Cincinnati Bell Security Architect in Cincinnati, Ohio

Security Architect

Cincinnati, OH

Job Purpose

The Information Security Architect will be responsible for providing world-class security consulting services to CBTS customers. The architect will use extensive experience with security technologies, knowledge of accepted standards and best practices, and proven tactics against sophisticated attackers, to help CBTS customers defend their critical systems and sensitive data. The architect will report to the director of security services on the Advanced Cyber Security team.

Essential Functions

• 35% Perform "friendly" security assessments for CBTS customers. While working with customer technical and executive staff, review the state of various technical and organizational controls processes, and policies. Perform gap analysis, comparing state to widely accepted best practices from vendors, regulatory and compliance bodies, and the security community at large. Document these gaps, along with sensible and relevant recommendations, in findings reports that satisfy the needs of both a technical and non-technical audience.

• 25% Perform vulnerability scans and penetration tests of CBTS customer environments and controls. Using expertise in operation of commercial and open-source assessment tools, identify configuration flaws, missing patches, and gaps in defenses that could be exploited by attackers. Assessment types will include social engineering and phishing, wireless, mobile device, and physical security, and web application penetration tests.

• 25% Perform pre-sales work. Discuss security and compliance needs with customers, and identify services that help meet those needs. Work with security sales specialists to design engagements for customers. Craft detailed proposals that effectively communicate expectations to customers.

• 15% Assist CBTS internal technical staff with security needs. Provide recommendations for security architecture, processes and technologies. Assist CBTS marketing with promotion of security branding and services. Write technical whitepapers, blog posts, and other documentation. Perform security research, furthering individual and team understanding of the threat landscape, as well as cutting-edge security technologies. Attend security conferences and participate in local security community events. Evaluate products and tools that can improve the security services team's offerings, and provide value to customers.

Education

• Study beyond four years of College but less than a Master's Degree or equivalent

• Technical Degree is preferred

• CISSP/CEH/GSEC or other industry standard information security certifications are a minimum requirement

• GPEN, GWAPT, GAWN, GCIH, GCFA, OSCP, OSWP, OSWE are preferred

Experience/Background

• 6 to 7 years work experience

• Strong understanding of information security principles;

• Strong understanding of enterprise operating systems (Windows servers and workstations, Linux/UNIX, Mac OS X);

• Strong understanding of enterprise applications and platforms (web and application servers, messaging, database);

• Strong understanding of network communications (TCP/IP, Ethernet, WAN/LAN technologies);

• Familiarity with accepted security standards - ISO27K, NIST 800-53, SANS Consensus Audit Guidelines - as well as regulatory compliance regulations - PCI-DSS, Sarbanes-Oxley, HIPAA/HITECH, FFIEC, FISMA, FERC/NERC;

• Experience in enterprise network design and architecture;

• Experience in design, deployment and use of security technologies (network defenses, security monitoring, wireless, DLP, encryption, host-based defenses, log management & SIEM, etc.);

• Strong oral and written communication skills - must provide examples of written reports

Special Knowledge/Skills

• Hands-on experience with tactics used by the APT, Cyber Crime and other associated threat groups

• 1-2 years of experience performing penetration testing

• Advanced GIAC/SANS certifications - GPEN, GWAPT, GCIH, GCFA, GAWN; or Offensive Security - OSCP, OSWP, OSWE

• Experience with technical training and instruction

• Experience with public speaking and presentation on technical topics

• Strong creative writing skills - provide examples of whitepapers, blog posts, technical presentation material

Disability Accommodations

Cincinnati Bell and Cincinnati Bell Technology Solutions is an Equal Employment Opportunity / Affirmative Action employer and we provide reasonable accommodations for qualifying individuals with disabilities and disabled veterans in our job application and interview procedures. If you would like to request an ADA accommodation for any part of the application and/or interview process, please contact our HR Compliance Department at(513) 841-6310or send an email to recruiting@cinbell.com. If you should have any difficulty, you may use our alternative methods to express your interest in employment. A wonderful career awaits you!

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.