Application Architect-Performance & Security
Location – Cary(Raleigh-Durham) , NC
Position Type – Full Time/Regular
Trilliant® empowers the energy industry with the only purpose-built communications platform that enables utilities and cities to securely and reliably deploy any application – on one powerful network. With the most field-proven, globally compliant solution in the market, Trilliant empowers you by connecting the world of things™. We empower our employees to deliver on our commitment to our customers by encouraging passion, accountability, confidence, and energy for excellence. We invest in our people and provide opportunities for employees to grow themselves, their career, and our business.
The Solutions Architect-Performance & Security reports into the independent Quality & Cybersecurity organization. This role shall be responsible for overseeing program practices for performance and security and ensuring that product teams build platforms and solutions that are safe, secure, scalability and are fully compliant with corporate, customer and industry regulations and expectations. The Architect will be a key point of contact for product design, development, customer support, quality engineering and system integration teams.
- Responsible for establishing and facilitating a Global Center of Excellence for performance and security.
- Responsible for applying an interdisciplinary, collaborative approach to plan, design, develop validate and verify performance, scalability and security across the SDLC.
- Responsible for establishing internal requirements, SLA thresholds and KPIs for Trilliant’s core platforms and align these with customer expectations.
- Responsible to provide ongoing risk assessment for security and performance and ensuring that remediation actions are prioritized, implemented and verified.
- Responsible to conduct cyber risk assessment activities including threat modeling, vulnerability analysis and analysis of mitigation solutions.
- Knowledge of securing Kubernetes and Docker Containers. Excellent Kubernetes diagnostic experience.
- Current AWS/Azure Certifications, ISC2 CCSP Certified Cloud Security Professional, ITIL Certification(s), or CCNA/P preferred, but not required.
- Certifications such as CISA, CRISC, or CISSP are preferred.
- Experience with Secure Software Development Lifecycle frameworks such as Microsoft SDL, CISA-CLASP, SAMM or BSIMM will be a plus.
- Experience in cryptographic standards and methods and detailed knowledge of cryptographic key management preferred.
- Experience with Software Security tools, such as: Veracode, Black Duck, Metasploit, Checkmarx, SonarQube, Nexus/Sonatype, Tenable.
- Experience with Web Application Security Tools, such as: ZAP, Wfuzz, Grabber, Burp, Vega, W3af.
- Experience with one or more SIEM tools, such as: Splunk (preferred), SolarWinds, ArcSight, QRadar.
- Proven expertise in solving OS and application-level performance issues.
- Understanding of cloud-scale and micro/macro-services architecture.
- Architect solutions for microservices for self-service performance and scalability evaluation.
- Excellent troubleshooting skills and great attention to detail. Good understanding of virtualization is a plus.
- Experience with AWS, open source tools such as Kafka, Terraform, Spinnaker, InfluxDB, Elasticsearch a plus.
- Skilled in both the art and science of benchmark creation and measurement and modeling of system behavior under load.
- Ability to find root cause of performance bottlenecks with profiling tools.
- Passionate to optimize the performance bottlenecks and improve the product.
- Experience in tackling problems of load, scale, and optimizations of sophisticated large-scale deployments.
- Develop and implement overarching strategies for performance and scaling based on deep understanding of domain, architecture and product tech stack.
- Responsible for designing and implementing relevant simulators to ingest large scale data
- Knowledge about the latest methodologies for product cybersecurity risk assessment and vulnerability management and technologies and tools used within the product security domain is desired.
- Experience in Atlassian suite – JIRA, Bitbucket and Confluence preferred.
- Must have strong interpersonal, analytical, problem solving and organizational skills, and the ability to independently work as a contributing member in a high-paced and focused team.
- Strong written and verbal communication and presentation skills.
- Requires broad and deep technical experience related to studying and analyzing systems needs, systems development, systems process analysis, design, and re-engineering.
- Bachelor’s degree in Engineering, Computer Science, MIS, or related discipline required; Master’s degree desirable.
- Minimum 5+ years experience required in secure product development lifecycle engineering and in solution engineering with a focus on performance and scale. This experience should include design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services.
- Minimum 5+ years of experience in coaching and guiding engineers using a scale and security by design approach.
- Previous work experience in a role that focused on product cybersecurity and application performance and scalability is required.
- Strong understanding of product cybersecurity and the relationship between threat, vulnerability and potential customer risk in the context of risk management.
- Understanding of IoT/ IIoT related risks and their impact on solution performance, scalability and security is desired but not mandatory.
- Familiarity with the design of solutions for smart metering and smart city initiatives will be plus.
- Understanding (from an implementation and scaling perspective) of standards and frameworks such as the NIST Cybersecurity Framework, NIST Privacy Framework, ISO 27001, RMF, OWASP, COBIT-5 information security risk management, is required.
- Experience with secure configuration/hardening of systems. Experience in NIST Risk Management Framework and Software Assurance measures and practices preferred.
- Demonstrated knowledge of container technology (such as Docker), database technology (such as Oracle, MySQL, MS-SQL) and development language (such as Java, and Python).
To apply for this position, please send your resume to firstname.lastname@example.org. Please include the title of the position in the subject line.