Security Architect

Summary

Join Earnest, a company dedicated to making higher education accessible and affordable, as a Security Architect. Reporting to the Director of Security, you will design and implement security solutions, develop threat models and security standards, and deliver secure coding training. You will also define and enforce network access control policies and ensure timely remediation of vulnerabilities. The role requires developing a robust Identity and Access Management (IAM) strategy and involves collaboration with the team in the Oakland office. This position offers a competitive salary and benefits package, including remote work flexibility with monthly in-office collaboration days.

Requirements

• Must have 10+ years of experience in a security-related field, providing a blend of architectural leadership and hands-on experience as a security architect
• 5+ years of experience working with AWS environment and DevSecOps
• 5+ years application security experience with either functional or imperative languages
• Experience with security policy frameworks such as NIST, CIS, or FFEIC
• Ability to perform security-focused code reviews
• Comfortable with typical threat hunting / incident response processes
• Experience with containers, microservices, and the risks associated with these systems
• Understanding of both human and non-human identity, authentication and authorization
• Willingness to travel to the Oakland office monthly to collaborate with other Earnies

Responsibilities

• Design and implement security solutions that address organizational needs and mitigate risks across applications, networks, and systems
• Develop threat models and security standards, recommend security controls, and integrate security measures into system, infrastructure, and application designs
• Develop and deliver secure coding training, provide guidance on application security best practices, and encourage adherence to secure coding standards
• Define and enforce network access control policies, including firewalls, ACLs, and segmentation
• Ensure timely remediation of vulnerabilities and security audit trail production in server infrastructure and workstation endpoints
• Develop a robust Identity and Access Management (IAM) strategy by defining and implementing access management controls such as RBAC, SSO, IAM, FIdM, CASB, CIEM

Preferred Qualifications

• Professional security certifications (e.g., CISSP, OSCP, CISM)
• Worked in an environment subject to SOX compliance
• Proficient in NodeJS, Python, and/or Go
• Experience with infrastructure automation tools such as Terraform and Ansible
• Software development experience with either functional or imperative languages

Benefits

• Health, Dental, & Vision benefits plus savings plans
• Mac computers + work-from-home stipend to set up your home office
• Monthly internet and phone reimbursement
• Employee Stock Purchase Plan
• Restricted Stock Units (RSUs)
• 401(k) plan to help you save for retirement plus a company match
• Robust tuition reimbursement program
• $1,000 travel perk on each Earnie-versary to anywhere in the world
• Competitive days of annual PTO
• Competitive parental leave