• You will join a highly skilled and new team of subject matter experts to enable Fidelity’s developers and architects build secure technology solutions.
• Lead secure design review assessment efforts of Fidelity's technology solutions, including web applications, mobile applications, infrastructures, and standardized architectural solutions.
• You will research and understand the technologies in use by Fidelity. You will also replicate the actual techniques and tools used by malicious attackers to model potential external threats.
• Upon completion of the assessment, you will prepare reports and present the results to application owners, developers, architects, and business unit information security teams.
• Document the results in the system of record and explain the results to both technical and non-technical audiences.
• Perform analysis of aggregated results, draw conclusions, and define both tactical and strategic recommendations.
• Consult with the remediation and enforcement teams to ensure the potential weaknesses are addressed.

Required Qualifications

​

• 10+ years of IT experience.
• Bachelor’s degree in Computer Science, Information Systems, or equivalent work experience.
• 5+ years hands-on experience working within the cybersecurity domain.
• Experience assessing network, application, and infrastructure architecture (both cloud and on prem) and delivering the results and recommended mitigations.
• Experience with industry standard threat modeling and applying the standards to existing or new designs (e.g. STRIDE, PASTA, etc.).
• Expert level technical knowledge of application and network security vulnerabilities and best practices including OWASP Top 10 vulnerabilities and MITRE Tactics, Techniques and Procedures (TTPs).
• Knowledge of security industry best practices including encryption, SCIM, Oauth, OIDC, FIDO etc.
• Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues.
• Experience with fostering an environment of continuous improvement across the organization.
• Effective at communication with associates across the organization to positively influence partners and key technology decision makers.

​

Preferred Qualifications

​

• Preferred: Experience using a threat modeling tool (eg IriusRisk etc.).
• Preferred: Hands-on experience with Security architecture, Penetration testing, Secure Code Review, Vulnerability Analysis, Red Team.
• Preferred: Relevant certifications such as CISSP, CISA, CCSP, OSCP, OSCE, GPEN, GXPN, or other industry recognized security certification.

Fidelity’s hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.