Main Objective:

The cloud security architect (Azure, AWS) is responsible for developing and overseeing a cloud computing strategy for Arthrex, as well as responding to cloud-related breaches. This includes cloud adoption plans, cloud application design, and cloud management and monitoring. In this role, you will need to apply your cloud security skills, cloud network architecture, security hardening, and logging enforcement skills to assist Arthrex with containment and remediation workstreams. The cloud architect will provide Arthrex with industry best practice and insight regarding application architecture and deployment in cloud environments. You will possess strong advisory skills, be adept in leading multiple projects under tight deadlines, and possess in-depth experience in security event monitoring, cyber threat intelligence, and/or computer incident response.

Essential Duties and Responsibilities:

1. Perform technical security configuration assessments of a Arthrex s cloud platforms - such as Microsoft Azure, and Amazon Web Services (AWS).

1. Perform technical security configuration reviews for common cloud-based SaaS platforms, including Microsoft Office 365 (O365).

1. Guide Arthrex in the creation of optimized cloud solutions that deliver enterprise-grade security, compliance, and responsiveness to the latest cloud-based threats and attacks.

1. Demonstrate a deep understanding of cloud computing concepts and how security controls are applied to those cloud-based technologies. Example cloud security concepts include, but are not limited to:
   
   • Architecture & Networking
   
   
   • Identity & Access Management
   
   
   • Secrets and Data Protection
   
   
   • Logging, Detection, and Response
   
   
   • Security Controls for Containers (e.g., Docker, Kubernetes, etc.)

1. Architect cloud services and mitigate risks

1. Assist with defining and developing appropriate governance for a cloud strategy

1. Provisioning and automating cloud services

1. Orchestration of cloud workflows

1. Guidance on the management of cloud deployments, monitoring and oversight, and operational guidelines.

1. Evaluate Arthrex business needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects

1. Implement and/or assess existing security controls

Incidental Duties:

The above statements describe the general nature and level of work being performed in this job. They are not intended to be an exhaustive list of all duties, and indeed additional responsibilities may be assigned, as required, by management.

Education and Experience:

Bachelors Degree required preferably in Computer Science or related field

12 years of experience in information security required.

Certified Information System Security Professional (CISSP) preferred.

Knowledge and Skill Requirements/Specialized Courses and/or Training:

• Experience running Cloud services with a combination of onsite and on cloud hosting provider experience (AWS, Azure)

• Strong understanding across Cloud and infrastructure components (server, storage, network, data, and applications) to deliver end to end Cloud Infrastructure architectures and designs

• Experience writing architectural plans, best practices and guidelines for enterprise applications

• Understanding of cloud computing technologies, business drivers, and emerging trends

• Experience in preparing architecture diagrams and writing approach papers

• Provide expert experience in assessing cloud infrastructure from a security perspective and developing security controls to address findings

• Ability to provide guidance for cloud-specific remediation recommendations responding to cloud-related incidents.

• Deep understanding and implementation of industry-leading practices around cyber risks and cloud security frameworks using industry standards such as CIS Benchmarks, Cloud Security Alliance, and NIST SP 800-144, 800-145, 800-291, and 800-322.

• Experience advising the business/GIS on cloud architecture and design concepts based on compliance and regulatory standards (e.g., PII, PCI-DSS, PHI, GDPR, FDA, HIPAA).

• Demonstrated ability to share and communicate ideas to executives, business partners, technical resources and other key constituents in clear, concise language

• Use formal project management skills in planning, tracking, and reporting on project progress

• At least a minimal understanding of a programming or scripting language and strong knowledge of scripting, programming or application programming interface (API) interaction

• Experience with Incident Response within cloud environments and applications

All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.