Raymond James Financial Incorporated
Lead Enterprise Application Security Architect
Raymond James Financial Incorporated, St. Petersburg, Florida, United States,
This position will follow our hybrid work model, we expect the selected candidate to be in office 2-3 days a week at one of the following office locations: St. Petersburg, FL; Memphis, TN; Southfield, MI.
Job Summary:
The Raymond James Enterprise Application Security Architecture team is looking for a Security Architect to join our dynamic team and drive our organization's security initiatives forward. The ideal candidate will have a strong background in threat modeling, secure design reviews, and hands-on experience in assisting developers with remediation of vulnerabilities in their code. Additionally, this role will involve the creation of secure reference architectures tailored to our organization's needs, drawing from past design reviews and industry best practices.
Essential Duties and Responsibilities:
•Conduct secure design reviews and threat modeling exercises for new projects, features, and architectural changes, ensuring alignment with industry standards, regulatory requirements, and organizational security policies.
•Assess and ensure conformance to architectural standards, reduction of technical debt, and adaption of enterprise assets (systems, services and information) for key programs.
•Collaborate closely with development teams to provide guidance and support in addressing security vulnerabilities discovered during design reviews, code reviews, and testing phases.
•Develop and maintain secure reference architectures that serve as blueprints for designing and implementing secure systems and applications, tailored to the specific needs and technologies used within the organization.
•Work closely with cross-functional teams, including development, infrastructure, and compliance, to integrate security into the software development lifecycle and infrastructure provisioning processes.
•Provide expertise and guidance on security-related matters, including encryption, authentication, access control, and secure communication protocols.
•Stay abreast of industry trends, emerging threats, and best practices in security architecture and design, and assess their applicability to the organization's security posture.
•Performs other duties and responsibilities as assigned.
•May work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.
Qualifications:
Experience and Education:
•Minimum of a Bachelor's degree in Computer Science, MIS or related degree and five (5) years of related experience or a combination of education, training and experience as approved by Human Resources.
•Highly prefer 7+ years of experience in a security engineer, architect or similar role, with a focus on threat modeling, secure design reviews, and vulnerability management.
•Strong understanding of web application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10).
•Proficiency in designing and implementing secure architectures for on-prem and cloud environments (e.g., AWS, Azure).
•Passion for safeguarding organizations against an ever-changing adversary
•Deep understanding of authentication, and authorization, including multi-factor, step-up, and single sign-on. Password-less is desired, but not required.
•Strong understanding of encryption, specifically certificate and token-based cryptology.
•Understanding of network protocols and topologie
•Experience with defense-in-depth strategies, understanding of incident response
•Excellent communication skills with the ability to communicate across a broad spectrum of technical and business constituents.
•Financial services experience desired, but not required, however ability to gain necessary relevant business acumen
Licenses/Certifications :
•Azure, AWS Certified Solutions Architect or similar preferred
Job Summary:
The Raymond James Enterprise Application Security Architecture team is looking for a Security Architect to join our dynamic team and drive our organization's security initiatives forward. The ideal candidate will have a strong background in threat modeling, secure design reviews, and hands-on experience in assisting developers with remediation of vulnerabilities in their code. Additionally, this role will involve the creation of secure reference architectures tailored to our organization's needs, drawing from past design reviews and industry best practices.
Essential Duties and Responsibilities:
•Conduct secure design reviews and threat modeling exercises for new projects, features, and architectural changes, ensuring alignment with industry standards, regulatory requirements, and organizational security policies.
•Assess and ensure conformance to architectural standards, reduction of technical debt, and adaption of enterprise assets (systems, services and information) for key programs.
•Collaborate closely with development teams to provide guidance and support in addressing security vulnerabilities discovered during design reviews, code reviews, and testing phases.
•Develop and maintain secure reference architectures that serve as blueprints for designing and implementing secure systems and applications, tailored to the specific needs and technologies used within the organization.
•Work closely with cross-functional teams, including development, infrastructure, and compliance, to integrate security into the software development lifecycle and infrastructure provisioning processes.
•Provide expertise and guidance on security-related matters, including encryption, authentication, access control, and secure communication protocols.
•Stay abreast of industry trends, emerging threats, and best practices in security architecture and design, and assess their applicability to the organization's security posture.
•Performs other duties and responsibilities as assigned.
•May work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.
Qualifications:
Experience and Education:
•Minimum of a Bachelor's degree in Computer Science, MIS or related degree and five (5) years of related experience or a combination of education, training and experience as approved by Human Resources.
•Highly prefer 7+ years of experience in a security engineer, architect or similar role, with a focus on threat modeling, secure design reviews, and vulnerability management.
•Strong understanding of web application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10).
•Proficiency in designing and implementing secure architectures for on-prem and cloud environments (e.g., AWS, Azure).
•Passion for safeguarding organizations against an ever-changing adversary
•Deep understanding of authentication, and authorization, including multi-factor, step-up, and single sign-on. Password-less is desired, but not required.
•Strong understanding of encryption, specifically certificate and token-based cryptology.
•Understanding of network protocols and topologie
•Experience with defense-in-depth strategies, understanding of incident response
•Excellent communication skills with the ability to communicate across a broad spectrum of technical and business constituents.
•Financial services experience desired, but not required, however ability to gain necessary relevant business acumen
Licenses/Certifications :
•Azure, AWS Certified Solutions Architect or similar preferred