IT Security Architect Consultant (Microservices, API Security)

Are you curious, motivated, and forward-thinking? At FIS, you’ll have the opportunity to work on some of the most challenging and relevant issues in financial services and technology. Our talented people empower us, and we believe in being part of a team that is open, collaborative, entrepreneurial, passionate and above all fun.

About the team

At FIS, we are looking for a Senior Security Architect to be a key player in our Security Department. This role requires an experienced professional with a strong application security background, specializing in Microservices, API Security and IAM in microservices communication to drive security best practices across our application ecosystem. This role is instrumental in ensuring that our microservices and APIs are secure from the ground up.

What you will be doing :

• Lead security initiatives during the modernization of the application from a monolithic to a microservices architecture.
• Define and implement security best practices tailored for microservices and API-driven applications.
• Conduct threat modeling, security design reviews, and risk assessments for applications and APIs.
• Collaborate with software engineering teams to remediate vulnerabilities identified through SAST, DAST, and SCA findings and oversee the container vulnerability management process.
• Define security controls for containerized applications, and API gateways.
• Securely configure and manage API Gateways to enforce security policies, manage access control, and protect microservices from external threats.
• Embed security into CI/CD pipelines and automate security testing across the SDLC.
• Oversee implementation of OAuth, OpenID Connect, and other identity protocols in microservices communication to ensure secure and scalable access control.
• Design, implement, and enforce Zero Trust security models for microservices communication, ensuring that every request is authenticated, authorized, and encrypted, regardless of the source.
• Serve as a security champion, advocating for secure coding practices and security-conscious development.
• Identify security gaps within the architecture and recommend and implement secure solutions.

What you bring:

• 7+ years of experience in Application Security, with a minimum of 3 years focused on Microservices and API Security.
• Strong understanding of modern application development using Python, Java, or JavaScript.
• Expertise in interpreting and remediating vulnerabilities in complex application environments.
• Experience with threat modeling and conducting application security scans (SAST, SCA, DAST).
• Experience in configuring and securing API Gateways (such as Kong, AWS API Gateway, Apigee, or similar) to enforce security controls, manage access, and monitor API traffic.
• Solid understanding and hands-on experience with OAuth 2.0, OpenID Connect (OIDC), and other authentication and authorization protocols in microservices environments.
• Strong understanding of IAM principles and how they apply to microservices communication.
• Strong understanding of Zero Trust principles and hands-on experience applying them to microservices architectures.
• Familiarity with OWASP Top 10 and other relevant security frameworks and standards.
• Excellent communication skills, with the ability to collaborate effectively with cross-functional teams.
• A proactive mindset with the ability to work independently and lead initiatives.

What we offer you:

• A multifaceted job with a high degree of responsibility and a broad spectrum of opportunities
• A broad range of professional education and personal development possibilities – FIS is your final career step!
• A competitive salary and benefits
• A variety of career development tools, resources and opportunities

Privacy Statement

FIS is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how FIS protects personal information online, please see the Online Privacy Notice.

Sourcing Model

Recruitment at FIS works primarily on a direct sourcing model; a relatively small portion of our hiring is through recruitment agencies. FIS does not accept resumes from recruitment agencies which are not on the preferred supplier list and is not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company.

#pridepass