Principal Security Architect

Are you ready to explore a world of possibilities?

Do you want to work on innovative projects, collaborate with a dynamic and encouraging team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to crafting a workplace that looks like the world that we serve.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive.
• Comprehensive health and life insurance and well-being benefits, based on location.
• Pension / Retirement benefits 
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). 

The impact you will have in this role: 

As a Security Architect for the Cybersecurity Architecture Team, you will be an ambassador for the shift in the technology culture at DTCC to a Security-First culture, interacting with stakeholders to build, collaborate, and inspire changes in control standards, crafting design architecture documentation and evaluating PoC (Proof of Concept) of candidate designs prior to deployment, and furthering the maturity of DTCC’s security tooling.  This role will work closely with application development and engineering teams across the organization to integrate security into the product lifecycle from design through deployment. The Security Architect is a domain expert in defining security requirements, performing security assessments, and providing remediation mentorship and advice. The Security Architect should expect to be pulled in at short notice to evaluate a new system, review a proposed application change, or supplement mentorship on application security/coding standard methodologies. 

Your Primary Responsibilities:

• Work independently with developers, system/network administrators, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks.
• Perform security capability and CI/CD product assessments to ensure the security of our applications.
• Supply remediation mentorship and recommendations to developers and administrators.
• Build reference and use case architecture documentation.
• Define security best methodologies and standards and ensure Product Development teams understand them and receive pertinent annual secure coding training.
• Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
• Align risk and control processes into day-to-day responsibilities to supervise and mitigate risk; calls out appropriately

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **

Qualification:

• Minimum of 8+ years of overall experience 
• Minimum of 3+ years of cybersecurity work experience
• Bachelor's degree preferred and/or equivalent experience.

Talents Needed for Success:

• Experience working with development and engineering teams to build secure solutions.
• Experience breaking down sophisticated systems and applications to find flaws.
• Knowledge of web application technologies and layer 7 protocols such as HTTP, FTP, DHCP, etc.
• Proficiency in reading, writing, and auditing Java and/or JavaScript and the ability to pick up new languages/technologies.
• Strong familiarity with common vulnerabilities and attack vectors
• Familiarity with general Identity & Access Management capabilities preferred.
• Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs
• The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management.
• Experience with application security control frameworks, metrics, security policies and processes and current usage in applications and APIs (e.g., Authentication, Authorization, Cryptography, Data Protection, Web Access Firewall, etc.)
• Experience with software security assessment benchmarking using industry standard frameworks, including OWASP and SAMM
• Knowledge of OWASP Top 10 vulnerabilities and prevention techniques and technologies, security, risk, and compliance standard processes
• Experience in one or more cloud platforms (Azure, AWS, GCP).
• Experience in application security testing methodologies and Dev-Sec-Ops security automation, including DAST, SAST, IAST, SCA
• Experience in CI/CD tools, their architecture, design, and implementation.
• Experience with agile methodologies, working in fast phase agile security environment.
• Effective communication skills with the ability to present in front of large highly technical and non-technical audience.
• Self-motivated with excellent team skills
• Excellent written and verbal communication skills, interpersonal and collaborative skills
• Must be a critical thinker, with strong problem-solving skills.

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job function.