Application Security Architect (Technical Architect)

Edward Jones is seeking a Security Architect to lead security considerations of our technology transformation efforts in cloud environments. This person will assist in our digital transformation goals, increased business agility, elastic scalability, enhanced security, and reduction in our support for on-premises commodity solutions.

What You’ll Do:

The Security Architect will be responsible for embedding with the business portfolio to support and represent Information Systems (IS) security policies, standards, and requirements.

• Identify risks and threats within the business line portfolio and regularly evaluate the security posture of the cloud environment.

• Advocate for a security-by-design approach in cloud and digital transformation initiatives.

• Review and recommend architecture to ensure security controls are embedded into designs and patterns, as well as supporting scalability, reliability, and compliance.

• Provide guidance on technology selection and operational processes for running systems in a cloud environment.

• Participate in proof-of-concept efforts for new SaaS and IaaS applications to represent security requirements.

• Define and track key performance indicators for cloud security.

What Experience You’ll Need:

• Minimum 8 years’ experience in cybersecurity as a practitioner.

• Experience with architecting secure systems.

• Must be able to communicate effectively to multiple audiences including firm-wide business units, senior leaders, associates, external vendors.

• Experience applying and operating security capabilities such as Cloud Access Security Broker (CASB) and Cloud Security Posture Management (CSPM).

• Experience applying and operating CI/CD pipeline capabilities such as Infrastructure as Code (IaC) scanning, Static Application Security Testing and Dynamic Application Security Testing (DAST).

• Experience developing and applying cloud security policies and procedures.

What Could Set You Apart:

• Hands-on experience and subject matter expertise with Microsoft Azure.

• Working knowledge in network, storage, application development, operating systems, identity authentication & authorization, PAM, SSO, encryption standards, and contract negotiations.

• Technology background in the financial sector.

• Understanding of various regulatory requirements and laws, including but not limited to: New York Codes Rules and Regulations (NYCRR), National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).

• Microsoft Architect certifications, ISC2 certifications, SANS certifications