Cyber Security Architect (H/F) - NAVBLUE, INC.

Job Description: NAVBLUE is seeking a highly experienced and visionary Cyber Security Architect to join our dynamic team in Waterloo.As a critical member of our Operational Excellence department, you will be instrumental in elevating the security posture of NAVBLUE's cutting-edge products, services, and infrastructure. This role offers the opportunity to lead significant security initiatives, setting strategic direction and implementing robust cybersecurity frameworks that align with our business objectives and proactively mitigate emerging threats. You will collaborate closely with enterprise and solution architects , as well as the existing Cyber Security Architect, to drive a comprehensive "Security by Design" approach throughout the entire product lifecycle. While you will work hand-in-hand with your security team colleagues, your capacity will focus on strategic leadership, complex problem-solving, and driving the implementation of advanced security measures. Main Responsibilities: Strategic Leadership & Architecture:

• Lead and perform comprehensive Security Risk and Threat analysis during the initial design phases of the Software Development Life Cycle (SDLC) , providing strategic recommendations and defining non-functional security requirements in coordination with Solution Architects.
• Champion and embed Security by Design principles across the entire SDLC, ensuring all security requirements are meticulously applied before product or function release.
• Drive and perform continuous Security Risk and Threat analysis throughout product lifecycles, identifying remediation actions and defining strategies to achieve and maintain the expected security level.
• Architect, lead the implementation, and oversee the follow-up of advanced security controls based on industry standards, continuously evaluating and enhancing our security infrastructure.
• Collaborate with IT, DevOps, and SecOps teams to design, configure, and implement sophisticated security monitoring and defense tools (e.g., SIEM, IDS/IPS, ASM, WAF) to proactively safeguard against breaches, cyber threats, and unauthorized access.
• Oversee Security testing planning and performance, including sophisticated penetration testing and vulnerability scanning initiatives.

Vulnerability Management & Compliance:

• Analyze and interpret complex security scan results and vulnerability reports to develop prioritized, actionable remediation strategies, working closely with IT, Development, and Hosting teams to effectively address vulnerabilities.
• Ensure robust product compliance with evolving security standards and regulations, proactively identifying potential findings and defining comprehensive treatment plans.
• Lead the implementation of remediation actions and ensure diligent follow-up until completion.

Reporting & Collaboration:

• Define and report on critical product security metrics and identified security risks, tracking the implementation status of security risk treatment plans.
• Report on and provide expert assistance with all security events and incidents related to NAVBLUE products.
• Act as the primary Software Factory Security point of contact, ensuring the effective deployment of NAVBLUE's security strategy within technical operations.
• Ensure effective synchronization and alignment with the broader Airbus Security Organization.

Qualified Experience/Skills/Training: Education:

• Bachelor’s degree in a technical discipline, coupled with specialized training and education in cyber security principles.
  
  

Experience:

• Minimum of 8+ years of progressive experience in Security Architecture/Engineering, Network Architecture, and/or Security Operations.
• Proven experience with security in cloud environments, with a strong preference for AWS.
• Demonstrated experience with Artificial Intelligence (AI) security assessments and implementation.
• Experience with SOC2 audits or similar
• Software development and/or software architecture experience is a significant asset.

Licensure/Certifications:

• Industry-leading certifications such as AWS CSA, ISC2 ISSAP, SABSA SCF, or similar.
  
  

Knowledge, Skills, Demonstrated Capabilities & Competencies:

• Deep knowledge of various security certifications and frameworks (e.g., ISO2700, NIST) sufficient to provide immediate leadership and guidance to individuals, teams, and departments in meeting organizational security requirements.
• Working knowledge of the SDLC and AWS network architecture.
• Strong understanding of security testing methodologies within the software pipeline (SAST, DAST, SCA, RASP).
• Expertise in threat and risk frameworks such as STRIDE, DICE, etc..
• Proficiency with AWS tools.
• Experience with Cloud Security Management tools like CNAPP, CSPM, CWPP, and CIEM.
• Knowledge of security risk assessment methodologies (e.g., EBIOS RM).
• Proficiency in Security Requirement Definition and Review.
• Familiarity with Incident Management Systems and various Security Management Tools (email filtering, vulnerability scanning tools, security dashboards, etc.).
• Knowledge of the SAFe Agile method is an asset.

Communication Skills (Spoken, Written, Influencing, Proficiency in Other Languages):

• Excellent analytical and problem-resolution skills.
• Proven experience managing multiple complex projects simultaneously.
• Exceptional interpersonal skills, adaptable to all levels of the organization.
• Demonstrated ability to contribute effectively in a collaborative environment.
• Proven project leadership and strong communication skills.
• Capable of influencing individuals at all levels of the organization to drive and implement change while identifying and minimizing risk impact.
• Excellent communication skills in English (both written & verbal), including the ability to deliver compelling staff presentations.
• Ability to communicate effectively at both technical and strategic levels.

Travel Required:

• Occasional domestic and international travel (10-15%) may be required.
  
  

______________________________________________________________________________How to Apply: Candidates who are interested in joining the NAVBLUE team are invited to submit their resume and cover letter, highlighting their work experiences and skills via email to [email protected] . We thank all applicants for applying. Only selected applicants will be contacted. Navblue is committed to creating an environment and a culture where everyone feels like they belong no matter who they are or where they are from. We are committed to providing equal employment opportunities to all individuals based on job-related qualifications and ability to perform a job. We do not discriminate against any employee or applicant for employment because of race, colour, sex, age, national or ethnic origin, religion, sexual orientation, gender identity or expression, marital status, family status, genetic characteristics, record of offences, and basis of disability or any protected class. Accommodations will be available on request for candidates throughout the entire recruitment and selection process. About Us: NAVBLUE, an Airbus Company, is a leading global provider of flight operations solutions, including aeronautical charts, navigation data solutions, flight planning, aircraft performance software (take-off/landing, weight and balance), and crew planning solutions. You’ll be able to shape the future of the digital aviation industry by working on several of the best in the industry flagship products enabling pilots, dispatchers, flight engineers and other aviation personnel on a daily basis to deliver safe, efficient, and reliable flight operations all over the world. You’ll have the opportunity to support millions of flights each year and help NAVBLUE customers maximize efficiency, reduce costs, ensure compliance with complex national and international safety regulations, and effectively deliver their services. You’ll join a team with a focus on digital and collaborative innovation that is passionate and customer-focused. Over the last few years, Airbus has been supportive of various initiatives such as Going Digital, Performance Based Navigation Services, Air Traffic Management Modernization Programs, FlySmart on iOS and other digital projects related to new aircraft technologies; the launch of NAVBLUE was therefore a natural step to further develop its Flight Operations and Air Traffic Management Portfolio. NAVBLUE is a fully owned subsidiary of Services by Airbus, fueled by the agility of Airbus ProSky and Navtech (acquired in 2016), and the pioneering spirit of Airbus, NAVBLUE was created in July 2016 with one mission: lead aviation into the digital age. NAVBLUE is based in Hersham (UK), Cardiff (UK), Toulouse (France), Waterloo, ON (Canada), Bangkok (Thailand), Malmö (Sweden), and Gda n sk (Poland) with other offices all around the world. The Future is Yours for the Taking: https://youtu.be/vdY6gYuceYY This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.Company: NAVBLUE, Inc.Employment Type:Permanent-------Experience Level:ProfessionalJob Family:Cyber Security By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief. Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to [email protected] . At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.