Solutions Architect, Cybersecurity - Carmax

  • 17 Sep 2020 2:28 PM
    Message # 9243878
    James Walters (Administrator) 

    The Solutions Architect, Cybersecurity on CarMax’s Security Architecture Team will represent the interests of the CISO and Cybersecurity best practices on all engagements. The Solutions Architect, Cybersecurity will provide security advisory services to business and Technology team pertaining to system design, engineering, and implementation while promoting the protection, integrity and confidentiality of customer, vendor, employee, and business information in compliance with organization policies and standards. Along with the rest of the Security Architecture team, you will also be advising on the Cybersecurity program and leading efforts to ensure we are maturing and innovating to keep up with Cybersecurity arms race.

    The Solutions Architect, Cybersecurity will utilize proven consulting skills to deliver design and engineering services with a specific focus on the security domain. Ensure IT solutions are aligned effectively with CarMax’s evolving security direction and posture while acting as a security subject matter expert. Utilize security technologies and industry standards to promote confidentiality, integrity and availability of CarMax’s information assets.

    The Day to Day:

    § Provide strong expertise in Information Security support including compliance driven initiatives

    § Deliver “hands-on” security expertise in support of the CarMax Environment

    § Document the security architecture and architectural decisions related to security

    § Stay abreast of security trends and new technologies that will enhance CarMax’s current and future data security architecture.

    § Perform security related services and process assessments/evaluations based on industry standards and common practices (e.g. NIST CSF, OWASP, and ISO).

    § Responsible for leading and directing security implementation throughout the system development lifecycle across the complete stack (i.e. physical, data, network, transport, session, presentation, and application) for both Cloud (predominately) and remaining on-prem.

    § Utilize information security tools to identify potential threats

    § Document and speak to risks, mitigation, and alternatives

    Team Development

    § Educates, trains, and provides support to junior team members on newly adopted security technologies and processes

    § Reviews and advises on program-related documentation for team members

    § Partners with other Technology and Product teams in completing assigned tasks/projects


    § Leads the security requirements in large transformational efforts to resolve enterprise problems by influencing across multiple organizational levels in both IT and business

    § Mentors others in security best practices, procedures and concepts

    § Steers the relevant support tasks of other Associates

    § Steers cybersecurity solutions through building consensus in both business and technical perspectives

    § Influences the security technical direction of others to drive all projects to successful completion within architectural standards and guidance

    § Proven ability to effectively communicate architectural standards, leading practices, and effectively explain the “why” of security

    Position Requirements:

    To perform this position successfully, an individual must be able to consistently execute each essential duty & responsibility as well as consistently show proficiency with the following qualifications. The requirements listed below are representative of the knowledge, skill, and/or ability required.

    § Ability to design complex systems that impact multiple infrastructure domains across IT Operations and Development teams while accounting for security considerations.

    § Demonstrate ownership of the design aspects of the operations lifecycle

    § Consistently show the ability to mentor others in the production of all artifacts required of an Engineer, Analyst or Principal Analyst

    § Analyze business and technical requirements to determine system design requirements, identify potential issues, and perform cost analysis related to each project.

    § Ability to strategically analyze the risks, benefits, and opportunities associated with a proposed design or solution

    § Broad understanding of the business processes implemented across organization.

    § Able to effectively estimate time required for technical efforts for projects of all sizes

    § Investigate new technologies and techniques and research ongoing industry developments

    § Assist in forecasting security technology implementation budgets

    Here's the technology part…

    Experience with the following required:

    § Experience with cloud computing security configuration and administration (Microsoft Azure or AWS) for both SaaS and IaaS models and web application security and working with Product frameworks and OKRs

    § Experience with detailing security user stories/requirements and generating technical specifications for all systems within IT operations.

    § Demonstrated ability to design and implement security infrastructure, applications, networks, systems and equipment that impact multiple environments across all of CarMax Technology.

    § Proven experience designing modifications to existing systems, designing reusable components, and elimination of redundancy in designs throughout Technology Operations.

    Experience with the following preferred:

    § Demonstrate technical infrastructure architectural knowledge, playing a vital role in design of production, staging, QA and development infrastructures running in a 24×7 environment

    § Experience in multiple large projects in influencing the definition, selection, and implementation of security tools, technologies, and processes

    § Establish level of service standards and operating procedures for overall system availability and individual system components

    § Produce security architecture and design documents to effectively hand over to other departments for successful implementation

    § Knowledge of current and emerging industry technologies

    Education and/or Experience:

    § Approximately 10 years within Technology with a concentration on Cybersecurity and Application Security. Security design and implementation experience required.

    § 4-year bachelor’s degree in Computer Science, Cybersecurity, or Technology related course of study preferred or comparable OJT and work experience

    § Experience in a broad range of Technology systems required

    § In depth knowledge of information security industry frameworks and standards NIST, OWASP, ISO-27001/2, SANS, COBIT, ITIL, Mitre ATT&CK, etc.

    § Knowledge of cybersecurity best practices such as PCI, ITGC’s, HIPAA and Privacy

    § Security certifications (CISSP, CISM, Security +) preferred.

    NOTE: This is a remote work opportunity 

Copyright 2018, International Information Systems Security Certification Consortium, Inc. (“(ISC)²), in website format and trade dress only. All Rights Reserved. (ISC)², CISSP, SSCP, CAP, ISSAP, ISSEP, ISSMP, CSSLP, and CBK are registered certification, service, and trademarks of (ISC)². Disclaimer: (ISC)²” does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks or copyright, is the property of the designated (ISC)² Chapter organization, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².  

(ISC)2RVA is a 501(c)3 nonprofit organization.  EIN: 83-4655968

P.O. Box 2566, Glen Allen, VA 23058-2566

Powered by Wild Apricot Membership Software