Director, Secure Design Review (Cybersecurity)

Job Description:

The Secure Design Review (SDR) team is a new team that is being built with Leadership support as part of the Application & Infrastructure Security Product Area of Enterprise Cybersecurity (ECS). We work closely with ECS teams including Penetration Testing and Red Team, Fidelity Architecture Engineering (FAE) teams, developers, and architects across Fidelity.

The mission of the Secure Design Review (SDR) team is to protect Fidelity's assets and our customers' livelihoods from the threat of exploitation by malicious adversaries. The SDR team does this by proactively helping developers and architects across Fidelity to identify architectural flaws and potential vulnerabilities in our technology systems, and by serving as subject matter experts to enable the business units to mitigate them in a positive, collaborative, innovative manner. The team does this by performing secure design review assessments of applications, infrastructure, and technology solutions.

• We aspire to be a best-in-class SDR team, with fully engaged, passionate members.
• Producing high-quality work in a consistent, effective, efficient, customer-oriented manner.
• Providing competitive advantage to the firm and serving as a differentiator in the marketplace.
• Serving as a role model for others across the Enterprise and wider industry.
• Driving advancement and research in the secure design review cybersecurity space.

• 10+ years of IT experience.
• Bachelor's degree in Computer Science, Information Systems, or equivalent work experience.
• 5+ years hands-on experience working within the cybersecurity domain.
• Experience assessing network, application, and infrastructure architecture (both cloud and on prem) and delivering the results and recommended mitigations.
• Experience with industry standard threat modeling and applying the standards to existing or new designs (e.g. STRIDE, PASTA, etc.).
• Expert level technical knowledge of application and network security vulnerabilities and best practices including OWASP Top 10 vulnerabilities and MITRE Tactics, Techniques and Procedures (TTPs)
• Knowledge of security industry best practices including encryption, SCIM, Oauth, OIDC, FIDO etc.
• Preferred: Experience using a threat modeling tool (eg IriusRisk etc.)
• Preferred: Hands-on experience with Security architecture, Penetration testing, Secure Code Review, Vulnerability Analysis, Red Team.
• Preferred: Relevant certifications such as CISSP, CISA, CCSP, OSCP, OSCE, GPEN, GXPN, or other industry recognized security certification
• Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues.
• Experience with fostering an environment of continuous improvement across the organization.
• Effective at communication with associates across the organization to positively influence partners and key technology decision makers.
• You will join a highly skilled and new team of subject matter experts to enable Fidelity's developers and architects build secure technology solutions.
• Lead secure design review assessment efforts of Fidelity's technology solutions, including web applications, mobile applications, infrastructures, and standardized architectural solutions.
• You will research and understand the technologies in use by Fidelity. You will also replicate the actual techniques and tools used by malicious attackers to model potential external threats.
• Upon completion of the assessment, you will prepare reports and present the results to application owners, developers, architects, and business unit information security teams.
• Document the results in the system of record and explain the results to both technical and non-technical audiences.
• Perform analysis of aggregated results, draw conclusions, and define both tactical and strategic recommendations.
• Consult with the remediation and enforcement teams to ensure the potential weaknesses are addressed.