Senior Security Architect
Motiva Enterprises LLC

At Motiva Enterprise LLC., our key asset is our people. We have over 2,500 dedicated employees who allow us to fulfill our purpose - to be the safest and most profitable downstream company in the Americas. Headquartered in Houston, TX, we own and operate North America's largest refinery, located in Port Arthur. Combined with our Terminals & Pipelines along the Southeast Coast, our organization is growing! Find out how you can grow with us!

Position Overview

The Senior Security Architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices. The security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. The security architect may be required to assume responsibility for certain security functions that would normally be addressed by other roles in larger enterprises.

Responsibilities:

• Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
• Develops security strategy plans and roadmaps based on sound enterprise architecture practices
• Develops and maintains security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
• Determines baseline security configuration standards for operating systems (e.g., operating system hardening), network segmentation, and identity and access management (IAM)
• Drafts security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the Chief Information Security Officer (CISO)
• Develops standards and practices for data encryption and tokenization within the organization based on the organization's data classification criteria
• With guidance from the CISO, or the individual responsible for overall security direction, and in conjunction with security operations center (SOC) colleagues, establishes procedures - including escalations - for when indicators of compromise (IOCs) are discovered
• Establishes a taxonomy of IOCs and shares this detail with other security colleagues, including the SOC, information security managers and analysts, and counterparts within the network operations center (NOC)
• Validates IT infrastructure and other reference architectures for security best practices, and recommend changes to enhance security and reduce risk where applicable
• Validates security configurations and access to security infrastructure tools, including firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), anti-malware/endpoint protection systems, etc.
• Validates that security and other critical patches to firmware and operating systems are configured and deployed in a timely fashion
• Conducts or facilitates threat modeling of services and applications that tie to the risk and data associated with the service or application
• Ensures that a complete, accurate and valid inventory of all systems, infrastructure and applications is conducted that should be logged by the security information and event management (SIEM) or log management tool
• Coordinates with the DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices to the CISO or the individual responsible for the overall security direction
• Liaisons with other security architects and security practitioners to share best practices and insights
• Liaisons with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls
• Participates in application and infrastructure projects to provide security planning advice
• Liaisons with the business continuity management team to validate security practices for both disaster recovery planning (DRP) and business continuity management (BCM) testing and operations when a failover occurs
• Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use based on security, financial and operational metrics

Basic Qualifications:

• Bachelor's or master's degree in computer science, information systems, cybersecurity or a related field
• The security architect should have direct, documented, and verifiable experience with the following:
• Experience in using architecture methodologies such as SABSA, Zachman and TOGAF
• Direct, hands-on experience managing security infrastructure such as firewalls, IPSs, WAFs, endpoint protection, SIEM and log management technology
• Verifiable experience reviewing application code for security vulnerabilities
• Direct, hands-on experience using vulnerability management tools
• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
• Full-stack knowledge of IT infrastructure
• Direct experience designing IAM technologies and services (e.g., Active Director, LDAP, Amazon Web Services' [AWS'] IAM)
• Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
• Experience designing the deployment of applications and infrastructure into public cloud services (e.g., AWS or Microsoft Azure)
• Must have demonstrated skills in Strategic Planning, Communication, Financial Analysis and Project Management

Preferred Certifications:

• ISC2's CISSP, ISACA's CISM, ISACA's CISA, The Open Group's TOGAF, SANS' GAIC, IAPP's CIPT

We reserve the right to amend or withdraw Motiva jobs at any time, including prior to the closing date. Depending on qualifications, the successful candidate may be offered a position at a more appropriate level and/or grade.

Applicants for regular U.S. positions must be authorized to work in the United States for Motiva Enterprises LLC without the need for sponsorship of an immigration authorization or visa (for example, TN, H-1B, or other employment-based immigration authorization or visa).

Motiva participates in E-Verify.

All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, age, religion, disability, sexual orientation, gender identity, protected veteran status, citizenship, genetic information, or other protected status under federal, state, or local laws.

This job has expired.