Endpoint Security Principal Architect
*This role can be telecommute*
The Security Design & Innovation team handles the Firm’s security strategy and domain security architecture vision and development. We drive and synchronize security strategies aligned with technology and business priorities along with validating future directions through security research and innovation.
In this role the Endpoint Architect will have responsibility for identifying, defining, developing, leading security technology strategy across a broad portfolio of endpoint security and related technology systems, and the assessment of new and emerging endpoint and workplace productivity security technologies at the very large enterprise scale.
As a senior member of the team you will engage and partner with senior leaders across the organization leveraging your extensive background in (managing / delivering / implementing / architecting) endpoint security technology combined with expertise in organizational and cross-functional communication to develop endpoint security strategy, influence roadmaps, solution adoption, champion strategic opportunities / execution plans with the aim to improve security capabilities, reduce risk and position forward looking platform security enhancements
What you are good at
- Responsible for defining an architectural vision and architecture for large complex solutions, which aligns with the enterprise architecture strategy, technology and platform choices
- Describes the solution intent and the associated operating environment, determining the primary systems/subsystems and their interfaces, defining non-functional requirements and architectural runway to support new epics/features and expand into new opportunities
- Ensures the solution is fit for purpose and use by working with stakeholders, vendors/service providers, and evaluating the impact of strategic design decisions
- Contributes to best practices, standard templates, and the architecture roadmap for defined domains.
- Creates endpoint/host, workplace productivity security reference architecture and design patterns for reusability.
- Contributes in the creation of the architecture roadmap of defined domains (Business, Application, Data and Technology) in support of the product roadmap
- Contributes to the development of best practices including standardized templates
- Works across business and technology to create the solution intent and architectural vision for large complex solutions and evolves it based on an emerging backlog
- Works with Product Manager/Owner to plan and prioritize technology focused backlog items for the architecture runway to enable business epics/features and expand into new opportunities
- Clarifies the architecture for the development teams to support implementation, and provides solution options to resolve any architectural impediments
- Performs design and code reviews to ensure all non-functional requirements for a solution are sufficiently met (e.g. security, performance, maintainability, scalability, usability, and reliability)
- Develop security patterns, standards, and architectural decision records to ensure Schwab data at rest, in motion or in use is properly secured.
- Liaises with other security architects and security practitioners to share best practices and insights.
- The platform security architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers.
- Develop blueprints and procedures to effectively secure company data against accidental or unauthorized modification, destruction or disclosure.
- Create and define the security architectures and roadmaps encompassing cloud architecture, access management, and monitoring.
- Design and develop data security architectures for cloud and cloud/hybrid-based systems.
What you have
- Experience designing and implementing security services and tools applied to GCP, Azure and AWS
- Expertise with Data Loss Prevention and CASB strategies and solutions supporting security of critical SaaS solutions such as Office 365, etc.
- Demonstrates flexibility within a variety of changing situations, while working with individuals and groups.
- 4-year college/university degree required
- Minimum 10 + years of experience building and managing security infrastructure and solutions in the financial industries
- Strong ability to effectively communicate with and present to the senior leadership team
- Experience with assessment, development, implementation, integration, optimization, and documentation of a comprehensive and broad set of security technologies and processes in on premise, public and private cloud environments
- Experience with Hybrid cloud architectures and designs
- Must have experience with Internet Application Hosting architectures, best practices and related technologies to effectively protect externally facing applications
- Experience with DevSecOps process, Container technologies (Docker, Kubernetes), API Gateways, and other common web application technologies is preferred
- Strong knowledge of enterprise security concepts/frameworks and products, secure design principles and best practices
- NIST 800-53, CIS Benchmarks, ISO 27000 series, COBIT, etc.
- Good written and verbal communication skills a must.
- Must be able to quickly and succinctly design and create technical solution/process documentation
- Must be a self-starter, strong leader who is able to manage, develop and nurture a team of senior engineers and architects; work with limited supervision & be able to work well with others in a globally diverse IT environment
- Understanding of cryptography as it relates to application, network and cloud security
- CISSP, CCSP, TOGAF certification preferred. Other Information Security oriented certifications a plus
What’s in it for you
At Schwab, we’re committed to empowering our employees’ personal and professional success. Our flexible work options, supportive culture, and focus on your development means you’ll get the tools you need to make a positive difference in the finance industry.
We offer a competitive benefits package that takes care of the whole you – both today and in the future:
- Base salary + bonus opportunity (for eligible positions)
- 401(k) with company match and Employee stock purchase plan
- Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
- Paid parental leave and family building benefits
- Tuition reimbursement
- Health, dental, and vision insurance