Security Architect - Web Security

BNY Mellon is an investments company. We provide investment management, investment services and wealth management that help institutions and individuals succeed in markets all over the world.

BNY Mellon’s Innovation Center Silicon Valley (ICSV) seeks an experienced security architect to join our quickly growing team. BNY Mellon is the world’s leading provider of financial services technology, delivered from BXP, BNY Mellon private cloud. The Principal Security Architect will develop and implement global security architecture solutions using formal risk management methodologies.

* Lead design, planning and implementation of risk mitigating security solutions * Identify inter-dependencies of the different technologies deployed within the BXP and the security relevance. * Work closely with development teams to guide security direction and solutions alignment with Industry best practices * Advise on data security issues, compliance, and privacy requirements including, but not limited to FEDRAMP, HIPAA, PCI, and EU Data Protection Directive. * Serve as a subject matter expert on Cloud security and associated compliance initiatives within the organization * Perform security design reviews to asses security implications for introduction of new or differing technologies within the environment * Research latest security best practices, staying current on new vulnerabilities and threats * Partnering with DevOps teams to ensure security is an integral part of all deployments. * Researching the latest security best practices, staying abreast of new threats and vulnerabilities and helping to disseminate this information within the company. * Be a public evangelist for cloud security best practices.

* General knowledge and understanding of security principles and protocols, security vulnerabilities (and mitigation techniques), security engineering, design and architecture * General knowledge and understanding of web protocols such as HTTP, SOAP and SSL/TLS * General knowledge and understanding of software design and architecture patterns * Exceptional experiences and implementation skills in Java, C# or JavaScript * Deep knowledge and understanding of the security aspects of HTML5, JavaScript and JSON/XML * Deep knowledge of the security/privacy design and architecture of various browsers such as IE, Firefox, Safari and Chrome * General understanding of the security design and architecture of operating systems such as iOS, Android, Windows 8 and Blackberry OS * Background in secure coding practices and code auditing a plus. * Familiarity with OWASP, NIST and other security standards and specifications * Experience with the assessment, implementation, management and documentation of a broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment * Experience integrating security in a fast paced Continuous Integration / Continuous Deployment environment * Vulnerability assessment and management experience around one or more is a plus: Federated identity and access (SAML, OpenID Connect, LDAP/AD), anomaly in distributed SaaS apps, hybrid cloud environments. * Solid understanding of operating systems (Windows/Linux/IOS/Android), application (different levels of the OSI model), network (TCP/ICP ports and services), and database architectures * Bachelor’s degree in Computer Science, or equivalent work experience