The Security Architect champions secure development and application security practices throughout the organization. Working with the Engineering and Product teams, the Security Architect ensures that applications are developed using secure patterns and reviews changes to existing applications. They also ensure that the underlying infrastructure and systems are managed securely. As a key member of the Information Security department, the Security Architect works to help build a comprehensive suite of security capabilities, controls, and standards. In a nutshell: building security and automation into the DevOps/SRE and engineering processes. If you prefer buzzwords: ‘DevSecOps’. 

Job Duties

• Architect security systems and models to help secure platform and products, both in the cloud and on-prem/colo

• Build the Security Architecture review program and processes

• Automate application security tooling by building it into the CI/CD processes

• Ensure that software is developed securely with resilient architectures and patterns

• Partner with the Platform and DevOps teams to implement appropriate security architecture, tooling and automation for Kubernetes and AWS/GCP

• Establish appropriate security checkpoints in the SDLC to ensure that secure code practices are being followed

• Understand and track the current threat landscape for products and software that we develop and create controls accordingly

• Function as the subject matter expert on application security architecture

• Assess fraud vectors in applications and partner with the appropriate team to address and resolve related issues

Job Requirements

• 10 years of experience in SRE, DevOps, Linux System Administration, Information Security, or similar

• Solid understanding of automation tooling; primarily CI/CD pipelines and containers)

• Solid understanding of computer security principles and development processes

• Deep understanding of software dependencies, related vulnerabilities and secure use of software repositories and open source software 

• Knowledge of financial industry regulations, such as SOC2 and PCI, is a plus

• Knowledge of secure coding principles and ability to partner and collaborate with developers

Work Environment

We utilize a hybrid work model, which allows us to attract top talent and increase impact through collaboration. Our team members enjoy a balance of remote work and in-office days. Travel expectations for remote employees is about 15%, and the company covers travel expenses for remote employees. Local employees will utilize in-office time on a weekly basis Tuesday through Thursday. Both local and remote employees can take advantage of our incredible office space with onside perks like company-paid meals, onsite massage therapist, golf simulator, and meditation room to name a few.