• Assess architectural patterns for service account authentication, Privileged Access Management, DevSecOps pipeline, security logging and monitoring, audit logging, and compliance guidance and monitoring.
• Assess against industry security standards such as SAML and OAUTH2
• Responsible for protecting the Bank, customers and employees by mitigating and identifying technology threats.
• Provide expertise for cyber security technical and non-technical solutions; review and provide guidance enabling business system in the cloud while leveraging Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and Software as a Service (SaaS) in a manner that adheres to information security policy and standards.
• Contribute, Review and approve target state deployment topology, High-Level Architecture and Private Link interactions for the Public Cloud Workloads
• Share cloud technology expertise with application architects and provide consultative support to application teams including assessment of connectivity requirements, VNet/VPC, and subnet design and recommendations
• Represent Information Security within a cross functional architecture team
• Participate in the architectural process both waterfall and agile
• Lead the architecture of tools, processes, and software pipelines of Information Security tower within Agile
• Primary author of project security architecture
• Interface with project managers
• Executive Level Presentations
• Prepare presentations to auditors
• Designed application authentication and authorization solutions including Single-Sign-On, Multi-Factor Authentication, OAuth, OpenID Connect, Sentinel, Dome9, Qualys, Key Vault and related technologies for workloads moving to the cloud.
• Experience with Scrum, Kanban and SAFE Agile practices and strong aptitude to work in a DevOps culture and environment.
• Full-stack development experience building application software, test automation, and infrastructure as code
• Familiar with cloud automation frameworks (Terraform, Ansible) and cloud provided automation tools (Azure Resource Manager Templates).
• Hands-on work experience working with SOAP and REST APIs, microservices design
• Experience in private network connectivity using Express Routes, Direct Connect, etc.
• Familiarity with load balancing technologies – ILB (Internal Load Balancers), Application Gateway, WAF (Web App Firewall), F5 appliance solutions, etc.
• Familiarity with network security principles (Network Security Groups, Application Security Groups), Private Link Services, Service Endpoint, Service Tags, etc.
• Experience in financial services applications
• Hands-on work experience implementing API security.
• Thorough understanding and experience with AZURE & AWS native controls
• Good knowledge / hands-on experience in the following in AZURE & AWS
• Network Security Groups and Micro-segmentation concepts
• UDR and Load balancers
• VPN Gateways and ExpressRoute connection
• Azure Firewalls
• Service tags and service endpoints
• NAT and PAT concepts
• Automation frameworks (Terraform, Ansible, Chef, Puppet) and automation scripts to support the Azure environment tools (Azure Resource Manager Templates)
• Operation Management Suite (OMS) queries using Kusto query language (KQL)
• Security Events and Incident Management (SEIM)
• Familiarity with OWASP and integrations with static code analysis and dynamic code analysis tools.
• Typically requires a University Degree or equivalent experience.
• Minimum 12 years of prior relevant experience including prior management experience.
• Minimum 4 years security architecture experience
• Minimum 3 years of financial services experience
• Advanced Information Security Certification from (ISC)2, ISACA or equivalent (CISSP, CRISC, CCSP, etc.)
Notes- Remote, but candidates in NYC are a plus