Job Description:
Fidelity Investments is looking for an experienced application architect to join the Enterprise Cybersecurity organization (ECS), focusing on delivering innovative solutions in application security for cloud and hybrid deployment, and support static and dynamic application security, and red team assessment!
The Team & Role
The ECS organization is responsible for delivering effective security solutions to ensure customer and enterprise data and assets are protected in a constantly evolving cyber-threat landscape. As part of that mission, ECS is seeking a highly skilled Security Architect to assume main responsibility for the development and implementation of security architecture for complex infrastructure and applications in a challenging and exciting business environment. You will work directly with the product management and engineering teams to develop solutions to critical projects and provide strategic roadmaps mentorship to both partner teams within ECS as well as for our business units and Enterprise Infrastructure.
The Expertise You Have
Education: BS or Master's in Computer Science, Computer Information Systems Engineering or Management Information Systems or equivalent work experience
Work Experience: minimum 7 years of proven technical lead / architectural skills and responsibilities in building enterprise Web applications. Hands-on software architecture and engineering experience. Application threat modeling and risk assessment experience.
Proven leadership skills, demonstrated ability to mentor, influence and partner with application architects, engineering, and product teams to deliver robust application solutions
In-depth understanding of threats and vulnerabilities in web, API, and enterprise applications
Deep technical understanding of and experience with security technologies in areas related to Application Security
Working knowledge and experience with "Cloud Architectures" (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing (e.g., integrating cloud with on-premise services, Secure SDLC (SSDLC), Data Protection, OWASP top-10)
Deep expertise in CI/CD practices, Pipelines (Jenkins preferred), and build tools (Maven, Gradle, etc.)
Deep architectural understanding of the following: Mitigation strategies to protect customer data and applications from threats and vulnerabilities, Secure code review and software composition analysis, Dynamic application security testing including penetration testing, Red Team assessment
Qualities: Skilled at taking complex topics and making them simple, Clear judgment and stands behind their decisions, Flexible and collaborative with peers
Experience with application security products and solutions for secure code review, penetration testing and Red Team assessment
The Skills You Bring
Significant experience in secure SDLC, application threat modeling and risk assessment
Significant hands-on experience in application security solution architecture, technical design and programming. Familiar with common software design patterns, methodologies and processes (UML, OOD, data modeling, middle-tier, AWS & Azure)
Experience in AppSec Testing (SAST, DAST, SCA, IAST).
Experience in DevSecOPS (CI/CD, Automation) and common code vulnerabilities (XSS, SQLI etc) in popular programming languages and open-source packages (Java, NodeJS, Spring, etc)
Significant background in solving complex technology challenges to move initiatives forward
Agile development approach to continuously deliver value while balancing product strategy
Strong inter-personal and communication skills including written, verbal, and technology illustrations
Ability to communicate business value and influence other leaders in adopting emerging technology and innovation
Capacity to quickly understand and incorporate new technologies
Participate in the development of Application Security capabilities roadmap based on forward looking business & security strategies to drive program and investment decisions
The Value You Deliver
Influence application security architecture vision, strategy, principles, and blueprint to enable Fidelity focus on strengthening and securing our clients' financial well-being
Evangelize and drive adoption of enterprise practices (reference architectures) and standard methodology and promote changes in process, standards, or technologies when necessary.
Develop and produce high quality documentation for strategic security architecture vision, including blueprints, standards and frameworks that are aligned with overall business strategy
Participate in solution architecture design, lead security efforts assisting with the integration and initial implementation of solutions (Proof of Concepts)
Serve as information security domain specialist, provide advisory and consulting services as required
Stay on top of application security trends and the emerging threat landscape and actively engage with vendors, understanding architecture roadmaps, technology direction, and investment to improve security capabilities and deliver efficient solutions
Certifications:
Company Overview
Fidelity Investments is a privately held company with a mission
to strengthen the financial well-being of our clients.
We help people invest and plan for their future. We assist companies and non-profit organizations in delivering benefits to their employees. And we provide institutions and independent advisors with investment and technology solutions to help invest their own clients' money.
Join Us
At Fidelity, you'll find endless opportunities to build a meaningful career that positively impacts peoples' lives, including yours. You can take advantage of flexible benefits that support you through every stage of your career, empowering you to thrive at work and at home. Honored with a
Glassdoor Employees' Choice Award , we have been recognized by our employees as a top 10 Best Place to Work in 2024. And you don't need a finance background to succeed at Fidelity—we offer a range of opportunities for learning so you can build the career you've always imagined.
At Fidelity, our goal is for most people to work flexibly in a way that balances both personal and business needs with time onsite and offsite through what we're calling " Dynamic Working ". Most associates will have a hybrid schedule with a requirement to work onsite at a Fidelity work location for at least one week, 5 consecutive days, every four weeks. These requirements are subject to change.
At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry . Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation,
detailed in this document , and may be asked to provide additional documentation as requested. This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent). These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances: Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine.
We invite you to
Find Your Fidelity
at
fidelitycareers.com .
Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop and retain a diverse workforce is to build an enduring culture of inclusion and belonging.
Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation, contact the HR Accommodation Team by sending an email to
******** , or by calling ******** , prompt 2, option 3.
#J-18808-Ljbffr
