Security Architect P-045
The Security Architect champions secure development and application security practices throughout the organization. Working with the Engineering and Product teams, the Security Architect ensures that applications are developed using secure patterns and reviews changes to existing applications. They also ensure that the underlying infrastructure and systems are managed securely. As a key member of the Information Security department, the Security Architect works to help build a comprehensive suite of security capabilities, controls, and standards. In a nutshell: building security and automation into the DevOps/SRE and engineering processes. If you prefer buzzwords: ‘DevSecOps’.
Job Duties
Architect security systems and models to help secure platform and products, both in the cloud and on-prem/colo
Build the Security Architecture review program and processes
Automate application security tooling by building it into the CI/CD processes
Ensure that software is developed securely with resilient architectures and patterns
Partner with the Platform and DevOps teams to implement appropriate security architecture, tooling and automation for Kubernetes and AWS/GCP
Establish appropriate security checkpoints in the SDLC to ensure that secure code practices are being followed
Understand and track the current threat landscape for products and software that we develop and create controls accordingly
Function as the subject matter expert on application security architecture
Assess fraud vectors in applications and partner with the appropriate team to address and resolve related issues
Job Requirements
10+ years of experience in SRE, DevOps, Linux System Administration, Information Security, or similar
Solid understanding of automation tooling; primarily CI/CD pipelines and containers)
Solid understanding of computer security principles and development processes
Deep understanding of software dependencies, related vulnerabilities and secure use of software repositories and open source software
Knowledge of financial industry regulations, such as SOC2 and PCI, is a plus
Knowledge of secure coding principles and ability to partner and collaborate with developers
Work Environment
We utilize a hybrid work model, which allows us to attract top talent and increase impact through collaboration. Our team members enjoy a balance of remote work and in-office days. Travel expectations for remote employees is about 15%, and the company covers travel expenses for remote employees. Local employees will utilize in-office time on a weekly basis Tuesday through Thursday. Both local and remote employees can take advantage of our incredible office space with onside perks like company-paid meals, onsite massage therapist, golf simulator, and meditation room to name a few.