<b>Application Instructions</b><br /><br />Please list all professional experience and explain any gaps in employment history.<br /><br /><b>Job Description</b><br /><br />The Washington Post Information Security and Infrastructure team is seeking a contract to hire technical security architect.<br /><br />Most job requisitions in infoSec tend to list an extensive laundry lists of wants and needs without paying heed to the fact that security professionals, and especially experienced architects, are in high demand.<br /><br />In an effort to stand out from that, we would like to present our perceived benefits first. Good architects don't just uproot their lives based on copied/pasted walls of text.<br /><br /><b>Why Work at The Washington Post</b><br /><ul><li>Pay and benefits are competitive, with fair, annual merit-based compensation reviews.</li><li>The Washington Post is a remote-work friendly company. Depending on team specifics, this role and could become 40% or more remote after a 90 day trial period.</li><li>Dress is casual to business, whatever. Contemporary engineering is not about ties or power suits, unless you just like ties or power suits.</li><li>The building is beautiful, in a hip part of DC with lots of good places to eat.</li><li>You will work with energetic and inspired employees doing important work.</li><li>This role is broadly influential and is the technical owner of a company-wide ISO 27001 certification drive. Which means a strong mandate, budget, and role clarity.</li><li>The right candidate may be considered for promotion beyond the architect tier.</li></ul><br /><br /><b>Who is The Washington Post</b><br /><br />The Washington Post is not only a world leading source of news, investigative journalism, and cultural information; but it has also transformed its business to become a profitable major player in technology, and the SaaS/PaaS publishing space with the deployment of the ARC Platform by its in-house sister company, Arc Publishing.<br /><br /><b>What will you do for The Washington Post</b><br /><br />The Technical Infrastructure Security Architect will function as a technical team lead, Agile Scrum product owner, adept communicator, and intermittently as a top tier for security ops escalation. Engineering employees of The Washington Post also function in consultative role for the ARC product, so occasional consulting with ARC/SaaS product teams will be required. The overall security program design and implementation for The Post and Arc is the priority.<br /><br />You will be joining an existing small team of diverse and experienced senior security analyst/engineers in need of a sharp design leader. We have a hybrid on premise and cloud security presence, as many mid to large sized organizations do these days, and so the role will involve more compliance-driven contribution in the shorter term (6-24 months) and an increased focus on cloud security architecture in the longer term.<br /><br /><b>What experience do you need to work at The Washington Post</b><br /><ul><li>Ten years of progressive experience in Information/Cyber Security with at least 2 of those years in leadership as a technical security architect, leading design and deployment of on premise, cloud, and compliance-driven projects within a mid to large sized company.</li><li>Experience interpreting, ranking, advocating, documenting, and leading technical compliance controls implementation of at least one major compliance framework (ISO/IEC 27001, NIST CSF, CIS CSCs, COBIT, DoD DIACAP/STIGs) within a prior mid to large sized employer. </li><li>A bachelor's degree in a related field (CS, EE, MIS)</li><li>Demonstrate a bias toward learning as an ethic and progressive experience, as the architect and all other security and engineering roles change fast in 2019.</li><li>Demonstrate POC experience with various vendor techs, and the ability to construct and deliberate on comparative decision matrices for vendor vetting.</li><li>Willingness to learn and use Agile Scrum; to function as a technical scrum product owner, and to help lead regular remote/in-person scrum framework meetings. </li><li>At least 2 years of engineer to architect level familiarity with cloud service architecture (AWS, Azure etc.)</li><li>At least 2 years' design and implementation experience with: WAFs, DDOS, EDRs, AV, SIEM/Splunk, ELK, UNIX, Python, Security Onion, FireEye, Secure Email Gateways. </li></ul><br /><br /><b>Are you the Right Fit for The Washington Post</b><br /><br />We are looking for a tech-savvy engineer that is collaborative – someone that can build relationships with engineers and business leaders across the company; an individual who can provide calm and positive guidance, sometimes under stressful circumstances or when there may be disagreement; someone who is cooperative and partnership-oriented but also confident, empowered, and empowering of others. A leader who cultivates a natural sense of authority through daily displays of quality service, knowledge, value, and kindness.