Principal Product Security Architect

Network, Security, Architecture, IT, Project, Management, Software, Development, ISO, Computer, Engineering, Consulting, Application, Windows, Linux, Web, CISSP, SDLC, MCSE, CCNA, XML, SOAP
Full Time

Job Description

Come Work with Us!

Early Warning® is always looking for talented professionals to join our team and help us create amazing payments experiences! For over 25 years, we've been a leader in financial technology that protects and advances the global financial system.

We are a fast-growing company with an entrepreneurial spirit offering competitive compensation, exceptional benefits, and a fun, casual atmosphere filled with opportunity. Come work with a diverse, talented team creating the future of payments!
If you're looking to work with a fun, collaborative, and award-winning information security team, Early Warning could be an excellent fit for you. We invest in our team members' training and professional growth while offering flexible work arrangements. Our most valuable resource is our people, and we value diversity, inclusion, and flexibility. The days are fast-paced and with no two exactly alike. Our executive team and employees are passionate about security and consider this function critical to our success. Early Warning Services, LLC is a Fintech company owned by seven of the country's largest banks. Early Warning is best known as the owner and operator of the Zelle Network®, a financial services network focused on transforming payment experiences.

This position is available for Remote in the following states: AZ, CA, CO, CT, DE, FL, GA, IL, IN, KS, MD, MN, MO, NC, NE, NJ, NV, NY, OH, OR, PA, SC, TX, UT, WA, WI

Overall Purpose

This position leads the Security Architecture consultation with IT, Project Management, Product Management, Software Development and other peers on proper security architecture and software development processes to ensure the applications developed and systems implemented are in line with security best practices and Early Warning Services policies and standards.

Essential Functions

• Lead the Identification, measurement, control and minimization of security risks to information systems across a broad range of disciplines including application and host security.

• Drives the evaluation of the current methods in use by Early Warning to access and process data via Early Warning customer facing applications.

• Assist Security Architecture with the development of repeatable application security architectures working with internal and external partners to ensure that systems are placed within the relevant security zones based on the data they house and their purpose.

• Serves as the subject matter expert point of contact for all security issues in assigned areas.

• Leads security efforts with development teams to ensure that all newly developed and legacy applications and infrastructure implementations are in line with security policy and are compliance to the required frameworks (ISO, PCI, OWASP, NIST 800-53, etc.).

• Reviews changes and architectures for assigned areas from a security perspective.

• Assist Security Architecture with the evaluation of product business cases including functional and detailed design specs to ensure security standards are met.

• Assists and leads the security incident response process as assigned.

• Advises as a subject matter expert and contributes to the development of Early Warning security policy and procedures.

• Assist Security Architecture in the development of architectural reference material to ensure that security practices are being implemented in a repeatable fashion every time a new project is implemented.

• Lead efforts that document and present risks and security issues that could impact the confidentiality, integrity and/or availability of the business (both internally and externally) by assisting in documentation, tracking and creating solutions for mitigation.

• Work with internal and external penetration testing organizations to coordinate application and network based penetration.

• Lead security efforts with Software Development to perform static code analysis on all custom developed code.

• Assist Security Architecture in the Interaction with customer banks to gather yearly testing and security requirements, review penetration testing findings, mitigating controls and/or projects to rectify security vulnerabilities.

• Mentors new security team members.

• Leads assigned information security efforts.

• Individual contributor towards significant risk mitigation efforts.

• Support the company's commitment to protect the integrity and confidentiality of systems and data.

Minimum Qualifications

• Education and experience typically obtained through completion of a Bachelor's degree in Computer Science, Engineering, Math or Physical Science.

• Minimum 4 years of application security experience and 4 years of Security Architecture or Consulting experience.

• Subject matter expert in focused Application Security skill or silo.

• Expert knowledge of relational databases, Windows, and Linux operating systems.

• Ability to work independently and within a team environment.

• Ability to lead efforts that develop and deliver complex and enterprise wide risk mitigation solutions.

• Effective interpersonal skills, with ability to present to peers, coworkers and customers.

• Export knowledge of operating system, application, network, and database security architectures.

• Proficiency in AppSec and Web services security

• Application development background

• Delivered talks or published whitepapers at regional Security Conferences

• CEH/CPT, or CISSP or CSSLP Certification and one of GWEB, or Secure Development Cert, or PHD or MBA in InfoSec or equivalent certification.

• Exposure to the Agile SDLC process.

• Expert vulnerability exploitation experience.

• Experience leading information security efforts.

• Expert experience in analyzing technical issues and making recommendations for corrective action.

• Demonstrate expert understanding in the field of Information Security in terms of both concepts and technology.

• Background and drug screen.

Preferred Qualifications

• CEH/CPT, or CISSP or CSSLP Certification and one of GWEB, or Secure Development Cert, or PHD or MBA in InfoSec or equivalent certification.

• MCSE, SCSA, CCNA or CISA certification

• Cloud or Product Security experience

• Application development background
• Familiarity with HP Fortify

• Familiarity with BSIMM framework
• Familiarity with application penetration testing tools:
  • Proxies (Burp Suite Pro, Zed Attack Proxy)
  • Scanners (Netsparker, AppScan, WebInspect)
  • XML Tools (SOAP UI)

Employee must be able to perform essential functions and physical requirements of position with or without reasonable accommodation.


Physical Requirements

Working conditions consist of a normal office environment. Work is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Work may require occasional standing, walking, kneeling and reaching. Must be able to lift 10 pounds occasionally and/or negligible amount of force frequently. Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment including personal computers. Requires the ability to communicate with internal and/or external customers.

The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.

Early Warning Services is an affirmative action and equal opportunity employer.

Some of the Ways We Keep You Healthy & Happy

All the benefits you expect...
  • Healthcare Coverage - Competitive medical, dental, and vision plans as well as pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
  • Income Protection - Life & Disability Insurance options ensuring financial coverage for you and your family.
  • 401(k) Retirement Plan - Featuring a 100% Company Safe Harbor Match on your first 4% deferral immediately upon eligibility.
  • Work Life Management - Generous and flexible paid time off benefits for when you'll need to take some time away from work to care for yourself or a loved one.
  • Health & Wellness Program - An award-winning program designed to take a personalized, interactive approach to empower you to live your healthiest life.
  • Employee Assistance Program - Resources and tools to help you and your family find a solution to whatever life throws at you.

And some you might not...
  • Tuition Benefits Program
  • Dependent Scholarship Program
  • Employee Referral Bonus
  • Legal Services & Credit Counseling
  • Pet Insurance
  • Charitable Giving Matching Program
  • Employee Resource Groups

All full-time, regular Early Warning employees (as defined in company policy and based on state laws and regulations) are eligible for the benefits.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Early Warning Services is an Equal Opportunity employer. All qualified applicants and employees will receive consideration for employment without regard to race, color, religion, religious creed, ethnicity, ancestry, national origin, sex, pregnancy, age, marital status, sexual orientation, gender identity or expression, citizenship, ancestry, disability, veteran status, genetic information or any other characteristic protected by law.
Dice Id : 10307908
Position Id : REQ2021465
Originally Posted : 5 months ago
Have a Job? Post it

Similar Positions

Principal, Cyber Security Architect - Next Gen
  • BNY Mellon Corporation
  • New York, NY, USA
Principal, Cyber Security Architect - Next Gen
  • BNY Mellon Corporation
  • New York, NY, USA
Principal, Cyber Security Architect
  • BNY Mellon Corporation
  • Woodland Park, NJ, USA
Principal Network Security Architect
  • The Depository Trust & Clearing Corporation
  • Coppell, TX, USA
Principal, Information Security - Threat Detection Engineer
  • BNY Mellon Corporation
  • New York, NY, USA
Principal, Cyber Security Cloud Architect
  • BNY Mellon Corporation
  • Wellesley, MA, USA
Director, Enterprise Security Architect
  • Infinity Consulting Solutions
  • New York, NY, USA