Security Architect

Maersk is going through times of unprecedented change. From the farm to your refrigerator, or the factory to your wardrobe, we are developing digital solutions that meet customer needs from one end of the supply chain to the other. Digitization and IT are taking center stage in enabling our customers to trade globally. Join us in Maersk

Technology as we re-think what technology can do.

Established app 1 year ago, the Vessel and Asset IT is a specialized function with focus on engineering and services for the fleet of 300+ vessel and 3+ million containers. We are growing in numbers to cater for the increasing demand of services leveraging the vast amount of data that our fleet of vessels and containers already generate or can be enabled to generate.

To further our activities leveraging operational data and remote management of OT/ICS, we are seeking an IT/OT/ICS practiced Security Architect with proven understanding and adoption of ICS / IT security and integration and strong networking and systems security skills to join our growing team. In this position, you will be responsible for the security architecture and controls between Vessel Industrial Control Systems (ICS) and Shore Side operation technology (OT/IT) including Vessel ICS secure connection and communication within the scope of Vessel Modernization while being under the global standards and controls set by Maersk global INFOSEC and central TSEO security compliance Teams.

Responsibilities will include the design of Vessel side network and system security, including segmentation, identity systems, virtual networks, firewalls, VPNs, endpoint protection (EPP/EDR), data/device inspection technologies, and cloud integration. In addition to architecture the role will include elements of planning upgrades and transformation/migration, which may include working with 3rd party integrators for planning the implementation of new solutions. Defining routine maintenance mechanisms or processes for patches or updates within change management controls. Requirements definition will be needed for new product selection and validation of those products under the technical & functional constrains of Vessel communications which have very low bandwidth and high latency and variable online/offline network availability.

The Security Architect will effectively become the ‘go to’ project-pivot point-of-authority for all security related design policy and strategy decisions outside of InfoSec within the Vessel and asset service domain of Maersk.

We offer

A unique opportunity for personal and professional development.

• Be part of a large-scale system implementation, building a strong platform for a future career at Maersk IT and A.P. Møller Mærsk.
• Play a pivotal role in our transition towards being data driven in a highly challenging environment.
• Get to interact with leading IT vendors, internal subject matter experts, and internal and external IT professionals.
• A fast paced and dynamic environment with a distinct respect for the individual.

The job will be based in Maidenhead or Copenhagen and be part of our Vessel & Asset IT Portfolio Group, in Maersk Line. Some travel activity can be expected.

Key responsibilities

Be the departments go to expert on OT/ICS security:

• Design patterns and gateways to OT for remote connectivity for 3rd parties as well as da-ta extraction for performance optimization purposes
• Ensure that all IT based access to OT is compliant with industry practices
• Work with our business to leverage the potential of access to OT

Work as part of an agile team that has adopted a DevOps approach to supporting IT infra-structure solution for Vessels and be responsible for:

• Owning the security design for the shore-side solution hosted in Azure and maintaining a lifecycle roadmap for the solution.
• Assisting in the planning of security changes to the solution arising from lifecycle re-quirements or incident/problem management or changes in policies or practices
• Designing and enhancing the security solutions to business requirements in accordance to security technology roadmaps, principles, standards and guidelines
• Technical integrity and scalability of the security solutions
• Provide 4th level point security technology or product expertise as a subject matter ex-pert in the event of technology failures. This may include :
• Troubleshooting incidents, problems and resolving
• Monitoring the various infrastructure components and services
• Planning and implementing changes with minimal or no business impact
• Liaising with supply chain / technology vendors / maintenance providers
• Collaborating with other technical experts in the DevOps team to develop cohesive, ef-fective solutions.
• Contributing to developing, maintaining and publishing principles, standards, guidelines and processes as needed, ensuring alignment with Enterprise Architecture and Security guidelines
• Identifying, discussing, requesting and logging exceptions to EA and Security principles and standards

We are looking for

Required Networking & Security Skills

• Working experience and understanding of common practices for O/T and ICS security and IT governance
• Cisco routing & switching to CCNP (or equivalent experience) or above
• Checkpoint firewall architecture / design & Build experience R77-R80
• ITIL3/NIST and InfoSec awareness
• Awareness of common vulnerabilities and mitigation technologies and use cases.
• Basic system admin and OS “end user” skills for Windows and Linux
• Experience with IPS/Sandboxing/Threat Emulation or similar MS office skills
• Understanding of endpoint and network blacklist/whitelist/behavior analytics technologies

General Skills

• Requires advanced knowledge and understanding of security architecture, security products and integration; typically, more than 5 years of relevant experience
• Previous roles might include Security Architect/engineer, Cloud Architect/engineer, Net-work Architect/ Principal Engineer, or Distinguished Engineer.
• Strong process oriented approach to work and excellent attention to detail.
• Resilient team player who is goal-orientated and demonstrates a high level of commitment with the ability to work under minimal supervision
• Excellent Written and Verbal skills with people at all levels across the organization in English.
• Focused on quality

Azure Technical Skills (desirable)

• Understanding of Azure Network Principals
• Broad infrastructure knowledge around network, storage, network and security (to include NSG and Azure UDRs)
• Experience in Cloud security, ISO 27001 or NIST framework
• Build automation and configuration management preferably via Ansible Managing source code and package repositories such as GIT

DevOps (desirable)
• Understanding of Agile vs Waterfall modes of working
• Understanding of DevOps / IT terms – enough to follow a technical dialogue between IT team members

In addition to above, the suitable candidate has ideally:

• Bachelor’s in computer engineering, computer science, or related field, or +15 years of technical experience.
• Highly organized and detail-oriented
• reactive, analytical, and driven
• Thrives in a fast-paced work environment
• Enjoys complex problem-solving and collaboration