Cyber Security Domain Architect

at Xylem in Morton Grove, Illinois, United States

Job Description

Join Xylem in the global mission to #LetsSolveWater! As a leading water technology company with 23,000 employees operating in over 150 countries, Xylem is at the forefront of addressing the world’s most critical water challenges. We invite passionate individuals to join our team, dedicated to exceeding customer expectations through innovative and sustainable solutions.

We’re Hiring for a Cyber Security Domain Architect !

THE ROLE : Reporting directly to Xylem’s Director of Cybersecurity Architecture & Engineering, the Cyber Security Domain Architect will be responsible for the design and implementation of security capabilities and cloud services across Xylem’s technology platforms. The role has elements of strategy and long-term execution of the security program as it evolves, but an individual contributor capable of delivering on multiple global security projects. This includes but is not limited to the development of Cybersecurity Standards, Principles, Reference and Target Architectures and Roadmaps that will continuously evolve and drive state of the art technical security capabilities and enablement across the enterprise. The position will require collaboration with IT infrastructure, cyber defense, security compliance, product security, software development and other internal functional groups (Legal, Procurement, and Finance) to ensure that the strategy and execution elements of Global Cybersecurity meets the need of Xylem. This position will be on a team of Architects but will take lead Architecture responsibility for all security aspects of Networking, Voice infrastructure, Vulnerability Scanning, and Endpoint Detection and Response technologies. Additionally, this position may also be responsible for conducting security risk assessments for applications and infrastructures including Cloud security, CASB and Cloud Gateway implementation and deployment to support Xylem’s global cyber security initiatives and goals.

CORE RESPONSIBILITIES

+ Provide expert direction in implementing Xylem’s enterprise security architecture strategy for platforms, applications, security services, network security and infrastructure, while considering potential risks in the organization’s current technology deployments, to build a successful and strong enterprise security posture.

+ Gather requirements, create network security architecture designs, analyze technical alternatives, provide cost analysis, test options, prepare configurations, document, and communicate design and implementation plans.

+ Requires the highest level of security critical thinking, creativity, and innovation in developing new concepts and products to address the most complex and strategic issues facing Xylem.

+ Secure and automate capabilities through collaboration with InfoSec, Compliance, Cyber Defense, Product Security and Engineering resources.

+ Lead Xylems On-premise and Cloud network security architecture. Develop, implement, and maintain the security architecture for Xylem enterprise network and cloud network services.

+ Contribute to the development and evolution of application, platforms, cloud services and infrastructure security reference and target architectures.

+ Participate in the development of business cases, design and implementation of cybersecurity capital investments.

+ Collaborate with business and technology teams to assess needs, identify security risks and promote adoption of solutions through sponsorships in pilot and prototyping activities.

+ Develop cybersecurity standards and principles aligned with and supporting industry recognized frameworks.

+ Provide expert cybersecurity architecture and network security risk assessment reviews and technical implementation ensuring secure capabilities delivery.

+ Review the organization’s information security architecture and platforms to identify integration issues and opportunities to enhance information security best practices.

+ Participate in M&A engagements as needed for secure network integration and due diligence.

+ Provide support and assistance to leadership for decision on future investments and addressing complex issues impacting Xylem’s security architecture.

+ Provides feedback in the development of operating and capital budgets.

+ Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.

QUALIFICATIONS :

+ Bachelor’s degree in STEM field, related discipline, or equivalent.

+ Minimum 10+ years of increasingly diverse and complex experience in field of Cybersecurity within a global environment, with at least a minimum of 5+ years in security architecture, network security, and infrastructure security.

+ Network Security Architecture – Deep technical understanding designing and securing of:Both WAN and LAN environments including SD WAN, MPLS, VPN, Segmentation, Micro-Segmentation; IOT Segmentation; Load Balancing; Web Application Firewalls; Routing and Switching design, deployment and Operations; Advanced experience and understanding of dynamic routing (BGP, EIGRP and OSPF); Load Balancer configuration and capabilities; Firewall design, deployment, and operation; VPN design, deployment, and operation; advanced experience in wireless protocols (802.11) and Cisco Wireless Controllers.

+ Experience connecting and integrating IAM and SSO solutions with networking components such as Firewalls, Switches, Load Balancers, etc

+ Cloud Network Security -Expert level understanding of virtualization, cloud infrastructure, and public cloud offerings. Experience designing network security configuration and controls within cloud-based solutions in Microsoft Azure and Azure PAAS services. Experience and in depth understanding of the latest network and cloud security principles, security technologies, techniques, standards and protocols.

+ Deep technical understanding and experience with the security controls needed for modern and cloud-based voice services and infrastructure.

+ Experience with the integration of network security resources to asset management and log collection infrastructure including the development of SIEM based rules for alerting.

+ Experience designing and implementing regional, site and micro segmentation architectures.

+ Excellent verbal/written communication, collaboration, analytical and presentations.

+ Excellent communication, analytical, and writing skills.

+ Ability to carry high-level conversations; proven ability to present to senior leadership.

+ Experience designing and implementing secure architecture and reference architectures; from business requirements gathering to technology rollout oversight.

+ Experience writing and executing RFx based industry evaluations including definition of scoring methodologies for technology selection, non-biased critical analysis and vendor selection.

+ Experience with capacity management and Inventory management.

+ Hands on experience in deploying security technologies such as Next Generation Firewalls, Intrusion Prevention, log collection / management, content filtering, Wireless Access controls, Citrix NetScaler, VDI technologies, Network Access Control, identity management technologies, cloud security technologies, data encryption technologies, virtualization security, and mobile application security.

+ Must work well in a dynamic team that is geographically dispersed.

PREFERRED QUALIFICATIONS:

+ Master’s Degree

+ Experience with Palo Alto, Cisco, Citrix, Zoom, 8×8, Rapid 7, and Tenable.

+ Experience performing risk assessments on a broad range of technologies

+ Maintained information security /cybersecurity certifications (e.g. CEH, CISSP, CISM).

DAY IN THE LIFE :

In this role, the working environment is generally in an office setting and may be performed remotely. The physical demands may include but are not l