Job Description:
Fidelity Investments is looking for an experienced application architect to join the Enterprise Cybersecurity organization (ECS), focusing on delivering innovative solutions in application security for cloud and hybrid deployment, and support static and dynamic application security, and red team assessment!
The Expertise and Skills You Bring
* Work Experience: minimum 7 years of proven technical lead / architectural skills and responsibilities in building enterprise Web applications. Hands-on software architecture and engineering experience. Application threat modeling and risk assessment experience.
* Proven leadership skills, demonstrated ability to mentor, influence and partner with application architects, engineering, and product teams to deliver robust application solutions.
* In-depth understanding of threats and vulnerabilities in web, API, and enterprise applications.
* Deep technical understanding of and experience with security technologies in areas related to Application Security.
* Working knowledge and experience with "Cloud Architectures" (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing (e.g., integrating cloud with on-premise services, Secure SDLC (SSDLC), Data Protection, OWASP top-10).
* Deep expertise in CI/CD practices, Pipelines (Jenkins preferred), and build tools (Maven, Gradle, etc.).
* Deep architectural understanding of the following: Mitigation strategies to protect customer data and applications from threats and vulnerabilities, Secure code review and software composition analysis, Dynamic application security testing including penetration testing, Red Team assessment.
* Qualities: Skilled at taking complex topics and making them simple, Clear judgment and stands behind their decisions, Flexible and collaborative with peers.
* Experience with application security products and solutions for secure code review, penetration testing, and Red Team assessment.
* Experience in AppSec Testing (SAST, DAST, SCA, IAST).
* Experience in DevSecOPS (CI/CD, Automation) and common code vulnerabilities (XSS, SQLI etc) in popular programming languages and open-source packages (Java, NodeJS, Spring, etc.).
* Significant background in solving complex technology challenges to move initiatives forward.
* Agile development approach to continuously deliver value while balancing product strategy.
* Strong inter-personal and communication skills including written, verbal, and technology illustrations.
* Ability to communicate business value and influence other leaders in adopting emerging technology and innovation.
* Capacity to quickly understand and incorporate new technologies.
The Team
The ECS organization is responsible for delivering effective security solutions to ensure customer and enterprise data and assets are protected in a constantly evolving cyber-threat landscape. As part of that mission, ECS is seeking a highly skilled Security Architect to assume main responsibility for the development and implementation of security architecture for complex infrastructure and applications in a challenging and exciting business environment. You will work directly with the product management and engineering teams to develop solutions to critical projects and provide strategic roadmaps mentorship to both partner teams within ECS as well as for our business units and Enterprise Infrastructure.
#J-18808-Ljbffr