Director, Architecture - Enterprise Cybersecurity | Cloud

Job Description:

Fidelity Investments is looking for an experienced application architect to join the Enterprise Cybersecurity organization (ECS), focusing on delivering innovative solutions in application security for cloud and hybrid deployment, and support static and dynamic application security, and red team assessment!

The Team & Role

The ECS organization is responsible for delivering effective security solutions to ensure customer and enterprise data and assets are protected in a constantly evolving cyber-threat landscape. As part of that mission, ECS is seeking a highly skilled Security Architect to assume main responsibility for the development and implementation of security architecture for complex infrastructure and applications in a challenging and exciting business environment. You will work directly with the product management and engineering teams to develop solutions to critical projects and provide strategic roadmaps mentorship to both partner teams within ECS as well as for our business units and Enterprise Infrastructure.

• Work Experience: minimum 7 years of proven technical lead / architectural skills and responsibilities in building enterprise Web applications. Hands-on software architecture and engineering experience. Application threat modeling and risk assessment experience.
• Proven leadership skills, demonstrated ability to mentor, influence and partner with application architects, engineering, and product teams to deliver robust application solutions
• In-depth understanding of threats and vulnerabilities in web, API, and enterprise applications
• Deep technical understanding of and experience with security technologies in areas related to Application Security
• Working knowledge and experience with "Cloud Architectures" (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing (e.g., integrating cloud with on-premise services, Secure SDLC (SSDLC), Data Protection, OWASP top-10)
• Deep expertise in CI/CD practices, Pipelines (Jenkins preferred), and build tools (Maven, Gradle, etc.)
• Deep architectural understanding of the following: Mitigation strategies to protect customer data and applications from threats and vulnerabilities, Secure code review and software composition analysis, Dynamic application security testing including penetration testing, Red Team assessment
• Qualities: Skilled at taking complex topics and making them simple, Clear judgment and stands behind their decisions, Flexible and collaborative with peers
• Experience with application security products and solutions for secure code review, penetration testing and Red Team assessment

• Significant experience in secure SDLC, application threat modeling and risk assessment
• Significant hands-on experience in application security solution architecture, technical design and programming. Familiar with common software design patterns, methodologies and processes (UML, OOD, data modeling, middle-tier, AWS & Azure)
• Experience in AppSec Testing (SAST, DAST, SCA, IAST).
• Experience in DevSecOPS (CI/CD, Automation) and common code vulnerabilities (XSS, SQLI etc) in popular programming languages and open-source packages (Java, NodeJS, Spring, etc)
• Significant background in solving complex technology challenges to move initiatives forward
• Agile development approach to continuously deliver value while balancing product strategy
• Strong inter-personal and communication skills including written, verbal, and technology illustrations
• Ability to communicate business value and influence other leaders in adopting emerging technology and innovation
• Capacity to quickly understand and incorporate new technologies
• Participate in the development of Application Security capabilities roadmap based on forward looking business & security strategies to drive program and investment decisions

• Influence application security architecture vision, strategy, principles, and blueprint to enable Fidelity focus on strengthening and securing our clients' financial well-being
• Evangelize and drive adoption of enterprise practices (reference architectures) and standard methodology and promote changes in process, standards, or technologies when necessary.
• Develop and produce high quality documentation for strategic security architecture vision, including blueprints, standards and frameworks that are aligned with overall business strategy
• Participate in solution architecture design, lead security efforts assisting with the integration and initial implementation of solutions (Proof of Concepts)
• Serve as information security domain specialist, provide advisory and consulting services as required
• Stay on top of application security trends and the emerging threat landscape and actively engage with vendors, understanding architecture roadmaps, technology direction, and investment to improve security capabilities and deliver efficient solutions