Job Description

Under the direction of the Director – Information Security Architecture and Operations, the Senior Information Security Architect is a talented and highly motivated individual. The security architect will lead the review and acquire an in-depth understanding of the current application landscape and technical architecture, the security issues, opportunities and value to the business. The senior architect will help drive and develop the future state enterprise architecture and application frameworks, based on the business needs of various lines of business while ensuring that the frameworks incorporate Boyd Gaming’s security goals and standards, along with any external security frameworks (such as NIST-800) as directed.

This will include documentation of principals, policies and standards, and governance process. The architect will support the various application teams in identifying the migration path from current state to the future state architecture.

• Demonstrates solid understanding of architectural considerations such as security, performance, scalability, reliability, etc.
• Utilizes deep conceptual and technological understanding of contemporary security and architecture concepts, industry trends, and best practices. Successfully leverages this knowledge to assess the organizational needs.
• Works on architecture frameworks in support of highly complex organizations with multiple business areas, geographic areas and a wide systems footprint with multiple technology
• Demonstrates ability to think objectively and outside of the box to come up with innovative solutions and simplify complexity.
• Determines and leads the implementation of security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses/risk assessment; studying architecture/platform; identifying integration issues
• Implements security systems by specifying attack vectors, methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive security reassures; providing technical support; completing documentation
• Will explain the reference architecture/model to various business and IT stakeholders to get buy-in as well as enable the adherence to the established security standards and policies, providing support during the migration to the reference model.
• Inform, advise and work with IT teams as well as business units on compliance with standard and policy, secure architecture, perform buy vs build analysis, evaluate new tools/applications.
• Evaluate the security and applicability of applications and technology and architecture of systems from entities acquired by Boyd Gaming and provide inputs to the secure integration of those entities.
• Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
• Coordinate third party architectural risk analyses that include threat modeling and reference the threat model to inform decisions about which controls to implement to effectively address risk.
• Perform requirements analysis and design of security features and functionality and advise product managers and software engineers during the build process.
• Collaborate with the IT Products and DevOps teams to perform requirements analysis and design security features and functionality.
• Perform manual code reviews of code that represents a material change to the way the solution performs authentication, authorization, and accounting (AAA) as well as how data is secured at rest and in transit across trust boundaries.
• Establish secure coding standards leveraging CERT Secure Coding Standards, OWASP Proactive Controls, SANS SWAT Checklist, and/or SAFECode Fundamental Practice for Secure Software Development and educate software engineers on how to securely develop code without introducing security vulnerabilities.
• Evaluate and implement tactics, technics, and procedures to programmatically evaluate code for security related bugs during the pre-commit, commit, and acceptance phases of the Continuous Integration/Continuous Delivery (CI/CD) pipeline.
• Evaluate the results of security assessments, including, but not limited to web application security assessments, static and dynamic code analysis, as well as software composition analysis to determine the risk associated with the findings and to prioritize remediation work.

Qualifications

Bachelor's degree (or advanced degree) in any of the following areas preferred:

• Information Technology

• Information Security

  • Computer Science
    • Mathematics

• An equivalent level of experience may be substituted

• Must have 5-8 years in IT

• 3-5 years in Information Security

• The following characteristics are critical for success – accountability, confidence, openness, risk tolerance, enthusiasm and emotional maturity. These characteristics will be demonstrated through the following:

  • assess own strengths and weaknesses:
  • Pursues training and development opportunities;
  • Strives to continuously build knowledge and skills;
  • Displays critical thinking and creativity;
  • Meets challenges with resourcefulness;
  • Develops innovative approaches and ideas;
  • Shows adaptability to change;
  • Takes risks and thrives in an environment of constant change;

• Ability to effectively analyze vast information from multiple sources

• Ability to operate with high degree of uncertainty and gaps in information

• Ability to understand the business need and business context as well as explain the reference model and migration path concepts to get buy in.

• Ability to communicate with technical teams working on different technologies.

• Ability to influence decision makers from different backgrounds on the value of the reference model, standardization, and other architectural decisions, and drive compliance with established standards across the organization

Understand application and systems Architecture Design, have the ability to explain why it should be designed in a given way, and be able to suggest changes based on specific needs

• Ability to analyze the business operations of the organization and apply security solutions which protect those business operations

• Must be able to design security solutions which suit the risk appetite and real threats ant the organization faces

• Familiarity with multiple variations of security tools: EndPoint, SIEM, EmailSecurity, Identity and Access Control, Privileged account management, DLP, CASB, OS protection, etc. to implement defense-in-depth solutions at control points within the enterprise, especially as information travels from one network zone to another

• Understanding of network protocols, application data flow analysis, and network design and troubleshooting

• Familiarity with application security practices such as secure coding and secure development lifecycle management which is required in coordinating with application development groups

• Understanding of how applications are designed, deployed and managed is essential to demonstrating the ability to design security solutions to protect critical assets and data

• Ability to apply security principles in Service Oriented Architecture, OWASP (Open Web Application Security Project); application frameworks (.Net, J2EE/Java, etc.) and the use of cryptography in applications in order to explain complex issues.

• Familiarity with the principals, objectives and requirements of cloud governance frameworks.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Boyd Gaming is proud to be an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state, or local protected class.