Cybersecurity Architect - Mobile And Web App Security
- Full-Time
- West Valley City, UT
- Zions Bancorporation
- Posted 3 years ago – Accepting applications
Job Description
Zions Bancorporation’s Enterprise Technology and Operations (ETO) team is transforming what it means to work for a financial institution. We operate in a fast-paced, information-driven environment, which means we need people who bring diverse experiences, perspectives, and expertise to meet the ever-changing demands of a technology-driven world. We are grounded in the belief that “improving the work is the work” as we drive to create simple, easy, and fast solutions for our customers. Your ability to adapt, learn, and innovate helps increase revenue, reduce operational costs, and mitigates risk.
ETO provides opportunities for you to own your career growth through Diversity, Equity, and Inclusion, Women in Technology, and Workforce of the Future initiatives that allow you to network across the organization, volunteer in our community, and build your technical and soft skills. Together we are building a culture that values diversity and creates a space of belonging for all our team members. We believe that investing in your success is an investment in our customers and our business. Our people are what sets us apart and make us great.
We are currently seeking a technical Cybersecurity Architect - Mobile and Web App Security t o join our cybersecurity architecture practice. In this role, you will focus on cybersecurity control design, technical standards, and consultative work to ensure the bank’s existing and planned cybersecurity control architecture effectively secures the bank while also enabling business growth. We are looking for experience designing technical cybersecurity controls and defining standards in key areas such as public cloud, data protection, identity, and application design. Strong communication skills and the ability to lead through influencing are also critical success factors for the role.
Responsibilities:
Oversee the enhancement and maintenance of the bank’s secure software delivery lifecycle, including all aspects of secure coding practices, integration of security principles and practices into DevOps/DevSecOps, etc.
Perform threat modeling, application vulnerability assessments, and security source code audits.
Develop mobile and web application patterns, techniques, and secure coding practices that developers can utilize for secure design.
Develop in-depth security architecture, design, and coding standards across infrastructure, application, and data
Develop security controls and processes for products developed and deployed in on-prem and cloud environments
Drive adoption of secure coding frameworks and tooling by the development teams
Partner with development teams, product owners, and organizational leadership to provide guidance, insight, and feedback on new security technologies
Review and approve secure application architectures and apply secure design principles
Analyze security threats and incidents for continuous architecture and controls improvements
Contribute to the development, adoption, and enforcement of application security standards, controls and policies for a variety of information systems based on industry best practices and guidelines (e.g., NIST CSF, CSA, CIS, OWASP)
Define and document requirements for secure operations across the entire delivery ecosystem: internal datacenter, secure perimeter, public cloud, software-as-a-service, vendor hosted, public and private endpoints, etc.
Recommend specific control sets to mitigate inherent risk identified through cybersecurity risk assessments.
Provide technical expertise to guide security risk assessments as needed.
Oversee the enhancement and maintenance of the bank’s secure software delivery lifecycle, including all aspects
Coordinate with Cyber Threat Intelligence and Cybersecurity Operations to ensure cybersecurity control design is richly informed by current threat intelligence and incident response
Prepare and present accurate and timely information in response to audits and regulatory exams; institute a proactive culture to align activities and measurement with internal policy and regulatory requirements
Apply to this Job
ETO provides opportunities for you to own your career growth through Diversity, Equity, and Inclusion, Women in Technology, and Workforce of the Future initiatives that allow you to network across the organization, volunteer in our community, and build your technical and soft skills. Together we are building a culture that values diversity and creates a space of belonging for all our team members. We believe that investing in your success is an investment in our customers and our business. Our people are what sets us apart and make us great.
We are currently seeking a technical Cybersecurity Architect - Mobile and Web App Security t o join our cybersecurity architecture practice. In this role, you will focus on cybersecurity control design, technical standards, and consultative work to ensure the bank’s existing and planned cybersecurity control architecture effectively secures the bank while also enabling business growth. We are looking for experience designing technical cybersecurity controls and defining standards in key areas such as public cloud, data protection, identity, and application design. Strong communication skills and the ability to lead through influencing are also critical success factors for the role.
Responsibilities:
Oversee the enhancement and maintenance of the bank’s secure software delivery lifecycle, including all aspects of secure coding practices, integration of security principles and practices into DevOps/DevSecOps, etc.
Perform threat modeling, application vulnerability assessments, and security source code audits.
Develop mobile and web application patterns, techniques, and secure coding practices that developers can utilize for secure design.
Develop in-depth security architecture, design, and coding standards across infrastructure, application, and data
Develop security controls and processes for products developed and deployed in on-prem and cloud environments
Drive adoption of secure coding frameworks and tooling by the development teams
Partner with development teams, product owners, and organizational leadership to provide guidance, insight, and feedback on new security technologies
Review and approve secure application architectures and apply secure design principles
Analyze security threats and incidents for continuous architecture and controls improvements
Contribute to the development, adoption, and enforcement of application security standards, controls and policies for a variety of information systems based on industry best practices and guidelines (e.g., NIST CSF, CSA, CIS, OWASP)
Define and document requirements for secure operations across the entire delivery ecosystem: internal datacenter, secure perimeter, public cloud, software-as-a-service, vendor hosted, public and private endpoints, etc.
Recommend specific control sets to mitigate inherent risk identified through cybersecurity risk assessments.
Provide technical expertise to guide security risk assessments as needed.
Oversee the enhancement and maintenance of the bank’s secure software delivery lifecycle, including all aspects
Coordinate with Cyber Threat Intelligence and Cybersecurity Operations to ensure cybersecurity control design is richly informed by current threat intelligence and incident response
Prepare and present accurate and timely information in response to audits and regulatory exams; institute a proactive culture to align activities and measurement with internal policy and regulatory requirements