Job Purpose

The Cybersecurity Architecture team is responsible for establishing security design standards, conducting architecture reviews, and providing strategic guidance to protect ICE's critical financial infrastructure. This team defines security requirements across network, data, system, and cloud environments, ensuring controls are appropriately designed before implementation by engineering teams. The Cybersecurity Architecture Engineer supports security design initiatives, conducts architecture reviews, and contributes to threat modeling and security control assessments across the enterprise.

Responsibilities

• Threat Modeling - Support threat modeling exercises to identify security risks and recommend mitigating controls
• Network Security Review - Review and assess network security designs including segmentation, firewall rule requests, and connectivity requirements
• Data Security Assessment - Evaluate data security requirements and recommend appropriate encryption, classification, and protection controls
• Cloud Security Review - Participate in cloud architecture design reviews to identify security considerations; Support evaluations of IAM configurations, network controls, and security service implementations. 
• Control Assessment - Assist in security control assessments and gap analysis, document control effectiveness and recommend improvements
• Documentation - Maintain security architecture documentation, identify trends, design specifications, and reference architectures
• Cross-Functional Support - Collaborate with other Security, Infrastructure, Operations, Engineering and Development teams on security requirements and design guidance

Knowledge and Experience

• Degree in engineering discipline or equivalent experience
• 3+ years of relevant Information Security experience
• Top-tier analytics and problem solving
• Ability to work in a service-oriented team environment
• Project Management, organization, and time management
• Familiarity with data security concepts including encryption and data protection
• Effective written and verbal communication skills
• Ability to automate tasks using scripting and basic automation

Specific Technologies

Network security fundamentals (firewalls, IDS/IPS, network segmentation, VPNs). Cloud platforms including core security services and IAM concepts. Identity and access management principles. Data security (encryption concepts, DLP fundamentals, HSMs, key management). System hardening (CIS Benchmarks, security baselines). DNS and application-level content-filtering. Web application firewalls and Content Delivery Networks (CDNs). Security documentation and diagramming tools.

#LI-SH2