Cyber Security Architect

Cyber Security Architect

Position: Cyber Security Architect

Location: Hybrid in any of the following: Boston (MA), Holmdel (NJ), Dallas (TX), Miami (FL), or NYC (NY)

Duration:

Position Overview:

• Assess architectural patterns for service account authentication, Privileged Access Management, DevSecOps pipeline, security logging and monitoring, audit logging, and compliance guidance and monitoring.

• Responsible for protecting the Bank, customers and employees by mitigating and identifying technology threats to Santander.

• Provide expertise for cyber security technical and non-technical solutions; review and provide guidance enabling business system in the cloud while leveraging Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and Software as a Service (SaaS) in a manner that adheres to Santander information security policy and standards.

• Review and approve target state deployment topology, High-Level Architecture and Private Link interactions for the Public Cloud Workloads.

• Share cloud technology expertise with application architects and provide consultative support to application teams including assessment of connectivity requirements, VNet/VPC, and subnet design and recommendations.

Required Skills:

• Designed application authentication and authorization solutions including Single-Sign-On, Multi-Factor Authentication, OAuth, OpenID Connect, Sentinel, Dome9, Qualys, Azure Key Vault and related technologies for workloads moving to the cloud.

• Experience with Scrum, Kanban and SAFe Agile practices and strong aptitude to work in a DevOps culture and environment.

• Full-stack development experience building application software, test automation, and infrastructure as code.

• Familiar with cloud automation frameworks (Terraform, Ansible) and cloud provided automation tools (Azure Resource Manager Templates).

• Hands-on work experience working with SOAP and REST APIs, microservices design.

• Experience in private network connectivity using Express Routes, Direct Connect, etc.

• Familiarity with load balancing technologies - ILB (Internal Load Balancers), Application Gateway, WAF (Web App Firewall), F5 appliance solutions, etc.

• Familiarity with network security principles (Network Security Groups, Application Security Groups), Private Link Services, Service Endpoint, Service Tags, etc.

Cloud Computing:

• Thorough understanding and experience with AZURE & AWS native controls.

• Good knowledge / hands-on experience in the following in AZURE & AWS:

• Network Security Groups and Micro-segmentation concepts

• UDR and Load balancers

• VPN Gateways and ExpressRoute connection

• Azure Firewalls

• Service tags and service endpoints

• NAT and PAT concepts

• Automation frameworks (Terraform, Ansible, Chef, Puppet) and automation scripts to support the Azure environment tools (Azure Resource Manager Templates)

• Operation Management Suite (OMS) queries using Kusto query language (KQL)

• Security Events and Incident Management (SEIM)

• Familiarity with OWASP and integrations with static code analysis and dynamic code analysis tools.

Qualifications:

• Typically requires a University Degree or equivalent experience.

• Minimum 12 years of prior relevant experience including prior management experience.

• Minimum 3 years of financial services experience.

• Advanced Information Security Certification from (ISC)2, ISACA or equivalent (CISSP, CRISC, CCSP, etc.)

Core Must-Haves:

• Ability to design and assess business applications or solutions in financial services.

• Knowledge of financial applications, infrastructure, network, cryptography, IAM, and risk management.

• Excellent verbal and written communication skills in English.

• Should have experience in US banking systems and regulations.

• Collaborate with project teams and architects from various domains such as enterprise architecture, data architecture, engineering, and infrastructure.

• Minimum 12 years of prior relevant experience.

• Minimum 3 years of financial services experience.