Information Security Architect

Posted 14 Hours Ago
Be an Early Applicant
Hirtsilya
Senior level
Fintech • Financial Services
The Role
The Information Security Architect will design security solutions, guide product security enhancements, work with IT on infrastructure and cloud security, research new security controls, and ensure compliance with regulatory requirements.
Summary Generated by Built In
Overview

Shift4 (NYSE: FOUR) is boldly redefining commerce by simplifying complex payments ecosystems across the world. As the leader in commerce-enabling technology, Shift4 powers billions of transactions annually for hundreds of thousands of businesses in virtually every industry. For more information, visit www.shift4.com.

As part of our continued growth, we're looking for an Information Security Architect.

Key Roles and Responsibilities:

  • Play key role in product & system design, reviews and solution architecture, and provide security guidelines, all in a highly regulated ecosystem.
  • Control and manage mitigation plan implementation as part of the above security guidelines
  • Identify, research, explore, and lead the evaluation and implementation of new security controls for the required business projects
  • Work closely with the product team to enhance Finaro’s product security
  • Work with IT teams on new innovative infrastructure projects, including VM environments, network infrastructure, storage systems, DB platforms, and cloud environments, and provide security guidance for all related fields and layers respectively
  • Work with R&D teams to enhance application security within Finaro software

Technical Skills for Shift4EU Security Architect:

  1. Understanding of API Protocols and Standards: REST (Representational State Transfer): Deep knowledge of RESTful APIs and how to secure them. (O) SOAP (Simple Object Access Protocol): Understanding SOAP APIs and their security requirements.
  2. Authentication and Authorization- OAuth 2.0 and OpenID Connect: Implementing and securing APIs with OAuth 2.0 and OpenID Connect for secure access and identity management. JWT (JSON Web Tokens): Using JWT for secure token-based authentication and authorization.
  3. API Key Management: Best practices for managing and securing API keys.
  4. Encryption and Data Protection.
  5. Transport Layer Security (TLS): Ensuring secure communication using TLS to protect data in transit.
  6. Encryption Standards: Knowledge of encryption techniques to protect sensitive data in API requests and responses.
  7. WAF & API Gateway and Management.
  8. WAF Solutions: Experience with F5, Cloudflare, and Akamai for security policy enforcement.
  9. API Gateway Solutions: Experience with API gateway platforms like Kong, Apigee, AWS API Gateway, or Azure API Management for centralized API management and security enforcement. (O) Rate Limiting and Throttling: Implementing rate limiting and throttling to prevent abuse and ensure fair usage.
  10. Security Testing and Vulnerability Assessment.
  11. Access Control and Secure Coding Practices.
  12. Monitoring and Logging: API Monitoring: Setting up monitoring to track API usage and detect anomalies or potential security incidents. Logging Best Practices: Implementing logging best practices to ensure that API activities are properly recorded for audit and forensic analysis.
  13. Integration with DevSecOps: CI/CD Pipelines.
  14. Knowledge of Compliance and Regulatory Requirements: (O) Data Privacy Laws: Understanding relevant data privacy laws and regulations such as GDPR, CCPA, HIPAA, and their implications for API security. (O) Industry Standards: Familiarity with industry standards and frameworks like NIST, ISO 27001, and their application to API security.

Requirements:

  • Experience as an information security architect in a financial company
  • At least 3-5 years in Information Security roles
  • Experience in leading Information Security projects from initiation to delivery, including RFI/RFP phases, SOW definition, plan, integration, and full delivery
  • Experience with OS security, mainly Linux
  • Experience with information security systems including Network firewalls, IDS/IPS, WAF, Multi-Factor Authentication platforms, VPN systems, Central anti-virus systems, etc.
  • Experience with cloud infrastructure/cloud security (mainly AWS)
  • Experience with open-source tools and platforms
  • Excellent English (both speaking and writing)

Advantages:

  • Required: CCNA, advantage: CISSP and/or CSSLP certification
  • Experience with web & application security, familiar with OWASP frameworks, solutions and initiatives
  • Experience with database security, mainly Oracle, MySql, and PostgreSQL
  • Experience with security projects such as Static Code Analysis, DB Firewall, and CASB implementations
  • Experience with offensive security and penetration testing tools



We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.


Top Skills

Jwt
Oauth 2.0
Openid Connect
Rest
Soap
The Company
HQ: Pennsylvania, NY
835 Employees
On-site Workplace
Year Founded: 1999

What We Do

Shift4 (NYSE: FOUR) is boldly redefining commerce by simplifying complex payments ecosystems across the world. As the leader in commerce-enabling technology, Shift4 powers billions of transactions annually for hundreds of thousands of businesses in virtually every industry.

Jobs at Similar Companies

MassMutual India Logo MassMutual India

SAP Developer

Big Data • Fintech • Information Technology • Insurance • Financial Services
Hyderabad, Telangana, IND

Energy CX Logo Energy CX

Strategic Account Executive

Greentech • Professional Services • Business Intelligence • Consulting • Energy • Financial Services • Utilities
Easy Apply
Chicago, IL, USA
55 Employees

Similar Companies Hiring

Bectran, Inc Thumbnail
Software • Machine Learning • Information Technology • Fintech • Automation • Artificial Intelligence
Schaumburg, IL
51 Employees
Energy CX Thumbnail
Utilities • Professional Services • Greentech • Financial Services • Energy • Consulting • Business Intelligence
Chicago, IL
55 Employees
MassMutual India Thumbnail
Insurance • Information Technology • Fintech • Financial Services • Big Data
Hyderabad, Telangana

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account