Depository Trust Clearing Corporation - Tampa, FL
posted about 2 months ago
Full-time - Principal
Tampa, FL
Credit Intermediation and Related Activities
About the position
The Principal Security Architect at DTCC will play a crucial role in shaping the organization's Identity Access Management (IAM) strategy and security architecture. This position focuses on enhancing existing IAM controls, designing innovative security architectures, and fostering a Security-First culture within the company. The architect will collaborate with IT teams to implement federated access and single sign-on solutions, while also mentoring junior engineers and contributing to the overall cybersecurity landscape of DTCC.
Responsibilities
- Drive the Identity & Access Management and secrets management architecture roadmap and share with AES collaborators.
- Participate in discovery workshops to understand client's & Workforce IAM and security needs and provide standard process recommendations to meet IAM use cases.
- Develop design and architectural diagrams that clearly communicate the proposed solution and flows.
- Actively participate in multi-functional team meetings, developing project plans, implementation, testing, pre/post release activities, risk management, and issue management.
- Architect solutions applying Ping Identity Products, PlainID, and/or similar IAM products, such as IGA tools, Virtual Directory, PAM, and Secret Management solutions.
- Create IT security standards easily consumed by collaborators.
- Evaluate existing application security controls (on-premise and cloud), identify improvements, and build plans into the application security capability roadmap for implementation.
- Build access management security patterns and designs as part of initiatives to modernize the DTCC access management security posture.
- Mentor junior security engineers and architects to improve their cybersecurity and architecture skills.
- Maintain professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks.
- Create white papers and present in industry conferences to display thought leadership in the security field.
- Align risk and control processes into day-to-day responsibilities to supervise and mitigate risk.
Requirements
- Min 8-10 years of related experience.
- Bachelor's degree preferred and/or related experience.
- Strong cybersecurity experience in architecting implementations using Ping Identity products (especially PingFed, PingOne, PingID, and PingAuthorize).
- Experience with most standard IAM security protocols (e.g., OAuth, OIDC, RACF, SAML, LDAP, ID Federation, SSO, MFA, UEBA).
- Experience architecting solutions using products like API Gateway, IGA, and Virtual Directory.
- Strong experience in identifying access management control gaps.
- Experience with Information Security frameworks (e.g., ISO 27001, CIS, MITRE ATT&K, and NIST) & security architecture frameworks.
- Experience architecting automated data center processes, including provisioning, application, and patch management, monitoring and alerting, capacity monitoring and planning.
- Experience in OS security (Windows, Linux), Network security (Firewall, Proxy, WAF), and RDMS is preferred.
- Strong communication skills with the ability to present in front of a large audience.
Benefits
- Competitive compensation, including base pay and annual incentive.
- Comprehensive health and life insurance and well-being benefits, based on location.
- Pension / Retirement benefits.
- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
- Flexible/hybrid model of 3 days onsite and 2 days remote.
