Truist API Security Architect in Glen Allen, Virginia
Req ID: R0026672
Specific information related to the position is outlined below. To apply, click on the button above. You will be required to create an account (or sign in with an existing account). Your account will provide you access to your application information.Need Help?
Should you have a disability and need assistance with the application process, please request a reasonable accommodation by emailing Accessibilityor by calling 877-891-2510. This email inbox is monitored for reasonable accommodation requests only. Any other correspondence will not receive a response.
Regular or Temporary: Regular Language Fluency: English (Required) Work Shift: 1st shift (United States of America)
Please review the following job description:
The API Security Architect will leverage broad and deep technical knowledge of the security practices in the areas of Application Programming Interfaces (APIs) and broader information security concepts to partner with Truist API stakeholder and subject matter experts to drive the creation of modern, scalable enterprise API security architecture and patterns. The successful candidate will mature Truist’s API security tools, policies and practices, integrating API security into Software Development Life Cycle (SDLC) practices, with an overall goal to drive innovation in the security and compliance of Truist’s API ecosystem.
Position location: Richmond, VA., Atlanta, GA. or Raleigh, NC. Duties Includes:
- Drive innovation in securing Truist’s Application Programming Interface (API) ecosystem, incorporating pragmatic security architecture solutions to meet business requirements that best balance business agility, operational costs, and security risk
- Become a trusted partner with enterprise API stakeholders
- Partner with stakeholders, Subject Matter Experts (SMEs), and Enterprise Architecture to design and deliver target API security architecture models and documentation, as well as reference implementations, in alignment with organizations policies, standards and procedures
- Evolve and mature Truist’s API security tools, policies, standards and practices
- Serve as an evangelist for secure API practices, communicating with individuals with individuals both at the technical and executive levels, and training internal resources as needed
- Engage business and technology stakeholders at all levels to gather long term goals and requirements
- Collaborate with internal customers, influencing and driving solutions towards API target security architecture
- Develop API security patterns so as to support our platform and software designs
- Build an executable API Security roadmap, aligning the roadmap to a Security Maturity Model, and driving the implementation of the milestones
- Integrate API security personnel, processes and technology at all stages of the Software Development Life Cycle (SDLC)
- Be a key member of the team driving the API Security Architecture for the enterprise
- Lead Truist’s API ecosystem towards industry leading practices around managing cyber risks and delivering API security
- Perform security assessments of API platforms, environments, vendor solutions, and individual API implementation based on industry frameworks and corporate standards
Contribute new intellectual capital to Truist through deep specialization in the API Security Architecture technical domain. Qualifications:
Bachelor’s degree and 7 years of experience in development or an equivalent combination of education and work experience. In-depth knowledge in information systems and ability to identify, apply, and implement best practices
- 3 years of cyber information security experience focused on API-related areas such as identity federation leveraging OAuth 2/Open ID Connect, API token/key management, data-in-transit encryption, API filtering/validation, and broader information security concepts such as segregation of duties and least privilege
- 2 years of experience architecting, engineering, and/or implementing highly performant, secure, and scalable enterprise grade APIs, delivering solutions, leveraging API tools, and deploying API vendor products
- 2 years of hands on API development experience
- 2 years of experience driving security architectures in a modern SDLC, DevOps environment, de-coupling applications and data using approaches such as micro-services, service mesh, and integrating DevSecOps into the SDLC
- 1 year of experience drafting and delivering enterprise policies, standards, and mature, repeatable processes and practices
- Excellent communication and persuasion skills (verbal and written), including presentations, discussions, and documentation (artifacts) that is targeted and can relate to the intended audience
- Understanding of multiple information technology disciplines/processes related to the position.
- Experience applying and utilizing enterprise architecture standards. Understanding of key business processes and competitive strategies related to the IT function
- Ability to plan, manage, and drive projects and architecture efforts
- Ability to solve complex problems by applying best practices
- Ability to provide direction and mentor less experienced teammates
Ability to interpret and convey complex, difficult, or sensitive information Preferred Qualifications:
2 years designing, implementing, and operating API management / security tools such as Mulesoft, Apigee, and/or DataPower
- Bachelor degree in Computer Science/Software Engineering or related field
- 2 years of experience architecting, engineering, and/or implementing solutions built in Cloud Service Provider (CSP) environments such as Amazon Web Services (AWS) and Microsoft Azure
- Broad range of cyber security experience in a variety of areas, such as Identity and Access Management, Data Protection, logging / monitoring, and network segmentation
- Broad range of Information Technology experience in a variety of areas, such as application development, systems management, database design, resiliency
- Public cloud vendor certifications (such as AWS Certified Solutions Architect or Microsoft Azure Architect Technologies)
- Experience with API and cyber security industry standard/guidelines such as OWASP API Security Top 10 guidelines, OpenAPI Specification, NIST 800-53 framework, and other Information Security tools/frameworks (such as National Vulnerability Database)
Truist supports a diverse workforce and is an Equal Opportunity Employer who does not discriminate against individuals on the basis of race, gender, color, religion, national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. Drug Free Workplace. Thank you for your interest in Truist! BB&T and SunTrust have come together in a transformational merger of equals to create Truist, the premier financial organization in the country. You may notice references to our legacy company names, BB&T and SunTrust, in places throughout this site. All such references should be understood to refer to Truist moving forward while we continue to transition to the Truist name. EEO is the Law Pay Transparency Nondiscrimination Provision E-Verify
Thank you for your interest in Truist! BB&T and SunTrust have come together in a transformational merger of equals to create Truist, the premier financial organization in the country. You may notice references to our legacy company names, BB&T and SunTrust, in places throughout this site. All such references should be understood to refer to Truist moving forward while we continue to transition to the Truist name.
© 2017 SunTrust Banks, Inc. All rights reserved.
SunTrust is federally registered service marks of SunTrust Banks, Inc.