organizations that other companies can feel confident doing business with in 2025. Of 1,500 B2B companies evaluated, Merchants was one of only 300 companies to make the list.

Merchants offers its colleagues a Hybrid work schedule. The Hybrid work schedule requires 8 full days per month in the office, with the option to work the remaining days at home or in the office. This exciting Hybrid Work benefit offers colleagues a flexible work schedule with the ability to remain connected with their Merchants team and colleagues.

Essential Duties and Responsibilities include, but are not limited to:

• Responsible for Level 2 help desk service by troubleshooting network and telecom problems with quick and appropriate resolution, identifying root cause and coordinating with vendors for outside support if necessary.

• Provides analysis and monitoring of network infrastructure.

• Responsible for installing and managing networking and voice equipment including but not limited to VoIP systems, Routers, Firewalls, Switches, and any other security devices necessary to guarantee the security of our environments.

• Responsible for performing active network monitoring, security scans, performance tests, capacity planning, historical trends and baseline statistics.

• Maintains security updates.

Qualifications & Skills:

• Qualified candidates will have a 4 year degree or equivalent work related experience.

• 5 years progressive experience in telecommunications field maintaining medium to large infrastructure, switches, routers, VoIP.

• Ability to plan and prioritize tasks and coordinate installations.

• Network knowledge of Cisco routers, Cisco ASA, Cisco Firepower, Cisco switches, Cisco CUCM, RADIUS, network security or equivalents.

• Strong organizational and time management skills.

• Excellent verbal and written communication skills.

Merchants Insurance Group Pay information:

Merchants Insurance Group offers a competitive pay scale. The actual compensation will be determined based upon experience and other factors permitted by law. The initial pay range for this position is $64,000 - $84,000.

Merchants Insurance Group Benefits:

• Welcoming and positive work environment.

• Flexible work arrangements, including flex scheduling and summer hours.

• Hybrid work schedule. The Hybrid work schedule will require 8 full days per month in the office, with the option to work the remaining days per month at home or in the office.

• Generous paid time off package.

• Full Benefits: Health, Dental, Vision, Life Insurance, Short Term Disability, 401(k) employer match amount is 100% up to 6% of your annual contributions. You are immediately 100% vested in the employer match dollars.

• Outstanding company bonus program.

• Tuition Reimbursement.

And many more exciting company benefits! EOE

Qualifications

Experience

Preferred

• 5 years: 5 years progressive experience in telecommunications field maintaining medium to large infrastructure, switches, routers, VoIP.

Equal Opportunity Employer

This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights ( notice from the Department of Labor.

• Threat detection and vulnerability assessment experience
• Experience with network segmentation, isolation, and analysis
• Cisco Client/Stealthwatch administration
• Experience with vulnerability management

• BGP, OSPF
• Cisco switching
• Network segmentation and isolation
• Physical access control systems
• Video management systems
• VMware and Windows infrastructure
• End point credential management
• Authentication, authorization and accounting (AAA)
• Vulnerability and patch management
• Privileged access management
• Cybersecurity incident response plan/program
• Containment / protection tools for OT environments (Forecscout)
• Implementing deception technology (Honeypot/Honeynets)
• TDI administration and management

Client: MTA Number of Openings: 2 Start: Immediate Location: remote with eventual onsite conversion in NYS Interview Mode: phone and / or video Position Description: A NYS agency located in New York, NY is looking for a Network Security Architect to support multiple projects focused on Network Security Architecture and Critical Infrastructure Systems for a 12 month contract. Requirements: • 10+ years of experience in a Network or Security Architecture role • Undergraduate degree in Computer Science, Engineering, or related field. • CISSP, CCNA, CCIE, and other relevant certifications preferred • Experience with network architecture within OT environments • Strong knowledge of TCP/IP networking and the OSI 7-layer model • Strategic planning and project management skills. • Knowledge of threat modeling and risk assessment strategies • Excellent inter-personal skills including the ability to work with individuals at all levels of the organization Preferred Qualifications Strong technical expertise in the following areas : • Firewalls (Cisco and Palo Alto preferred) • Network Intrusion Detection and Prevention Systems (IDS/IPS) • Packet decoding and analysis • Web Proxy Servers • SSL VPN and other Remote Access Solutions • Wireless Security (RF, 802.11, Bluetooth, etc.) Broad background in the following areas: • Physical Security • Firmware/Embedded Platform Security Responsibilities : • This position is responsible for assisting in the development, implementation, and support of security architectures and solutions including security frameworks and roadmaps within the corporate business and Operational units across the agencies. It also includes securing enterprise information by determining security requirements, planning, implementing, and testing security systems with a team player environment • Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses; studying architecture/platform; identifying integration issues; preparing cost estimates • Plan security systems by evaluating network and security technologies; developing requirements for local area networks, wide area networks, virtual private networks, routers, firewalls, and related security and network devices; designs public key infrastructures, including use of certification authorities and digital signatures as well as hardware and software; adhering to industry standards • Implement security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation • Upgrade security systems by monitoring security environment; evaluating and implementing enhancements • Prepare system security reports by collecting, analyzing, and summarizing data and trends • Track and understand emerging security practices and standards by participating in educational opportunities, reading professional publications and participating in professional organizations #J-18808-Ljbffr