Cloud Security Architect - Duke Health Technology Solutions - Remote

This position may have an opportunity to work remotely. All Duke University and Duke Health remote workers must reside in one of the following states or districts: Arizona; California; Colorado; Florida; Georgia; Hawaii; Illinois; Maryland; Massachusetts; Montana; New Jersey; New York; North Carolina; Pennsylvania; South Carolina; Tennessee; Texas; Virginia; or Washington, DC.

The Cloud Security and Identity Management Architect is responsible for providing technical expertise on areas of Identity and Access Management (IAM) security architectures in Duke Health’s cloud environments, to support next-generation Duke Health clinical, research, and business applications. This position will serve as a central representative of Information Security for all IAM matters related to cloud security within Duke Health, including role-based security, application security, security architecture, policy enforcement, directory, platform security and security frameworks. The successful candidate will have a deep technical understanding of IAM and cloud-based security architectures as well as excellent interpersonal and communication skills required for partnering with other leaders across the organization to deliver effective and scalable solutions.

Duties and Responsibilities

• Develop a deep understanding of Duke Health’s cloud presence and architecture in both cloud and hybrid cloud environments.
• Develop a strategy and road map for IAM in the Duke Health cloud environment.
• Establish IAM and Directory related standards to support innovative infrastructure solutions for both operational and research needs that is scalable, flexible, and resilient.
• Evangelize and drive the adoption of solutions to address complex IAM problems.
• Participate in IAM enterprise governance processes.
• Design and develop security architectures for cloud and hybrid cloud systems. Possess a firm understanding of the offerings within Microsoft Azure, Amazon Web Services and Google Cloud Platform.
• Develop, build and secure cloud infrastructure (multi-cloud experience preferred), such as containers, virtual machines, databases, networking, security monitoring and administration.
• Work directly with Security Operations, GRC and Program Management teams to develop documentation, monitoring, metrics, and playbooks for integration of services into existing Information Security Office Programs.
• Maintain an understanding of available cloud platform services and technologies, their cost structures, and architectures that promote integration and security. 
• Serve as a cross-platform technical subject matter expert and provide consulting support as required for cloud and cloud IAM technologies.
• Maintain an understanding of HIPAA, NIST and FISMA regulations and frameworks. 
• Contribute responses to internal and external audit inquiries as required.

Required Qualifications

Education/Training:

Level 1, 2, and 3 - Bachelor's degree in a related clinical or technical field or four years of equivalent experience required

Licensure/Certification:

Level 1 and 2: N/A

Level 3 : One or more information security industry certifications (e.g. CISSP, CISM, CISA, CEH, or equivalent) are required

Experience:

Level 1 - No experience required beyond the minimum education (or equivalency) requirement.

Level 2 - Two years of related experience is required.

Level 3 - Four years of related experience is required.

Preferred Qualifications

Education/Training:

Level 3 - A Master’s degree in computer science, information systems, business management, engineering, mathematics, healthcare, a physical science, or other related field is preferred.

Licensure/Certification:

Level 2: 

• Current certification(s) for Microsoft Azure with an understanding of both AWS & GCP are preferred.
• One or more information security industry certifications (e. g. CISSP, CEH, GIAC certifications, or equivalent) are preferred.
• Additional technical or management certifications (e.g. MCSE, CCNP, CCIE, or PMP) are preferred.

Level 3 : 

• 10 years of experience with Security Architecture and/or Engineering are preferred.
• 3 to 5 years of experience with Cloud platforms such as AWS, Azure, CGP are preferred.

Knowledge, Skills and Abilities

• Experience with architecting solutions within Azure, AWS and/or GCP
• Experience with assessment, development, implementation, and documentation of a broad set of security technologies and programs such as:
  • Databases, LDAP and directory services
  • Data protection and loss prevention
  • Identity and Access Management
  • Web Application Protection
  • Key Management
  • Cryptography
  • Incident Detection and Prevention
  • Security Event Management
• Experience with deployment orchestration, automation and security configuration management preferred
• Experience presenting technical viewpoints to a diverse audience and making timely recommendations based on risk
• Proven ability to analyze customer requirements and translate into effective solutions
• Experience working in an Agile/DevOps environment and Agile backlog management is preferred
• Experience automating tasks using tools such as Ansible, Python, and PowerShell
• Understand network topologies, firewall rules, certificate management, load balancing
• Strong interpersonal and communication skills; ability to work in a team environment
• Ability to work independently with minimal direction
• Excellent written and oral communication skills
• Excellent customer service skills
• Excellent critical thinking, troubleshooting, problem solving skills

Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.

Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.

Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.