Staff Security Architect

Job Description

TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers’ compensation insurance.

TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you’re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients’ business success with extraordinary HR.

Don't meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single requirement. At TriNet, we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your past experience doesn't align perfectly with every single qualification in the job description, we encourage you to apply anyways. You may just be the right candidate for this or other roles.

Job Description

As a Staff Cloud Security Architect, you will play a key role in partnering with Enterprise Architecture, Global Technology Services, Cloud Center of Excellence, GRC, Security Engineering, Cyber Defense, and the Business to drive leading security practices, capabilities, and technical solutions to support TriNet’s multiple cloud environments. Although you will work with other security architects who have deep knowledge of other domains, a strong understanding of all security architecture domains is important to help deliver a holistic and integrated cloud security architecture.

The successful candidate will be an expert in cloud technologies, how they are used to support traditional infrastructure as well as modern applications, and how they must be secured. Excellent communication and inter-personal skills are a must in this role as the chosen candidate would be a key liaison between multiple stakeholders ranging from technical staff to technology and business leaders. This individual will quickly establish relationships and serve as a trusted advisor and will also have a hands-on role in developing and integrating security solutions and leading practices.

Essential Duties/Responsibilities

 Maintain awareness of the architecture of TriNet cloud environments and their relationships to the threat landscape and

compliance requirements; be able to communicate same.

 Act as subject-matter expert regarding the security architecture of TriNet’s cloud and Kubernetes environments, including

the solutions used to facilitate security in the cloud.

 Define, create, and drive the adoption of reference architectures, strategies, design patterns, technical specifications,

roadmaps, and requirements for the cloud environments to address security concerns, targeting/leveraging our enterprise

CI/CD pipeline as much as possible.

 Drive the implementation and operationalization of key cloud security tooling such as Cloud Security Posture Management

(CSPM), Cloud Workload Protection Platform (CWPP), and Cloud-Native Application Protection Platform (CNAPP).

 Raise and manage the remediation of issues related to gaps in cloud security.

 Maintain awareness of emerging threats related to cloud security and propose changes to mitigate them.

 Contribute to TriNet security policies, standards, and guidelines related to cloud security.

 Communicate to security and technology leadership the status of projects and issues related to cloud security.

 Research the latest cloud security tools, techniques, and leading practices.

 Find opportunities to enhance control or process efficiency and effectiveness and provide recommendations for same. This

includes enhancement through automation.

Education

JOB REQUIRMENTS AND QUALIFICATIONS

 Bachelor’s degree in computer engineering, cyber security, or related field

 Master’s degree preferred

Training Requirements (Licenses, Programs, Or Certificates)

 At least one certification related to cloud technology (e.g., OCI Certified Architect, AWS Certified Solution Architect), with

security-specific certification preferred (e.g., OCI Certified Security Professional, AWS Certified Security - Specialty)

 At least one certification related to Kubernetes (e.g., KCNA, CKA), with security-specific certification preferred (e.g., CKS)

 General cloud security certification preferred (e.g., CCSK, CCSP, GCSA)

 General security certification preferred (e.g., CISSP, GIAC)

Experience

 Minimum of 8 years of work experience in a cloud engineer or architect (preferred) role

 Minimum of 3 years of work experience related to Kubernetes

 Minimum of 5 years of work experience in a security role

 Experience developing security strategies, reference architectures, blueprints, policies, and standards

 Experience driving the implementation of cloud security solutions such as CNAPP, CSPM, and CWPP, with Microsoft

Defender for Cloud and Palo Alto Prisma Cloud preferred

 Experience aligning cloud security to related Center for Internet Security’s benchmarks

 Experience leveraging CI/CD pipelines and management tooling to deploy Infrastructure/Policy/Security as Code

(IaC/PaC/SaC)

 Experience delivering “though leadership” to business and technology executives

 Experience with AWS and OCI, with their native Kubernetes services preferred (i.e., EKS, OKE)

Other Knowledge, Skills, And Abilities

 Practical knowledge of control frameworks such as the NIST CSF (v1 and v2), Center for Internet Security’s Critical Security Controls (v8), and the Cloud Security Alliance’s Cloud Controls Matrix

 Practical knowledge of the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, and particularly those TTPs related to cloud

 Practical knowledge with CI/CD pipelines and Infrastructure/Policy/Security as Code (IaC/PaC/SaC)

 Practical knowledge of risk management concepts such as risk treatment, exception management, compensating controls, and risk tolerance

 Basic understanding of malware such as worms, viruses, trojans, etc.

 Basic understanding of enterprise-wide technologies, including databases, operating systems, web applications, etc.

 Excellent problem solving and analytical skills

 Ability to communicate with employees at all levels of the organization

 Ability to work with multi-disciplinary and cross-functional teams

 Ability to communicate technical concepts to nontechnical teams

 Ability to employ professional skepticism

 Excellent interpersonal, presentation, negotiation, communication, and facilitation skills

 A demonstrated commitment to high professional ethical standards and a diverse workplac

Work Environment

• Work in a clean, pleasant, and comfortable office work setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions.
• This position is 100% in office.
  
  
  

Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity.

TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact [email protected] to request such an accommodation.