Influence application security architecture vision, strategy, principles, and blueprint to enable Fidelity focus on strengthening and securing our clients’ financial well-being

Evangelize and drive adoption of enterprise practices (reference architectures) and standard methodology and promote changes in process, standards, or technologies when necessary.

Develop and produce high quality documentation for strategic security architecture vision, including blueprints, standards and frameworks that are aligned with overall business strategy

Participate in solution architecture design, lead security efforts assisting with the integration and initial implementation of solutions (Proof of Concepts)

Serve as information security domain specialist, provide advisory and consulting services as required

Stay on top of application security trends and the emerging threat landscape and actively engage with vendors, understanding architecture roadmaps, technology direction, and investment to improve security capabilities and deliver efficient solutions

Required Qualifications

• Education: BS or Master’s in Computer Science, Computer Information Systems Engineering or Management Information Systems or equivalent work experience
• Work Experience: minimum 7 years of proven technical lead / architectural skills and responsibilities in building enterprise Web applications. Hands-on software architecture and engineering experience. Application threat modeling and risk assessment experience.
• Proven leadership skills, demonstrated ability to mentor, influence and partner with application architects, engineering, and product teams to deliver robust application solutions
• In-depth understanding of threats and vulnerabilities in web, API, and enterprise applications
• Deep technical understanding of and experience with security technologies in areas related to Application Security
• Working knowledge and experience with "Cloud Architectures" (e.g., SaaS, PaaS, IaaS) and the ability to address the unique security considerations of secure Cloud computing (e.g., integrating cloud with on-premise services, Secure SDLC (SSDLC), Data Protection, OWASP top-10)
• Deep expertise in CI/CD practices, Pipelines (Jenkins preferred), and build tools (Maven, Gradle, etc.)
• Deep architectural understanding of the following: Mitigation strategies to protect customer data and applications from threats and vulnerabilities, Secure code review and software composition analysis, Dynamic application security testing including penetration testing, Red Team assessment

Preferred Qualifications

• Experience with application security products and solutions for secure code review, penetration testing and Red Team assessment
• Significant experience in secure SDLC, application threat modeling and risk assessment
• Significant hands-on experience in application security solution architecture, technical design and programming. Familiar with common software design patterns, methodologies and processes (UML, OOD, data modeling, middle-tier, AWS & Azure)
• Experience in AppSec Testing (SAST, DAST, SCA, IAST).
• Experience in DevSecOPS (CI/CD, Automation) and common code vulnerabilities (XSS, SQLI etc) in popular programming languages and open-source packages (Java, NodeJS, Spring, etc)
• Significant background in solving complex technology challenges to move initiatives forward
• Agile development approach to continuously deliver value while balancing product strategy
• Strong inter-personal and communication skills including written, verbal, and technology illustrations
• Ability to communicate business value and influence other leaders in adopting emerging technology and innovation
• Capacity to quickly understand and incorporate new technologies
• Participate in the development of Application Security capabilities roadmap based on forward looking business & security strategies to drive program and investment decisions

NA