Truist Security Solutions Architect in Atlanta, Georgia
Req ID: R0026771
Specific information related to the position is outlined below. To apply, click on the button above. You will be required to create an account (or sign in with an existing account). Your account will provide you access to your application information.Need Help?
Should you have a disability and need assistance with the application process, please request a reasonable accommodation by emailing Accessibilityor by calling 877-891-2510. This email inbox is monitored for reasonable accommodation requests only. Any other correspondence will not receive a response.
Regular or Temporary: Regular Language Fluency: English (Required) Work Shift: 1st shift (United States of America)
Please review the following job description:
This is a strategic solution architecture role that supports Truist’s Merger of Equals efforts and bank ecosystem convergence. The role enables internal clients to execute on deliverables to create a best in class ecosystem to support the cyber needs of Truist from Security / Vulnerability Management focus. The role will focus on the application security controls required (e.g. web application firewalls, bot protection, code and system scanning, remediation. etc) to ensure the platforms Truist client’s and teammates use on a daily basis are effective and efficient at reducing risk to an acceptable level.
Truist is on an exciting journey to towards “Client Day One” were the two heritage banks (BB&T and SunTrust) appear to our clients as one entity. In doing so, the Cyber Security Solution Architecture team is seeking an enthusiastic Security Architect that will focus on the application security and vulnerability management security capabilities. This architect must have a passion for their internal clients and helping them win by building best in breed security solutions for the Bank. This role will focus on the security stack of code, application, system, etc vulnerability scanning and detection solutions and capabilities. The role will be critical in partnering with and advising the Vulnerability Management team on how to build and utilize the stack of tools across multiple data centers and cloud environments with a target of automation and integration across the tool set. The individual who occupies this role must have an expertise in the vulnerability detection capabilities (e.g. code scanning, application scanning, system scanning, API integration, automated remediation, etc). Successful Architects in this role must be prepared to embrace change and relentlessly pursue an intentional high bar for excellence in security practices and principles. They must support our internal clients’ needs to converge the heritage ecosystems and design new solutions where a previous capability does not exist. They must also iteratively improve upon the cyber solutions to meet the evolving threat landscape. Specific solution expertise is desired in the following areas:
- Dynamic application security testing (DAST)
- Static application security testing (SAST)
- Mobile application security testing
- Red team and penetration testing tool suites
- Outsource security testing
- API security testing
- Automated remediation
- Vulnerability correlations
- Anti-bot technologies
Web application security firewalls Secondary Experience in the following is also highly desired:
File integrity monitoring
- Demilitarized Zone (DMZ) Architecture
- Intrusion Prevention and Detection (IPS / IDS)
- Denial of Service Prevention (DoS, DDoS)
- Content Delivery Networks (CDN)
- Multi-data center network security architecture
Other Infrastructure Security capabilities Duties include:
Architects effective and efficient fit for purpose solutions that meet the Bank’s needs and requirements
- Apply in-depth and specialized expertise in endpoint and infrastructure security and significant breadth of experience across cyber / information security.
- May be called upon to contribute to scope and business cases
- Participates in the gathering and development of requirements by coaching stakeholders and decomposing business requirements into technical and system requirements
- Interrupt requirements to determine the best solutions and approaches
- Creates architectures and operational documentation with support of engineering and operations staff
- Participate in the overall endpoint and infrastructuresecurity ecosystem convergence activities for Truist from the heritage Banks
- Advise, consult, lead, guide and mentor project teams, engineers, analysts, and support staff in the delivery of solutions
- Participate in the agile planning processes and delivery methodologies
- Build relationships with internal clients
- Conducts threat modeling and security gap assessment exercises in concert with other teams
- Create reusable patterns for reoccurring cyber challenges
- Contributes to the creation of policy, standards, Minimum Security Baselines (MSBs), procedures and guidelines
- Bring visibility to and escalates security risks, as well as, technical, execution, deployment or other risks as applicable
- Lead Proof of Concept/Value Exit Read outs by communicating results and recommendations to stakeholders
- Conducts post-mortem reviews of projects / products to measure design versus implementation differentials
- Contribute to the Truist Cyber Architecture Practice by supporting Cyber Enterprise Architecture objectives Required Qualifications:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- 10 year of information / cyber security experience with significant focus on security architecture, design, engineering and delivery.
- Expertise and significant experience developing and deploying endpoint and infrastructure security solutions in large scale environments.
- Comprehensive experience in secure design principles, threat modeling, defense-in-depth, design tools, methods and techniques. security architecture
- Must be extremely detail oriented in created in design and design documentation
- The candidate must be a highly experienced subject matter expert within vulnerability management architecture. Candidate must be able to speak to other domains of cyber / information security but must have expertise in vulnerability management.
- Understanding of Security foundations and Standards such as hardening, least privilege, attack surface reduction, NIST SP800-series, NIST Cybersecurity Framework, FIPS 140-2, Common Criteria, FISMA/FedRAMP, ISO 27000, PCI-DSS, CIS Benchmarks, and similar.
Works independently, with guidance in only the most complex and unusual situations. Preferred Qualifications:
Certification: CISSP-ISSAP, AWS, SANS or TOGAF certifications
- Experience with Agile Scrum (Daily Standup, Sprint Planning and Sprint Retrospective meetings)
- Mergers and acquisitions experience.
- Data center consolidation experience
- Consulting or professional services backgrounds are a plus.
- Financial services industry experience is a major plus.
- Masters degree in: Computer Science, Information Systems, Security, or other closely related field.
Truist supports a diverse workforce and is an Equal Opportunity Employer who does not discriminate against individuals on the basis of race, gender, color, religion, national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. Drug Free Workplace. Thank you for your interest in Truist! BB&T and SunTrust have come together in a transformational merger of equals to create Truist, the premier financial organization in the country. You may notice references to our legacy company names, BB&T and SunTrust, in places throughout this site. All such references should be understood to refer to Truist moving forward while we continue to transition to the Truist name. EEO is the Law Pay Transparency Nondiscrimination Provision E-Verify
Thank you for your interest in Truist! BB&T and SunTrust have come together in a transformational merger of equals to create Truist, the premier financial organization in the country. You may notice references to our legacy company names, BB&T and SunTrust, in places throughout this site. All such references should be understood to refer to Truist moving forward while we continue to transition to the Truist name.
© 2017 SunTrust Banks, Inc. All rights reserved.
SunTrust is federally registered service marks of SunTrust Banks, Inc.