Principle Cyber Security Architect- Identity

GE Aerospace

Job Description Summary

We are seeking a highly skilled Principal Cyber Security Architect with deep expertise in Identity and Access Management (IAM), Cloud Security, Zero Trust methodologies, and advanced access control models such as Attribute-Based Access Control (ABAC) and Policy-Based Access Control (PBAC). As a key member of the cybersecurity team, you will design, implement, and maintain robust security solutions that align with industry best practices and the organizations security strategy. You will collaborate with cross-functional teams to enhance and secure identity management systems, cloud environments, and access control models.

Job Description

Key Responsibilities:

Architect and Design Security Solutions:

Develop and lead the implementation of security architectures focusing on IAM, Cloud Security (AWS, Azure, GCP, OCI), Zero Trust principles, and ABAC/PBAC access control models.

Ensure secure integration of IAM and access control solutions with on-premise, cloud, and hybrid environments.

Develop comprehensive security frameworks, including detailed security policies and procedures aligned with business requirements.

Identity and Access Management (IAM):

Oversee the design, deployment, and maintenance of scalable IAM systems including SSO (Single Sign-On), MFA (Multi-Factor Authentication), Privilege Access Management (PAM), and User Lifecycle Management.

Lead efforts to implement and optimize ABAC and PBAC models to ensure granular and context-aware access management across diverse applications and systems.

Assess and improve current IAM frameworks, incorporating advanced access control mechanisms to strengthen security across digital platforms.

Zero Trust Security Model:

Lead the development and implementation of a Zero Trust architecture, minimizing risks and enhancing the organization’s ability to protect assets in distributed and cloud-native environments.

Integrate ABAC and PBAC within a Zero Trust framework to ensure continuous verification and enforcement of least privilege access.

Cloud Security:

Design and implement cloud security solutions for IaaS, PaaS, and SaaS environments, ensuring compliance with corporate security policies and external regulatory requirements.

Develop, review, and maintain cloud security configurations to optimize security postures across multiple cloud platforms, incorporating ABAC/PBAC for fine-grained cloud access controls.

Governance, Risk, and Compliance (GRC):

Collaborate with the security governance and compliance teams to ensure that IAM and cloud security initiatives, including ABAC/PBAC, comply with relevant industry standards (e.g., ISO 27001, NIST, CIS, GDPR, SOC 2).

Lead security assessments, audits, and penetration testing to identify and mitigate vulnerabilities within cloud and identity systems, with particular focus on access control models.

Advanced Access Control (ABAC/PBAC):

Design and implement Attribute-Based Access Control (ABAC) solutions, leveraging user attributes and contextual data to enforce dynamic access controls.

Architect Policy-Based Access Control (PBAC) frameworks, defining and applying detailed access control policies to ensure precise control over user permissions.

Continuously evaluate and refine ABAC and PBAC strategies to align with evolving business needs and emerging security challenges.

Innovation and Leadership:

Serve as a thought leader in cybersecurity architecture, staying informed about emerging trends, technologies, and threats in IAM, cloud security, ABAC/PBAC, and Zero Trust models.

Mentor and guide junior team members, building a highly skilled and motivated security architecture team.

Engage with senior leadership to communicate risk, define security roadmaps, and align security strategies with overall business objectives.

Required Qualifications:

Education: Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, or a related field.

Experience:

10 years of experience in cybersecurity architecture, with a focus on IAM, Cloud Security, Zero Trust methodologies, and advanced access control models (ABAC/PBAC).

Hands-on experience architecting IAM systems and deploying ABAC and PBAC frameworks.

Strong expertise in AWS, Azure, and/or GCP security models and best practices.

Certifications: Relevant certifications such as CISSP, CISM, CCSP, AWS Certified Security – Specialty, Azure Security Engineer Associate, or similar.

Skills:

Deep knowledge of Identity Governance and Administration (IGA) and access control models such as RBAC, ABAC, and PBAC.

Expertise in identity federation protocols (SAML, OAuth, OpenID) and modern IAM solutions.

Strong understanding of security standards and regulations (ISO, NIST, GDPR).

Proficiency in scripting and automation tools (Python, PowerShell, etc.).

Excellent problem-solving, analytical, and communication skills.

Preferred Qualifications:

Experience implementing ABAC/PBAC in cloud-native and hybrid environments.

Familiarity with DevSecOps practices and security-as-code.

Experience with Zero Trust Network Access (ZTNA) solutions and frameworks such as NIST SP 800-207.

Strong experience with security tools such as SIEM, SOAR, DLP, and EDR.

Note:

The base pay range for this position is $150,800 – $211,000 USD . The specific pay offered may be influenced by a variety of factors, including the candidate’s experience, education, and skill set. This position is also eligible for an annual discretionary bonus based on a percentage of your base salary/ commission based on the plan. This posting is expected to close on or before 10/15/2024.

Healthcare benefits include medical, dental, vision, and prescription drug coverage; access to a Health Coach, a 24/7 nurse-based resource; and access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time-off for vacation or illness.

General Electric Company, Ropcor, Inc., their successors, and in some cases their affiliates, each sponsor certain employee benefit plans or programs (i.e., is a “Sponsor”). Each Sponsor reserves the right to terminate, amend, suspend, replace, or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a Sponsor’s welfare benefit plan or program. This document does not create a contract of employment with any individual.

Additional Information

GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer (https://www.eeoc.gov/sites/default/files/2022-10/22-088EEOCKnowYourRights1020.pdf) . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).

Relocation Assistance Provided: No

#LI-Remote – This is a remote position

Show Full Vacancy