Data and AppSec Engineer Architect

As CohnReznick grows, so do our career opportunities. As one of the nation's top Professional Services and Business Advisory firms, we foster teams in Advisory, Assurance, and Tax services that value innovation and collaboration in everything they do!

We currently have an exciting career opportunity for a Data and AppSec Engineer Architect to join the Cybersecurity Virtual team in our Global Digital & Cybersecurity group.

CohnReznick is a hybrid firm and most of our professionals are located within a commutable distance to one of our offices. This position is considered remote which means it does not require job duties be performed within proximity of a CohnReznick office location. However, as a remote employee, you may be required to be present at a CohnReznick office with scheduled notice for client work, team meetings, or trainings.

YOUR TEAM.

This position will be part of the Cybersecurity Team reporting to the Chief Information Security Officer, in the Global Digital & Cybersecurity group.

Join a global expanding team that is transforming the cybersecurity and information technology function with a comprehensive information security strategy and implementation plant that aligns with CohnReznick's business objectives and protects the firm's digital assets, client data, and reputation. The CISO leads the function that plays a crucial role in enabling CohnReznick's continued growth, digital innovation, and commitment to client trust in an increasingly complex threat landscape.

WHY COHNREZNICK?

At CohnReznick, we're united by a common mission to create opportunity, value, and trust for our clients, our people, and our communities. Whether it's working alongside your peers to solve a client challenge, or volunteering together at the local food bank, there are so many ways to find your "why" at the firm.

We believe it's important to balance work with everyday life - and make time for enjoyment and fun. We invest in a robust Total Rewards package that includes everything from generous PTO, a flexible work environment, expanded parental leave, extensive learning & development, and even paid time off for employees to volunteer.

YOUR ROLE.

Responsibilities include but are not limited to:

• Conduct secure design reviews and threat modeling exercises for new projects, features, and architectural changes, ensuring alignment with industry standards, regulatory requirements, and organizational security policies
• Assess and ensure conformance to architectural standards, reduction of technical debt, and adaption of enterprise assets (systems, services and information) for key programs
• Collaborate closely with development teams to provide guidance and support in addressing security vulnerabilities discovered during design reviews, code reviews, and testing phases
• Develop and maintain secure reference architectures that serve as blueprints for designing and implementing secure systems and applications, tailored to the specific needs and technologies used within the organization
• Collaborate with DevSecOps on their test tools for SAST, DAST, IAST and run-time security controls applicable to both on-premise and Azure Cloud
• Work closely with cross-functional teams, including development, infrastructure, and compliance, to integrate security into the software development lifecycle and infrastructure provisioning processes
• Provide expertise and guidance on security-related matters, including encryption, authentication, access control, and secure communication protocols
• Own process and develop standards for vulnerability management across systems
• Stay abreast of industry trends, emerging threats, and best practices in security architecture and design, and assess their applicability to the organization's security posture
• Identify opportunities within the business units where architecture is not meeting standards and provide a clear roadmap and prioritization for the business units to be aligned. Work directly with the teams as they introduce new technologies
• Stay current with emerging security threats, trends, and technologies, ensuring the firm's architecture remains robust and adaptive to evolving risks
• Collaborate with the CISO to develop security roadmaps aligned with business objectives and security principles
• Engage with stakeholders, including IT, legal, and compliance teams, to align security objectives with broader organizational goals

YOUR EXPERIENCE.

The successful candidate will have:

• Infinite curiosity, analytical skills and attention to detail
• Familiarity with security frameworks such as NIST CSF, ISO 27001, CMMC
• Experience working with development and engineering teams to build security solutions
• Experience in all areas of cybersecurity, networking, on-premise and cloud applications
• Hands-on experience with threat modeling, risk assessments, and vulnerability management in hybrid IT environments
• Deep understanding of authentication, and authorization, including multi-factor, step-up, and single sign-on. Password-less is desired, but not required
• Strong understanding of encryption, specifically certificate and token-based cryptology
• Understanding of network protocols and topologies
• Experience with defense-in-depth strategies, understanding of incident response
• Exceptional communication and collaboration skills, with the ability to engage effectively with both technical and non-technical stakeholders
• Self-starter with the ability to work independently and lead strategic initiatives
• Adaptability to a fast-paced and dynamic work environment
• Minimum 8+ years of progressive experience in cybersecurity / information security with at least 2 years in a senior architect of equivalent role with a focus on secure coding practices, common vulnerabilities (e.g. OWASP Top 10)
• Degree in Computer Science/Information Systems/Cybersecurity, or equivalent related degree or work experience
• Relevant certifications such as CISSP, CISM, CCSP, or Azure Security Engineer are strongly preferred

Studies have shown that we are less likely to apply to jobs unless we meet every single qualification. At CohnReznick, we are dedicated to building a diverse, equitable, and inclusive workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we still encourage you to apply. You may be just the right candidate for this or one of our other roles.

CohnReznick is an equal opportunity employer, committed to a diverse and inclusive team to drive business results and create a better future every day for our team members, clients, partners, and communities. We believe a diverse workforce allows us to match our growth ambitions and drive inclusion across the business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. For more information, please see Equal Employment Opportunity Posters

If you are an individual with a disability in need of assistance at any time during our recruitment process, please contact us at CRaccommodation@CohnReznick.com Please note: This email address is reserved for individuals with disabilities in need of assistance and are not a means of inquiry about positions or application statuses.

CohnReznick does not accept unsolicited resumes from third-party recruiters unless such recruiters are currently engaged by CohnReznick Talent Acquisition Team by way of a written agreement to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that CohnReznick will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.

#LI-CM1 #LI-Remote #GD #CB