Cloud Cybersecurity Solution Principal Architect

The position is described below. If you want to apply, click the Apply Now button at the top or bottom of this page. After you click Apply Now and complete your application, you'll be invited to create a profile, which will let you see your application status and any communications. If you already have a profile with us, you can log in to check status.

Need Help?

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency:  English (Required)

Work Shift:

1st shift (United States of America)

Please review the following job description:

Cyber Security Solution Architecture team is seeking an enthusiastic Cloud Cyber Solution Architect that has a passion for their internal clients and helping them win by building best in breed digital and cloud solutions for the Bank.  

This role will have both an internal and external focus. Meaning this individual will partner closely with the teams responsible for developing next generation digital banking solutions, with particular focus on secure enablement of external client access and experience.  

The individual who occupies this role must have deep expertise, and real world experiences in designing and implementing external client facing digital application security solutions for IaaS, PaaS, and SaaS Cloud environments across Application Security, Cryptography, and Identity and Access Management, Logging and Monitoring, and Governance domains of cyber security. This includes identity, access, authentication, authorization, business to business (b2b), business to consumer (b2e) and business to employee (b2e) concepts and constructs.

Successful Architects in this role must be prepared to embrace change and relentlessly pursue an intentional high bar for excellence in security practices and principles. They must support our internal clients’ needs to converge the heritage ecosystems and design new solutions where a previous capability does not exist. They must also iteratively improve upon the cyber solutions to meet the evolving threat landscape.

This is a strategic target and solutions cloud architecture role that will derive security specifications from business requirements, and design security solutions that support core organizational functions, and assure their confidentiality, integrity and high availability.

The Cloud Cybersecurity Solution Principal Architect works to gain organizational commitment for cloud security, which includes, but not limit to infrastructure, digital application integration, migration and software plans, as well as assist to evaluate and select cloud security technologies required to complete those plans.

You will provide integrated cloud security related technical expertise across the organization, from conceptualization and project planning to the post-implementation support level. Principally works, under limited supervision, with Corporate Information Security (CIS) personnel, Line of Business (LOB) personnel, external vendors, and internal IT Services personnel including Enterprise Architects, Application & Data Services personnel and other IT Operations Services teams.

You will develop security specifications, requirements and architecture artifacts in compliance with corporate standards, laws and regulations for architecture adherence and performance guidelines.

Specific solution expertise is desired in the following areas:

• Digital Commerce, Digital Banking and Financial Systems application architecture

• Large data management architecture and integrations

• Attack protection and mitigation technologies – DDoS, WAF, Bot, etc.

• AWS Cloud - application migration, fit for purpose, etc.

• Multifactor authentication, Risk Based Authentication

• oAuth flows and implementations, JWE token specifications  

• Application authentication, authorization and entitlement models and implementations

• Application Security – OWASP control and evaluation criteria

• Detailed understanding of industry standards such as PCI, FFICE, CSA, etc.

• Intelligent Robotic Process Automation

• Cryptographic technology – Transit encryption, storage encryption, Hash, KMS, Digital Signature, etc.

• Federated Identity Management / Identity Providers / Single Sign On (SSO)

• Client authentication approaches for “anti-bot” technologies, signaling, and fraud prevention.

Ideal candidate will also have experience in the following areas –

• Containerization, Micro-services, API, CI/CD

• Client facing digital application architecture and implementations 

• Content Delivery technologies

• CRM Technology – Eloqua, Oracle, Acoustic

• Adobe Experience Platform

• Mobile Application Development

• Fintech integration

Duties include:

• Architecting effective and efficient fit for purpose solutions that meet the Bank’s needs and requirements.

• Applies in-depth and specialized expertise in Digital Banking and Client Experiences technologies and significant breadth of experience across cyber / information security.

• Serve as Cyber Security and Cloud Security Subject Matter Expert participating in segment solution review processes.

• May be called upon to contribute to refinement of scope and business cases.

• May be called upon to contribute to Cloud target architecture and patterns.

• Proactively Participates in the gathering and development of requirements by coaching stakeholders and decomposing business requirements into technical and system requirements.

• Interrupt requirements to determine the best solutions and approaches.

• Creates architectures and operational documentation with support of engineering and operations staff.

• Proactively engage, Advise, consult, lead, guide and mentor project teams, engineers, analysts, and support staff in the delivery of solutions both On-prem and in the Cloud.

• Participate in agile planning processes and delivery methodologies.

• Build relationships with internal clients and teams.

Required Qualifications:

The requirements listed below are representative of the knowledge, skill and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Bachelor’s degree in Business, Management, MIS-related field, or equivalent education and related training.

• Twelve years of progressively responsible leadership experience in Information/Cyber Security

• Comprehensive experience in network security architecture, including design tools, methods, and techniques and the application of Defense-in-Depth principles; knowledge of network design processes, including understanding of security objectives, operational objectives and tradeoffs

• Thorough knowledge of The Open Group Architecture Framework (TOGAF), including infrastructure, data, information security, applications, architectural concepts, and associated disciplines

• Knowledge of:

  • Mainframe security, including access control, monitoring, integration with non-mainframe technologies, and virtualization.

  • Authentication and authorization technologies including remote access.

  • Application security and the security development lifecycle and ability to apply to client-server and web-based application development environments.

  • Enterprise databases and database security, including database activity monitoring and database access control technologies.

  • Encryption methods and technologies for data-in-transit and data-at-rest scenarios.

  • Incident response processes.

  • Denial of Service prevention mechanisms.

  • Firewall technologies and intrusion prevention methods.

  • Cloud technologies and hosting.

  • Operating system hardening.

  • Virtualization technologies.

  • Mobile technologies.

  • Encryption and key management technologies.

  • Endpoint Protection (includes malware);

  • Data Loss Protection technologies

• Experience with peripheral component interconnect and other security audit processes, evidence gathering, and development/management of remediation plans used in resolution of finding

Preferred Qualifications:

• Certification: CISSP, ISSAP, CCSP, AWS/Azure/GCP certification, SANS or TOGAF certifications

• Experience with Agile Scrum (Daily Standup, Sprint Planning and Sprint Retrospective meetings)

• Mergers and acquisitions experience.

• Consulting or professional services backgrounds are a plus.

• Financial services industry experience is a major plus.

• Masters degree in: Computer Science, Information Systems, Security, or other closely related field.

Other Job Requirements / Working Conditions

Sitting

Constantly (More than 50% of the time)

Visual / Audio / Speaking

Able to access and interpret client information received from the computer and able to hear and speak with individuals in person and on the phone.

Manual Dexterity / Keyboarding

Able to work standard office equipment, including PC keyboard and mouse, copy/fax machines, and printers.

Availability

Able to work all hours scheduled, including overtime as directed by manager/supervisor and required by business need.

Travel

Minimal and up to 10%

General Description of Available Benefits for Eligible Employees of Truist Financial Corporation: All regular teammates (not temporary or contingent workers) working 20 hours or more per week are eligible for benefits, though eligibility for specific benefits may be determined by the division of Truist offering the position. Truist offers medical, dental, vision, life insurance, disability, accidental death and dismemberment, tax-preferred savings accounts, and a 401k plan to teammates. Teammates also receive no less than 10 days of vacation (prorated based on date of hire and by full-time or part-time status) during their first year of employment, along with 10 sick days (also prorated), and paid holidays. For more details on Truist’s generous benefit plans, please visit our Benefits site. Depending on the position and division, this job may also be eligible for Truist’s defined benefit pension plan, restricted stock units, and/or a deferred compensation plan. As you advance through the hiring process, you will also learn more about the specific benefits available for any non-temporary position for which you apply, based on full-time or part-time status, position, and division of work.

Truist is an Equal Opportunity Employer that does not discriminate on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status, or other classification protected by law. Truist is a Drug Free Workplace.

EEO is the Law   Pay Transparency Nondiscrimination Provision   E-Verify