Solutions Architect ? Security

Carmax (


  Full Time   Employee

United States


Position Description

The Security Solutions Architect is responsible for providing security consulting services to business and IT units pertaining to system design, engineering and implementation while promoting the protection, integrity and confidentiality of customer, vendor, employee, and business information in compliance with organization policies and standards.

The Security Solutions Architect will utilize proven consulting skills to deliver design and engineering services with a specific focus on the security domain. Ensuring IT solutions are aligned effectively with CarMax?s evolving security direction and posture while acting as a security subject matter expert, utilizing security technologies and industry standards to promote confidentiality, integrity and availability of CarMax?s information assets.

The position is also expected to:
?Provide strong expertise in Information Security support including compliance driven initiatives
?Deliver ?hands-on? security expertise in support of the CarMax Environment
?Document the security architecture and architectural decisions related to security
?Stay abreast of security trends and new technologies that will enhance CarMax?s current and future data security architecture.
?Perform security related services and process assessments/evaluations based on industry standards and common practices (e.g. NIST CSF, OWASP, and ISO).
?Be responsible for leading and directing security implementation throughout the system development lifecycle across the complete stack (i.e. physical, data, network, transport, session, presentation, and application)
?Utilize information security tools to identify potential threats
?Document and speak to risks, mitigation, and alternatives


Position Requirements:
?Ability to design complex systems that impact multiple infrastructure domains across IT Operations and Development teams while accounting for security considerations.
?Demonstrate ownership of the design aspects of the operations lifecycle
?Consistently show the ability to mentor others in the production of all artifacts required of an Engineer, Analyst or Principal Analyst
?Analyze business and technical requirements to determine system design requirements, identify potential issues, and perform cost analysis related to each project.
?Ability to strategically analyze the risks, benefits, and opportunities associated with a proposed design or solution
?Broad understanding of the business processes implemented across organization.
?Able to effectively estimate time required for technical efforts for projects of all sizes

Technical Expertise:
?Responsible for detailing security user stories/requirements and generating technical specifications for all systems within IT operations.
?Demonstrated ability to design and implement security infrastructure, applications, networks, systems and equipment that impact multiple environments across all of IT.
?Proven experience designing modifications to existing systems, designing reusable components, and elimination of redundancy in designs throughout IT Operations.
?Demonstrate technical infrastructure architectural knowledge, playing a vital role in design of production, staging, QA and development infrastructures running in a 247 environment
?Experience in multiple large projects in leading the definition, selection, and implementation of security tools, technologies, and processes
?Establish level of service standards and operating procedures for overall system availability and individual system components
?Produce design documents to effectively hand over to other departments for successful implementation
?Knowledge of current and emerging industry technologies

Customer Interaction and Business Knowledge:
?Ability to understand the business requirements as well as provide a proposal of the appropriate security solution
?Broad understanding of the business processes supported across all team?s environments
?Ability to lead customer/project meeting(s) for project definitions, needs assessments and design reviews that impact all areas of a team?s systems
?Drive architectural consensus with the team while maintaining awareness with other teams

?Able to influence the security technical direction of others in order to drive all projects to successful completion within architectural standards and guidance
?Proven ability to effectively communicate architectural standards and leading practices
?Ability to develop and deliver technical training and business understanding for engineers and analysts.
?Ability to drive through obstacles and time constraints to successfully deliver a project to completion

Additional Responsibilities:
?Investigate new technologies and techniques and research ongoing industry developments
?Assist in forecasting security technology implementation budgets


Security Systems:
?Security Systems
?Cloud (SaaS Solutions, PaaS, IaaS)
?Cloud Access Security Broker (CASB)
?Collaboration Technology
?Web Application security
?Tokenization and encryption solutions
?Vulnerability management
?Data Loss Prevention technologies and implementation
?Secure coding standards
?VPN technologies
?PKI management and standards

Position Requirements

?Proven ability to effectively communicate concepts to a broad based team
?In-depth experience with security architecture design concepts and techniques and the ability to communicate those concepts to a broad based audience
?Experience in creating and designing security solutions throughout the team?s environment and effectively communicating the rationale behind the designs
?Broad understanding of all aspects of the team?s technical infrastructure requirements including scalability, and usability
?Proven experience with working effectively with multiple areas of the business community in order to gather requirements and translate those requirements into architectural designs
?Work with consultants to guide the security technology direction in order to meet the security architectural strategy
?Demonstrated ability to compare and contrast alternative approaches to meet objectives while assessing risk both quantitatively and qualitatively
?Possess strong organizational and time management skills
?Demonstrated flexibility

Education and/or Experience:
?Typically, 10+ years within Information Technology with a concentration on Information Security, Application Security. Security design and implementation experience required.
?4-year bachelor?s degree in Computer Science or IT related course of study preferred
?Experience in a broad range of IT systems (see Specialties section) required
?In depth knowledge of information security industry frameworks and standards NIST, OWASP, ISO-27001/2, SANS, COBIT and ITIL
?Information security practices such as PCI, ITGC?s, HIPAA and Privacy
?Security certifications (CISSP, CISM, Security +) preferred.

To apply for this job, contact:
Ashley Murr

Save This Job

Email This Job to a Friend