The Security Architect champions secure development and application security practices throughout the organization. Working with the Engineering and Product teams, the Security Architect ensures that applications are developed using secure patterns and reviews changes to existing applications. They also ensure that the underlying infrastructure and systems are managed securely. As a key member of the Information Security department, the Security Architect works to help build a comprehensive suite of security capabilities, controls, and standards. In a nutshell: building security and automation into the DevOps/SRE and engineering processes. If you prefer buzzwords: ‘DevSecOps’.Job DutiesArchitect security systems and models to help secure platform and products, both in the cloud and on-prem/coloBuild the Security Architecture review program and processesAutomate application security tooling by building it into the CI/CD processesEnsure that software is developed securely with resilient architectures and patternsPartner with the Platform and DevOps teams to implement appropriate security architecture, tooling and automation for Kubernetes and AWS/GCPEstablish appropriate security checkpoints in the SDLC to ensure that secure code practices are being followedUnderstand and track the current threat landscape for products and software that we develop and create controls accordinglyFunction as the subject matter expert on application security architectureAssess fraud vectors in applications and partner with the appropriate team to address and resolve related issuesJob Requirements10+ years of experience in SRE, DevOps, Linux System Administration, Information Security, or similarSolid understanding of automation tooling; primarily CI/CD pipelines and containers)Solid understanding of computer security principles and development processesDeep understanding of software dependencies, related vulnerabilities and secure use of software repositories and open source softwareKnowledge of financial industry regulations, such as SOC2 and PCI, is a plusKnowledge of secure coding principles and ability to partner and collaborate with developersWork EnvironmentWe utilize a hybrid work model, which allows us to attract top talent and increase impact through collaboration. Our team members enjoy a balance of remote work and in-office days. Travel expectations for remote employees is about 15%, and the company covers travel expenses for remote employees. Local employees will utilize in-office time on a weekly basis Tuesday through Thursday. Both local and remote employees can take advantage of our incredible office space with onside perks like company-paid meals, onsite massage therapist, golf simulator, and meditation room to name a few.Powered by JazzHR
