Lead Information Security Architectrole

Fannie Mae
Plano, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote
Plano, United States of America

Tech stack

Kubernetes Security
Microsoft Active Directory
API
Artificial Intelligence
Amazon Web Services (AWS)
Data analysis
JIRA
Audit Trail
User Authentication
Business Process Management
Cloud Computing
Cloud Computing Security
Cloud Engineering
Configuration Management
Computer Security
Computer Networks
Information Leak Prevention
Data Transformation
Data Migration
Data Mining
Relational Databases
Disaster Recovery
Amazon DynamoDB
Identity and Access Management
Information Systems Security Architecture Professional
PostgreSQL
MySQL
Network Architecture
NoSQL
OAuth
OpenID
Open Web Application Security
Role-Based Access Control
Zero Trust Network Access
Sherwood Applied Business Security Architecture
Information Technology Security Auditing
Security Software
Security Information and Event Management
Systems Architecture
Systems Integration
Enterprise Data Management
Data Logging
Data Classification
Cyberark
Amazon Web Services (AWS)
Software Security
Cloudformation
Togaf
Amazon Web Services (AWS)
Data Lake
Information Technology
Data Analytics
Amazon Web Services (AWS)
Opsworks
Cloudwatch
Api Gateway
Firewall Services Module
REST
Amazon Web Services (AWS)
Terraform
Devsecops
Serverless Computing
Microservices

Job description

As a valued colleague on our team, you will provide expert advice and lead your team in implementing the design of components of technological structures. In this role, you will lead a team in implementing solutions with a process-driven view, as well as schedule maintenance and/or updates to existing structures. THE IMPACT YOU WILL MAKE

The Lead Information Security Architectrole will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:

  • Expertise in defining and enforcing enterprise security guardrails for complex cloud-native architectures, including APIs, microservices, event-driven and streaming platforms, serverless workloads, and containerized applications within large enterprise environments.
  • Analyze AWS IAM and network policies to ensure they align with Zero Trust security principles and enforce least-privilege access.

Requirements

  • Deep understanding of Zero Trust Architecture and the ability to integrate identity-centric security, least privilege, segmentation, continuous verification, and defense-in-depth into solution architectures.
  • Expertise in securing enterprise data platforms, including data analytics, relational databases, NoSQL databases, data lakes, and data migration services (DMS), with a focus on data classification, encryption, access governance, and regulatory compliance.
  • Extensive experience applying industry security frameworks and regulatory standards, including NIST Cybersecurity Framework (CSF), NIST SP 800-53, NIST SP 800-207 (Zero Trust), FedRAMP, ISO 27001, OWASP ASVS/API Security Top 10 and SOX to enterprise solution architectures.
  • Strong understanding of secure application architecture, including RESTful APIs, API security, OAuth 2.0/OIDC, JWT, mTLS, secure service-to-service communication, and API gateway security.
  • Experience defining cloud adoption strategies, reference architectures, technology roadmaps, and proof-of-concept (PoC) initiatives for AWS-based enterprise platforms.
  • Strong knowledge of container and orchestration security, including Amazon ECS, Amazon EKS, AWS Fargate, Kubernetes security, workload identity, runtime protection, and container image security.
  • Expertise in securing AWS database services, including Amazon RDS (PostgreSQL, MySQL), Amazon Aurora, DynamoDB, and ElastiCache, with emphasis on encryption, network isolation, backup, and disaster recovery.
  • Proven ability to design secure, highly available, and resilient architectures, including multi-region deployments, disaster recovery, failover strategies, business continuity, and cyber resiliency.
  • Familiarity with DevSecOps practices and Infrastructure as Code (IaC) technologies such as Terraform, AWS CloudFormation, and automated security policy validation.
  • Experience establishing enterprise logging, monitoring, and security observability standards using Amazon CloudWatch, CloudTrail, AWS Config, Security Hub, GuardDuty, centralized logging platforms, and SIEM integrations.
  • Experience defining enterprise network segmentation, firewall policies, security groups, and access control strategies to support Zero Trust architecture.
  • Experience developing secure scalability and performance strategies while maintaining compliance with enterprise security, resiliency, and governance requirements., * 4 years of experience designing and implementing AWS-based solution architectures.
  • Hands-on expertise with AWS services including network architecture, IAM, KMS, serverless computing (Lambda), Container Services (ECS, EKS), Amazon RDS, and messaging services (SNS/SQS/Event Bridge).
  • Strong knowledge of cloud security principles and controls, including Identity and Access Management (IAM), security auditing, data encryption, data loss prevention (DLP), and Zero Trust architecture.
  • Solid understanding of industry-standard cybersecurity frameworks and best practices, including NIST Cybersecurity Framework (CSF) and related standards., * 12+ years of progressive experience in Information Security, including 6+ years specializing in cloud security, solution architecture, systems architecture, engineering, security analysis, and application security.
  • Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field
  • AWS certifications such as:
  • AWS Certified Solutions Architect - Professional
  • AWS Certified Security - Specialty
  • Other relevant AWS Professional or Specialty certifications
  • CISSP (Certified Information Systems Security Professional) or equivalent certification strongly preferred.
  • CCSP (Certified Cloud Security Professional)
  • SABSA, TOGAF, or equivalent enterprise architecture certification (preferred)

Cloud Security - Architecture - Lead Associate role, Active Directory (AD), Active Directory (AD), Amazon Web Services (AWS), Artificial Intelligence (AI), Atlassian JIRA, Authentication Management, Backup and Recovery (Software), Business Insight Skills, Business Process Management Skills, Cleaning and Transforming Data, Cloud Technology, Collaborating Cross-Functionally, Communicating in Technical Writing, Communicating Technical Information, Communication, Configuration Management (CM), Conflict Resolution, Coordination, Customer Relationship Management (CRM), CyberArk, Cybersecurity Analysis, Data Analysis, Data Analysis Interpretation, Database Management, Data Mining {+ 62 more}

Education: Bachelor's Level Degree (Required)

The future is what you make it to be. Discover compelling opportunities at Fanniemae.com/careers.

For most roles, employees are expected to work onsite on a regular basis at their designated office location. In-office work cadence is determined by your manager. Proximity within a reasonable commute to your designated office location is preferred unless the job is noted as open to remote.

Benefits & conditions

The hiring range for this role is set forth below. Final salaries will generally vary within that range based on factors that include but are not limited to, skill set, depth of experience, certifications, and other relevant qualifications. This position is eligible to participate in a Fannie Mae incentive program (subject to the terms of the program). As part of our comprehensive benefits package, Fannie Mae offers a broad range of Health, Life, Voluntary Lifestyle, and other benefits and perks that enhance an employee's physical, mental, emotional, and financial well-being. See more here.

Apply for this position