Lead Security Architect

WELCOME TO SITA

At SITA, we keep airports moving, airlines flying smoothly, and borders open. Our technology and communication innovations power the success of the global air travel industry.

You'll find us in 95% of international airports, working closely with over 2,500 transportation and government clients. Each partnership brings unique challenges, and we thrive on delivering fresh solutions and cutting-edge tech to keep operations running like clockwork. We don't just move the world forward—we're proud to be recognized as a Great Place to Work® by 79% of our employees and certified in most of our growing locations. Here, we feel empowered, supported, and inspired to grow.

Are you ready to love your job?

The adventure begins right here, with you, at SITA.

The Security Architecture & Standards Centre of Expertise is a team within the Enterprise Information Security Office (EISO) at SITA. The mission statement is to ensure the infrastructure supporting the SITA products and solutions is designed to meet defined corporate, market and regulatory compliance requirements so it can enable SITA\'s business objectives. The remit covers all the shared and dedicated infrastructure supporting SITA as a business, as well as that used to deliver our products and customer solutions.

As a Security Architect you will provide design governance for the creation of secure infrastructure and the technologies securing that infrastructure. You will interface with the other architecture disciplines, DevOps teams, product management and other stakeholders in achieving this.

• Provide approvals for enterprise and solution architects at key stage gates that the infrastructure has been designed in accordance with security architecture governance.
• Document governance and approval decisions in wikis, architecture documents, blueprints and other artefacts.
• Provide security architecture Guidance & Guardrails through the infrastructure lifecycle (technology acquisition, design, development, deployment, operations and disposal).
• For Guardrails, work with DevOps teams and Product Owners in development of policies, configurations, infrastructure as code and other automations of security controls as SITA implements DevSecOps (\"shift left\").
• Provide guidance & governance around the technologies that secure the SITA infrastructure: Architecture strategy and provide security architecture Guidance & Guardrails.
• Provide security input to Product Managers at ideation stage when assessing potential new technologies, products & solutions.
• Research emerging infrastructure security technologies and trends.
• Influence SITA security Policy & Standards and the overall infrastructure security strategy.

• 8+ years experience in an IT environment.

Required:

• Systems and big-picture thinking.
• In-depth knowledge of technical cyber security controls and their applicability to complex infrastructure and application architectures, including but not limited to: Next-Generation Firewalls, Network IDS / IPS platforms, Web Application Firewalls, EDR, encryption technologies, identity & access management, logging & monitoring (SIEM), vulnerability management etc.
• Strong understanding of cloud-based architecture and development (Infrastructure as Cloud, CI/CD pipelines) and cloud-based security controls (SASE, CSPM, CASB).
• Strong understanding of security automation (Ansible, Terraform, Puppet).
• Strong understanding of operating system and IT infrastructure hardening (CIS Benchmarks).
• Knowledge and demonstrated application of key security principals to architecture: defence in depth, zero trust, least privilege, segregation of duties.
• Excellent understanding of software defined networking (SD WAN) and key networking technologies (IPv4 & v6, OSPF, BGP, IPSEC, MACSEC, DNSSEC)
• Experience with PCI DSS compliant designs and P2PE.
• Strong communication skills, especially in taking complex technical information and presenting it to a non-technical audience.
• Proven ability to work with operations teams to plan projects, deal with technical issues and provide knowledge transfer.
• Excellent interpersonal skills, including the ability to influence and work with teams with different reporting lines.
• Performing data analytics / correlation and root cause analysis.

Desirable:

• Design experience with complex distributed DNS infrastructure, including Anycast and RPZs.
• Sound understanding of PKI including certificate chains, policies, and automation through ACME or REST APIs.
• Knowledge of privileged access / identity management.
• Understanding of data privacy / security principals and experience working with Data Loss Prevention techniques and technologies.
• Exposure to working with global Internet, IP Transit, Metro-E, and MPLS providers
• Knowledge of the management of Windows, Linux, VMware, and KVM environments at scale.
• Previous experience of Agile and / or DevOps methodologies.

• Architecture Modeling
• Cloud Computing
• Commercial Acumen
• Configuration Management
• Contingency and Disaster Recovery
• Data Architecture
• Enterprise Architecture & Governance
• IT Industry: Trends & Directions
• Information Security Architecture
• Managing Risk
• Network Architecture
• Requirements Analysis
• Service Oriented Architecture (SOA)
• Solution Architecture
• Standards Procedures & Policies
• System and Technology Integration
• Technical Writing/Documentatio

• Degree in a technical discipline (e.g. Computer Science Engineering Mathematics etc.) or sufficient work experience to demonstrate proficiency at this level.
• CISSP, CISM or similar certification in security field
• Vendor certifications, particularly in cloud and network security (Azure, AWS, VMWare, Palo Alto, Fortinet, Cisco, Juniper, Versa Networks)
• Exposure to, or certification in at least one of the following: TOGAF, SABSA, SaFE, ITIL 4 Stategic Leader

We\'re all about diversity. We operate in 200 countries and speak 60 different languages and cultures. We\'re really proud of our inclusive environment. Our offices are comfortable and fun places to work, and we make sure you get to work from home too. Find out what it like to join our team and take a step closer to your best life ever.

Flex Week: Work from home up to 2 days/week (depending on your team\'s needs)

Flex Day: Make your workday suit your life and plans.

Flex-Location: Take up to 30 days a year to work from any location in the world.

Employee Wellbeing: We have got you covered with our Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year. We also offer Champion Health - a personalized platform that supports a range of wellbeing needs.

Professional Development: Level up your skills with our training platforms, including LinkedIn Learning!

Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.

SITA is an Equal Opportunity Employer. We value a diverse workforce. In support of our Employment Equity Program, we encourage women, aboriginal people, members of visible minorities, and/or persons with disabilities to apply and self-identify in the application process.