Security Architect

Need Only Local Candidates

Hello,

I am hiring a consultant for one of my client's requirements. Job Description for the same is written below. If you find yourself comfortable with the requirement please reply back with your updated resume

Title:  Security Architect

Location: NY-New York/Nyc (Hybrid)

Duration: 12 Months

Interview mode: Video

Technical Focus Areas

Identity & Access Management

• Entra ID (Azure AD) architecture, configuration, and hardening
• Privileged Access Management (PAM) strategy and implementation
• Kerberos Hardening across hybrid environments

Directory Services & Auditing

• Deep auditing and review of Active Directory configurations
• Recommendations for security posture enhancements
• Evaluation of AD/Entra ID trust relationships and identity workflows

Security Enhancements & Infrastructure

• Security architecture improvements across cloud and on-prem components
• Endpoint Detection & Response (EDR) strategy and tooling
• SIEM optimization, integrations, and logging improvements

Additional Skills / Requirements

• Architect-level expertise in enterprise security
• Strong hybrid cloud security experience (Azure/Microsoft-focused preferred)
• Unix security knowledge and administration experience
• Ability to guide technical teams and contribute to long-term security roadmap

Role Responsibilities:

Active Directory and Entra ID Security Enhancements

• Tiered Administrative Model: Implement a tiered model to segregate administrative privileges, reducing the risk of lateral movement.
• Privileged Access Management (PAM): Utilize PAM solutions to control, monitor, and audit privileged accounts, ensuring that users have only the access necessary for their roles.
• Kerberos Hardening: Regularly monitor for anomalies in Kerberos ticketing to detect and prevent unauthorized access.
• Regular Auditing: Conduct periodic audits of AD configurations and permissions to identify and remediate potential vulnerabilities.
• Risk Assessment Review: Review the risk assessment reports and assist in mitigating them.

Vulnerability Management Across Windows and Linux

• Automated Patching: Assist in deploying automated tools to ensure timely patching of known vulnerabilities across all systems.
• Configuration Management: Review and implement configuration management tools to enforce security baselines and detect unauthorized changes.
• SIEM Utilization: Review and utilize Security Information and Event Management (SIEM) systems to continuously monitor for signs of compromise.
• Regular Security Assessments: Conduct periodic security assessments and code reviews to identify and remediate vulnerabilities.

Modernize Certificate Lifecycle Management

• Lifecycle Tools: Implement tools to manage the issuance, renewal, and revocation of digital certificates.
• MFA Integration: Leverage PKI to enhance MFA solutions, providing stronger authentication mechanisms.
• PKI Audits: Audit PKI components to ensure compliance with security policies and standards.

Endpoint Detection and Response (EDR)

• Behavioral Analysis: Utilize EDR tools that employ behavioral analytics to identify anomalous activities indicative of threats.
• SIEM Integration: Ensure EDR solutions feed data into SIEM systems for centralized analysis and response coordination.
• Automated Response: Implement automated response capabilities to contain threats swiftly upon detection.

Requirements and Experience:

• B.S. required
• U.S. citizenship required
• Strategic Thinking – Ability to align security architecture with business goals, anticipating future risks and designing scalable solutions.
• Leadership – Skilled at driving consensus across DAS and ITB diverse teams and guiding stakeholders toward secure design decisions.
• Communication – Capable of translating complex security concepts into clear, actionable insights for executives, engineers, and business leaders.
• Experience working in a team environment

Regards,

Shivani Chauhan

Technical Resource Specialist

InTime Infotech Inc

Shivani.chauhan@intimeinfy.com