Senior Security Architect
  • United Arab Emirates Dubai
  • Emirates NBD
1 year before
31.12.2023
Securely Provision
Systems Architecture
Job Description

Primary/General Job Purpose:

Technical Expertise/Advisory: Deep & wide ranging cyber/information security expertise spanning infrastructure, application, and network & cloud security concepts.

Living CODE values of Emirates NBD: Role model and live Emirates NBD’s Collaboration, Ownership, Drive and Enterprising (CODE) values in day-to-day dealings with all stakeholders

Personality Traits: Display high energy within the team, bringing passion for the product lifecycle and it’s security to the table everyday with strong stakeholder management skills that balance diplomacy, assertiveness, common-sense, persuasion skills and provision of solutions (by presenting options) to challenges. Strong confidence in ability to justify security controls coupled with communication skills to influence are key.

Encourage ‘Shift Left’ Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle using a mix of people, process and technology elements to balance Security, Privacy, User Experience & Performance.

Cyber Security Champion – Act as a security champion within the squad/team educating stakeholders on the benefits and importance of good cyber security architectural practices.

Superior Customer Service: You will influence the implementation of security controls & patterns for a product using a mix of your superior technical, security, people, process & persuasion skills while ensuring high customer service ratings and adequate stakeholder, expectation, and perception management.

Agile Philosophy: You understand how to embed security when working with teams that use methodologies like Scrum, Kanban, or similar. Understands concepts like Tribes, Guilds, Chapters, Backlog Grooming, Sprint Planning, User Stories


Experience required:

Minimum 6 years’ experience in either a Security Architect or Red Teaming role
Deep & Hands-On Understanding & Expertise
For Core Application Security Roles: OWASP Top 10, ASVS & MASVS and attack/defense techniques
For Core Infrastructure Security Roles: Operating System, Database, Virtual Machine Security, and Infrastructure as a Code (IaaC) concepts including attack/defense techniques
For Core Network Security Roles: Networking technologies (SDN, SD-WAN, Proxies, DNS, etc) and Network Security solutions
For Cloud Security Roles: Landing Zones / Isolation concepts, NSGs/VPCs, Conditional Access, CI/CD pipelines on at least 1 of the 3 platforms (AWS, Azure, GCP or OCI)
Identity & Access Management: Authentication & Authorization / Privileged Access Management / Hybrid (External & Internal) Cloud identities
Security Automation: Experience with automation tools like SAST, DAST, SCA, Container Security tooling
Banking/e-commerce industry experience
Strong technical skills in at least 4 of the following 6 areas – Infrastructure, Application, Network, Cloud Security, Identity & Access Management and Security Automation
Functional Skills – No expectations; but a plus if it exists since it will depend on the product being secured
Strong stakeholder management skills that include managing a mix of business, technical and oversight function stakeholders

Qualifications
AS Mentioned in the JD
Primary Location: United Arab Emirates-Dubai-Dubai - Nadd Al Shiba, Meydan, Building M
Job: Professional Support
Organization: CTO
Schedule: Regular
Shift: Standard
Job Type: Full-time
Day Job

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0027   Knowledge of organization's enterprise information security architecture.
  • K0028   Knowledge of organization's evaluation and validation requirements.
  • K0035   Knowledge of installation, integration, and optimization of system components.
  • K0043   Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0056   Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • K0060   Knowledge of operating systems.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0074   Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
  • K0075   Knowledge of security system design tools, methods, and techniques.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0180   Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • K0203   Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • K0227   Knowledge of various types of computer architectures.
  • K0291   Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)
  • K0293   Knowledge of integrating the organization’s goals and objectives into the architecture.
  • K0299   Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0487   Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
  • K0007   Knowledge of authentication, authorization, and access control methods.
  • K0008   Knowledge of applicable business processes and operations of customer organizations.
  • K0009   Knowledge of application vulnerabilities.
  • K0010   Knowledge of communication methods, principles, and concepts that support the network infrastructure.
  • K0026   Knowledge of business continuity and disaster recovery continuity of operations plans.
  • K0036   Knowledge of human-computer interaction principles.
  • K0336   Knowledge of access authentication methods.
  • K0374   WITHDRAWN: Knowledge of basic structure, architecture, and design of modern digital and telephony networks. (See K0599)
  • K0565   Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
Required Skills
  • S0005   Skill in applying and incorporating information technologies into proposed solutions.
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0122   Skill in the use of design methods.
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • S0374   Skill to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
  • S0139   Skill in applying security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • S0152   Skill in translating operational requirements into protection needs (i.e., security controls).
Required Abilities
  • A0008  Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization's enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]).
  • A0027  Ability to apply an organization's goals and objectives to develop and maintain architecture.
  • A0038  Ability to optimize systems to meet enterprise performance requirements.
  • A0060  Ability to build architectures and frameworks.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0048  Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • A0049  Ability to apply secure system design tools, methods and techniques.
  • A0061  Ability to design architectures and frameworks.