Director, Architecture - Enterprise Cybersecurity | Cloud

Job Description:

Fidelity Investments is looking for an experienced application architect to join the Enterprise Cybersecurity organization (ECS), focusing on delivering innovative solutions in application security for cloud and hybrid deployment, and support static and dynamic application security, and red team assessment!

The Team & Role

The ECS organization is responsible for delivering effective security solutions to ensure customer and enterprise data and assets are protected in a constantly evolving cyber-threat landscape. As part of that mission, ECS is seeking a highly skilled Security Architect to assume main responsibility for the development and implementation of security architecture for complex infrastructure and applications in a challenging and exciting business environment. You will work directly with the product management and engineering teams to develop solutions to critical projects and provide strategic roadmaps mentorship to both partner teams within ECS as well as for our business units and Enterprise Infrastructure.

The Expertise You Have

• Work Experience: minimum 7 years of proven technical lead / architectural skills and responsibilities in building enterprise Web applications. Hands-on software architecture and engineering experience. Application threat modeling and risk assessment experience.

• Proven leadership skills, demonstrated ability to mentor, influence and partner with application architects, engineering, and product teams to deliver robust application solutions

• In-depth understanding of threats and vulnerabilities in web, API, and enterprise applications

• Deep technical understanding of and experience with security technologies in areas related to Application Security

• Working knowledge and experience with "Cloud Architectures" (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing (e.g., integrating cloud with on-premise services, Secure SDLC (SSDLC), Data Protection, OWASP top-10)

• Deep expertise in CI/CD practices, Pipelines (Jenkins preferred), and build tools (Maven, Gradle, etc.)

• Deep architectural understanding of the following: Mitigation strategies to protect customer data and applications from threats and vulnerabilities, Secure code review and software composition analysis, Dynamic application security testing including penetration testing, Red Team assessment

• Qualities: Skilled at taking complex topics and making them simple, Clear judgment and stands behind their decisions, Flexible and collaborative with peers

• Experience with application security products and solutions for secure code review, penetration testing and Red Team assessment

The Skills You Bring

• Significant experience in secure SDLC, application threat modeling and risk assessment

• Significant hands-on experience in application security solution architecture, technical design and programming. Familiar with common software design patterns, methodologies and processes (UML, OOD, data modeling, middle-tier, AWS & Azure)

• Experience in AppSec Testing (SAST, DAST, SCA, IAST).

• Experience in DevSecOPS (CI/CD, Automation) and common code vulnerabilities (XSS, SQLI etc) in popular programming languages and open-source packages (Java, NodeJS, Spring, etc)

• Significant background in solving complex technology challenges to move initiatives forward

• Agile development approach to continuously deliver value while balancing product strategy

• Strong inter-personal and communication skills including written, verbal, and technology illustrations

• Ability to communicate business value and influence other leaders in adopting emerging technology and innovation

• Capacity to quickly understand and incorporate new technologies

• Participate in the development of Application Security capabilities roadmap based on forward looking business & security strategies to drive program and investment decisions

The Value You Deliver

• Influence application security architecture vision, strategy, principles, and blueprint to enable Fidelity focus on strengthening and securing our clients' financial well-being

• Evangelize and drive adoption of enterprise practices (reference architectures) and standard methodology and promote changes in process, standards, or technologies when necessary.

• Develop and produce high quality documentation for strategic security architecture vision, including blueprints, standards and frameworks that are aligned with overall business strategy

• Participate in solution architecture design, lead security efforts assisting with the integration and initial implementation of solutions (Proof of Concepts)

• Serve as information security domain specialist, provide advisory and consulting services as required

• Stay on top of application security trends and the emerging threat landscape and actively engage with vendors, understanding architecture roadmaps, technology direction, and investment to improve security capabilities and deliver efficient solutions

Certifications:

Company Overview

Fidelity Investments is a privately held company with a mission to strengthen the financial well-being of our clients. We help people invest and plan for their future. We assist companies and non-profit organizations in delivering benefits to their employees. And we provide institutions and independent advisors with investment and technology solutions to help invest their own clients' money.

Join Us

At Fidelity, you'll find endless opportunities to build a meaningful career that positively impacts peoples' lives, including yours. You can take advantage of flexible benefits that support you through every stage of your career, empowering you to thrive at work and at home. Honored with a Glassdoor Employees' Choice Award, we have been recognized by our employees as a top 10 Best Place to Work in 2024. And you don't need a finance background to succeed at Fidelity-we offer a range of opportunities for learning so you can build the career you've always imagined.

Fidelity's working model blends the best of working offsite with maximizing time together in person to meet associate and business needs. Currently, most hybrid roles require associates to work onsite all business days of one assigned week per four-week period (beginning in September 2024, the requirement will be two full assigned weeks).

At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry. Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation, detailed in this document, and may be asked to provide additional documentation as requested. This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent). These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances: Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine.

We invite you to Find Your Fidelity at fidelitycareers.com.

Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop and retain a diverse workforce is to build an enduring culture of inclusion and belonging.

Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation, contact the HR Accommodation Team by sending an email to accommodations@fmr.com, or by calling 800-835-5099, prompt 2, option 3.