Information Security Architect

About the job

Job Description

Information Security Architects are responsible for providing support for system security assessments of NIST-regulated systems as well as other technologies within the NS landscape. The selected candidate will work with technical and functional teams to define, document, and deliver security documentation and artifacts that demonstrate compliance with required security controls.

Information Security Architects work alongside the Information Security team(s) to support continuous diagnostic and monitoring programs as needed. Reviews planned system changes, helps identify and document security impacts, helps coordinate security scanning, testing, and reporting. As well as production readiness and post implementation support activities.

This position will provide infrastructure design, and relevant security support in the enterprise Mobile Device Management (MDM) environment. This person will manage multiple initiatives such as mobile device management, multifactor authentication, mobile application deployment, and must work collaboratively with the MDM team and partners. This position assists in creating secure solutions to prevent internal or external attacks and attempts to infiltrate company email, data, e-commerce, and web-based systems. Assists in the support of technologies deployed across application, network/perimeter, data, endpoint, identity & access, and mobility domains. Assists in the research of attempted or successful efforts to compromise system security. Assists in providing information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems.

Principal Duties

• Performing security risk assessments, drafting and presenting reports
• Maintain reference architectures tying security requirements to best practices and NIST frameworks
• Drive mobile security by influencing, building, and assisting with security challenges
• Provide guidance for enterprise security technologies, hosting models, and infrastructure security
• Champion Mobile Device Management (MDM) platform, technologies, and related services

Education

Preferred Level: Bachelor’s Degree (BS)

Preferred Majors: Cybersecurity, Computer Science or Information Systems; Specialization in Information Security/Assurance is a plus

Certifications

Preferred certifications: CISSP, CASP, CEH, GMOB, CMDSP

Required certifications: Security+

Skills Required

• Knowledge of security best practices and common security frameworks such as NIST 800-series
• Understanding of security by design principles and architectural security concepts
• Knowledge of common mobile attack vectors and vulnerabilities
• Practical experience with AirWatch and/or Intune
• Demonstrated experience securing Apple and Android devices
• Ability to thrive in a dynamic environment and handle multiple priorities
• Excellent written and oral communication skills
• Experience developing formal documentation such as operating procedures or implementation guides

Skills Desired

• Experience developing, assessing, and recommending security controls,
• Practical experience in conducting vulnerability and/or risk assessments
• Experience with Identity and Access platforms
• Familiarity with common NIST frameworks, security controls, and guidance
• Familiarity with Agile practices

Work Conditions

Environment: Hybrid (At least 2 days in the office per week)

On-Call: Yes

Weekend Work: As Required

Travel Required: 0-2 Days per Month

Company Overview

Norfolk Southern Corporation (NYSE: NSC) is a Fortune 300 organization and one of the nation’s premier transportation companies. Its Norfolk Southern Railway Company subsidiary operates approximately 19,500 route miles in 22 states and the District of Columbia, serves every major container port in the eastern United States, and provides efficient connections to other rail carriers. Norfolk Southern is a major transporter of industrial products, including chemicals, agriculture, and metals and construction materials. In addition, the railroad operates the most extensive intermodal network in the East and is a principal carrier of coal, automobiles, and automotive parts.

At Norfolk Southern, we believe in celebrating our individuality. By leveraging the unique backgrounds and viewpoints of our employees, we can create a culture of innovation, respect, and inclusion. We know that employees thrive in a workplace where differing viewpoints, ideas, and experiences are freely shared and valued. As such, we encourage all employees to contribute their distinctive skills and capabilities to our organization.

Equal employment opportunities are available to all applicants regardless of race, color, religion, age, sex, national origin, disability status, genetic information, veteran status, sexual orientation, and gender identity. Together, we power progress.

Effective December 8, 2021, NS has paused its implementation of the COVID-19 vaccine mandate given the dynamic legal proceedings. The ultimate outcome of the federal contractor vaccine mandate is yet to be determined. It is still possible that the mandate, as it applies to NS, could be upheld in court in the near future. If the mandate is upheld, NS employees will be required to be vaccinated or have an approved medical or religious accommodation.