Xerox

Summary:

This position reports to the CISO of Xerox and has the overall responsibility for security strategy, engineering and product security. The qualified candidate will lead a multidisciplinary team of security engineers in designing, implementing, and maintaining robust security solutions to safeguard enterprise systems, applications, and products across a broad spectrum of technologies. The candidate must demonstrate a passion for security and lead by example that fosters continued growth and technical expertise within the team.

Primary Responsibilities:

• Develop and maintain Xerox’s overall security strategy in line with business and IT strategies.
• Develop and maintain a comprehensive security architecture framework, ensuring that security controls are effectively integrated into the design of enterprise systems, products and applications
• Develop and evolve security baselines and design patterns aligned with standards and best practices
• Review and guide security architects and engineers on the development of appropriate security standards, requirements and technology baselines
• Provide secure design guidance to application and product teams
• Own and Implement secure SDLC/DevSecOps processes across the product portfolio
• Own and manage end-to-end product security incident response process
• Serve as a security evangelist for executive management and business stakeholders
• Research, analyze and report on security industry trends and products
• Manage the team including hiring, training, talent development and performance management
• Provide strategic direction and leadership to the security engineering team, fostering a culture of innovation, collaboration and excellence.

Knowledge and Skills Required:

• Strong knowledge of and experience in security requirements, standards and practices including NIST CSF, NIST 800-53, ISO 27001, PCI DSS, SOC2 OWASP Top 10, SANS Top 25, etc.
• Strong understanding of modern application, microservices architecture in hybrid environments
• Deep understanding of cloud computing concepts and architectures, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS)
• Deep understanding of cloud technologies, cybersecurity principles, and best practices to design and implement robust security architectures. 
• Previous software development experience in one or more programming languages such as C/C++, Java, Python, .Net, PHP etc.
• Strong domain expertise and technology implementation/ integration experience in one or more areas such as Identity & Access Management, Application Security and Container Security.
• Experience building secure architectures using cloud native technologies in AWS and/or Azure
• Knowledge of and prior hands-on experience in a wide variety of security tools/ technologies
• Deep understanding of common web application attacks and manual penetration testing process
• Excellent communicator who is comfortable discussions with technical, and architecture teams and presenting to executive management
• Excellent written as well as verbal communication skills
• Uncompromising personal and professional integrity and ethics

Education and Experience Required:

• B.S in computer science, information systems, engineering or related field.
• Advanced degree preferred; i.e. MBA or MS
• At least 10+ years of related security experience
• 3+ years’ experience leading, managing security architecture/product security teams
• One or more Industry-standard security certifications (such as CISSP, CSSLP, CCSP, SANS/GIAC)