Principal, Security Architect - Threat Modeling

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.

Summary:

Expert responsible for developing and administering solutions that meet system expectations relative to scalability, performance, fault tolerance, usability, and data integrity for the Information Security Operations and Architecture function. The Security Operations and Architecture function includes the Security Incident Response, Vulnerability Management, and Information Security Architecture teams. Collectively these teams are responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks and delivering solutions that meet end user expectations relative to performance, usability and security.

Description:

• Guides the development, specification and communication of application or infrastructure architectures used by multiple business or application systems.
• Provides extensive, in-depth, technical consultation to the clients, partners, and IT Management to develop plans and directions to assure the integration of corporate business area requirements.
• Acts as cybersecurity expert for cloud migration projects/programs
• Leads various Security initiatives
• Thoroughly understands decision process issues of technology choice, such as design, data security, client server communication, etc.
• Partner with Management in the building of new and on-going vendor relationships
• Evaluates and selects from existing and emerging technologies those options best fitting business/project needs
• Promotes sharing of expertise through consulting, presentations, and documentations, etc.
• Experienced, functional expert with technical and/or business knowledge and functional expertise
• Carries out complex initiatives involving multiple disciplines and/or ambiguous projects
• Displays a balanced, cross-functional perspective, liaising with the business to help improve efficiency, effectiveness, and productivity
• Strategic in developing, implementing, and administering programs within functional areas
• Provides guidance to team members, fostering an environment that encourages employee participation, teamwork, and communication

Qualifications

• Bachelor's degree in computer science or a related discipline and experience in information security, or an equivalent combination of education and work experience.
• Deep knowledge of application or infrastructure systems architecture, usually having experience with multiple system technologies.
• Excellent consultative and communication skills, and the ability to work effectively with client, partner, and IT management and staff.
• Five years of experience in the Information Security role. Three years of experience with cloud and/or technologies
• CISSP, CSSP, or Cloud security certification preferred
• Strong collaboration skills and a analytical ability

Requirements/Responsibilities -

• Good understanding of various cybersecurity frameworks, standards, and SSDLC
• In-depth knowledge related to threats modeling and relevant frameworks. Hands-on experience with threat modeling process and tools
• Design and implement security controls to protect against identified threats and vulnerabilities.
• Experience working with tools related to Threat hunting, data protection, Security Posture Management, and Attack surface management.
• Ability to establish security patterns related to cloud/ hybrid architecture and work with various tech teams to assist with the implementation as needed
• Knowledge related to WAF, App Proxy, and CDN
• Hands on experience with various operating systems including Windows, Linux, Unix, and MAC
• Experience working with Microsoft Azure/M365, AWS, hybrid, and multi-cloud systems.
• Hands on experience working with IPS/IDS, Network load balancer, firewalls, and networking technologies.
• Knowledge related AI/ML, DevSecOps, CI/CD Pipeline, IaC, and relevant tools
• Very good understanding of concepts related to docker, container, serverless computing, and Kubernetes.
• Experience working with teams that handle infrastructure components including Storage systems, directory services, and virtualization.
• Past experience in SAST, DAST, open source scanning and penetration testing is preferred.
  
  Past experience in software development in a mainstream language is preferred.
• Must be able to represent the team in technical discussions and drive towards deliverables with minimal guidance

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We'd love to learn more about how your interests and experience could be a fit with one of the world's most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at .

We hope you're excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.