Senior Architect, Network Cyber Security 1

Role description summary

The jobholder designs network security concepts that effectively mitigate network security risks, while accommodating complex operational needs.

He/she designs, implements and operates diverse network security controls in highly complex environments in accordance with network security concepts to ensure secure, resilient, available networks that adequately safeguard information assets of SES, its affiliates and commercial platforms.

The jobholder executes complex projects and tasks autonomously. He/she guides and advises security engineers, leads them on specific assignments and assists in their training and development.

The jobholder will also provide IT security related project support and internal consultancy within the organization as well as for customer related projects.

Primary responsibilities / Key result areas

• Plan, design and document network, cloud and system security concepts that effectively mitigate security related risks, while accommodating complex operational needs on prem and on cloud
• Plan, design, implement and document diverse security controls in accordance with network, cloud and system security concepts,
• Advanced knowledge with firewalls, VPNs, IDS/IPS, web proxies, email security gateways, web application firewalls, network access control, privileged access, vulnerability and compliance assessment, PKI, cloud security etc.
• Define security policies that balance mitigation of information security risks and operational needs
• Review and improve the overall security infrastructure by standardization and alignment with industry best practices and operational requirements
• Plan and perform hardware and software upgrades, enhancements and configuration changes of the network, system and cloud security infrastructure
• Provide third line support for the troubleshooting of operational problems of the network, cloud and system security infrastructure, and escalate to vendors if needed
• Lead complex security projects autonomously as laid down in SES’s information security strategy and deliver them within time, cost and scope.
• Support the development and promotion of information security policies, standards, processes and procedures and monitor compliance to the information security policy framework.
• Support the detection and analysis of information security incidents and manage adequate responses to information security incidents
• Review security controls and provide specific recommendations to mitigate risks

• Perform information security audits and vulnerability assessments and support the management of vulnerabilities
• Provide clear, concise, timely and constructive recommendations regarding information security in all areas related to network, system and cloud security
• Travel and on-call duty as required

Qualifications & Experience

• Degree in Computer Science and a minimum of 10 years industry related experience in a large heterogeneous environment
• Solid theoretical background and strong practical experience in network, system and cloud security architectures and defining efficient and effective security concepts
• Strong, hands-on knowledge of and experience with the implementation of network security controls, including (next generation) firewalls, web proxies, IDS/IPS, web application firewalls, VPN, Network Access Control, …
• Good knowledge in network communication concepts and principles, including routing and switching
• Sound understanding and experience with network protocols/technologies such as: IPv4, IPv6, TCP/IP, HTTP(S), SSL, IPsec, 802.1x, OSPF, BGP, EIGRP, Spanning-Tree and the ability to perform troubleshooting of networks and associated devices
• Relevant vendor certifications (e.g., CCDP, CCNP Security, CCSP, …), general security certifications and knowledge of the satellite industry are a plus
• Solid knowledge of IT security threats, vulnerabilities, security technologies, controls and best practices
• Good knowledge and experience in Operating System (Windows and Linux)
• Good knowledge in cloud security design and cloud deployment and management
• Experience in securing Microsoft Azure and Office365 environment
• Experience with 1 or more Identity and Access Management and Strong Authentication Systems such as Azure AD, Active Directory, Kerberos, SSO, SAMO, and/or OAuth
• Knowledge of attacker techniques and how to mitigate them in complex environments
• Experience with Public Key Infrastructure including HSM
• Experience with Privileged Access Management and password vault solutions
• Ability to learn new technologies quickly
• Good documentation skills and possess the ability to explain security rationales and controls to non-technical audiences
• Solid knowledge of IT security threats, vulnerabilities, security technologies, controls and best practices
• Understand all stakeholders in the IT security process and possess the ability to explain security rationales and controls to non-technical audiences
• Sound analytical skills as well as the ability to provide practical conclusions
• Autonomous, innovative mind and good problem solving skills
• Good project management and organization skills
• Ability to coordinate business requirements and work, both autonomously and in interdisciplinary teams
• Ability to effectively respond to and interact with all levels of organizational staff
• Be fluent in English (any other language being an asset)
• Excellent written and verbal communication skills