Senior Security Architect

Upwork ($UPWK) is the world's work marketplace. We serve everyone from one-person startups to large, Fortune 100 enterprises with a powerful, trust-driven platform that enables companies and talent to work together in new ways that unlock their potential.

Last year, more than $3.8 billion of work was done through Upwork by skilled professionals who are gaining more control by finding work they are passionate about and innovating their careers.

We are looking for a Senior Security Architect who will focus on protecting our infrastructure, applications, and, most meaningfully, our users. This person will be responsible for playing a key role in security architecture roadmap and development, the design of security solutions for threat and vulnerability management, and a broad range of security initiatives to improve the information security posture at Upwork and its services and products. This hands-on security architect will have the opportunity to learn from, collaborate with, and provide thought leadership to, a lot of teams across Upwork.

Your Responsibilities:

• Advises senior leadership and technical leaders on broad security risk posture and recommendations on how to reduce risk.
• Partners with engineers, developers and stakeholders outside of InfoSec to encourage the adoption of security-by-design and defense-in-depth approach to infrastructure, platforms and software design and best practices.
• Security architecture development, assessment, gap analysis, recommendations and solutions design while reviewing cloud infrastructure (IaaS), platform (PaaS) and software as a service (SaaS) technologies to ensure organization is enabled to identify, protect, detect, respond to, and recover from cyber threats and vulnerabilities.
• Defines and develops security requirements using risk assessments, threat modeling, testing, and analysis of existing systems.
• Review and recommend information security and industry standard security controls for middleware integrations, and product development to ensure compliance with security policies and standards.
• Lead the improvement of cloud-native security capabilities, vulnerability management, and application security capabilities for continuous monitoring of vulnerabilities, miss-configurations, anomalies, and events.
• Build the security architecture which integrates optimally with overall engineering and technical operations design.
• Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership. Research, validate and deploy solutions meeting security and business needs.
• Remain current and keeps abreast of the latest intelligence from law enforcement agencies and other sources of cyber threat information.
• Formally develop security team standards, policies, procedures and processes.
• Drive security efficiencies and automation, enabling security team members to work on more advanced tasks.
• Analyzes output from pen tests, static code analysis and other tools to determine and prioritize top threats
• As needed, take a consulting role during incidents from a security engineering standpoint.
• Day-to-day advanced administration of cybersecurity solutions.
• Work closely with TechOps, IT, and Engineering to implement security initiatives.
• Perform other duties as assigned.

What it takes to catch our eye:

• Experience in Cybersecurity, including compliance and risk management with a background in systems and cloud security architecture and engineering.
• Solid experience with implementing cloud-native security controls in AWS.
• Knowledge and experience working with various operating systems such as WIndows, Unix, Linux, MacOS
• You possess a DevOps focus and have hands-on experience across technology and security architecture, automation, integration and distribution.
• Proven information security experience working with engineering and developer communities building security reference architecture for all-in cloud deployments.
• To be self-driven and autonomous - we need someone who loves to "figure it out" and "make it happen".
• Implementation experience with enterprise security solutions such as DLP, WAF, Bot Mitigation, IPS, Anti-DDOS, and SIEM.
• You are comfortable to roll up your sleeves and work in a security engineer capacity to tune, configure cybersecurity solutions.
• Advanced knowledge of traditional security administration, DNS, Firewall, VPN, Vulnerability and Application Security Assessments, network segmentation, and or other relevant technology will be a plus
• At least one of the following certifications, or an equivalent, is required
• CEH: Certified Ethical Hacker
• CISSP: Certified Information Systems Security Professional
• CISSP-ISSAP: Information Systems Security Architecture Professional
• CISM: Certified Information Security Manager
• GSEC / GCIH / GCIA / GDSA / GCED: GIAC Security Certifications
• CCNA Security
• AWS Certified Solutions Architect and related certifications
• Familiarity and knowledge of various controls and frameworks
• National Institute of Standards and Technology (NIST)
• International Organization for Standardization (ISO)
• Center for Information Security (CIS)
• System and Organization Controls 2 (SOC 2)
• ISO 27001/27002, ITIL and COBIT
• An understanding of third party auditing and cloud risk assessment methodology

The annual base salary for this position in California and Washington ranges from $144,000 - $233,000. The range displayed reflects the minimum and maximum salary for this position in California and Washington, and individual base pay will depend on your skills, qualifications, experience, and location. Additionally, this position is eligible for the annual bonus plan or sales incentive plan and eligibility to participate in our long term equity incentive program.

Come change how the world works.

At Upwork, you'll shape talent solutions for how the world works today. We are a remote-first organization working together to create exciting remote work opportunities for a global community of professionals. While we have physical offices in San Francisco and Chicago, currently we also hire full-time employees in 19 states in the United States.

Our vibrant culture is built on shared values and our mission to create economic opportunities so that people have better lives. We foster amazing teams, put our community first, and have a bias toward action. We encourage everyone to bring their whole selves to work and grow together through development opportunities, mentorship, and employee resource groups. And oh yeah, we've also got amazing benefits - including medical insurance for you and your family, unlimited PTO, 401(k) with matching, 12 weeks of paid parental leave, and a generous Employee Stock Purchase Plan. Check out our Life at Upwork page to learn more about our benefits and the employee experience.

Check out our Careers page to learn more about the employee experience.

Upwork is proudly committed to recruiting and retaining a diverse and inclusive workforce. As an Equal Opportunity Employer, we never discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.