Cognizant Technology Solutions Corporation

Job Description

About Corporate Security

Cognizant Corporate Security, a key organization within Cognizant Technology Solutions chartered with managing and directing the global enterprise physical and IT security programs. The Corporate Security organization is responsible for the oversight and coordination of security efforts across the company, including information technology, human resources, communications, legal, facilities management and various other groups, and is responsible for identifying security initiatives and standards. Corporate Security drives security compliance and serves as the key organization responsible for helping the business appropriately manage security risks.

Position Description

Cognizant is seeking a security architect for the SGA team. This role requires an experienced and versatile security professional who can design, build, test, and implement security systems for Cognizant’s complex infrastructure. This role will also involve leading and advising on security requirements and translating them into technology specifications for solutions, systems, and applications in the Cognizant Corporate environment. The role will report to a manager or senior manager in the SGA team.

This role requires knowledge of technology architectures, risk management, and communication skills. This role will collaborate with Product teams to ensure compliance with Cognizant’s corporate security standards and guidelines. This role requires a curious and analytical mind.

The ideal candidate has:

• A bachelor's degree in computer science, Cybersecurity, or a related field.
• Prior security architecture experience of 10-12 years including hands-on expertise at least 5 distinct security technologies (e.g., Identity, Firewalls, Logging, Alerting, Encryption, Data-Loss Prevention).
• Familiar with creating processes for the review of security related architectures to identify, score, and report risk.
• A proven history of identifying compensating technologies to address risk related technology issues while still meeting business requirements.
• Capability to create reference architectures based on known good security architectures to streamline future architectural needs.
• Ability to author, interpret, and discuss security standards and baselines in an authoritative manner with both technologist and executive business leaders.
• Experience (1-3 years) leading a team of security architects or engineers to tackle complex problems and in creating validation requirements for security architecture usage.
• Prior experience mentoring business and other security professionals in security architecture concepts and designs.
• Ability to develop and maintain security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
• Experience in created baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).
• Prior experience in participating in application and infrastructure projects in an advisory role to provide security-planning advice.
• Strong understanding of security frameworks (e.g., NIST, ISO 27001) and compliance requirements (e.g., GDPR, HIPAA).
• Knowledge of security technologies such as firewalls, VPN, data loss prevention, IDS/IPS, web-proxy, and security audits.
• Understanding of the current security concepts, methods, and protocols.
• Familiarity with web-based technologies (Web applications, Web Services, Service-Oriented Architectures) and network/web related protocols.
• A good team player with the ability to communicate well with various stakeholders
• Ability to explain technical risk issues and simplify them for common IT business leaders and upper management.
• Ability to identify gaps in security controls and provide guidance based on residual risk analysis on needed controls to achieve compliance and follow secure design principles and the CIA triad.
• Strong willingness to learn and apply critical thinking skills to complex designs.
• SC-900, CCSP, CISSP, CISM, and other relevant information security industry recognized certification desired.