The State Street Global Cybersecurity team is looking for a Product/Platform Jr. Security Architect. The Cybersecurity team delivers platforms, architecture, and tooling to help Cybersecurity teams make faster, more informed decisions as we work to secure State Street’s digital footprint. As a Product/Platform Jr. Security Architect on the Security Architecture Governance Engineering (SAGE) team, you will focus on supporting security risk assessment of in-house developed applications, cloud platforms, and vendor solutions. You will help define the reference architectures, security technical standards and enforce their adherence enterprise wide.

What you will be responsible for:

• Support comprehensive risk assessments, threat modelling, and vulnerability analysis to

identify potential security gaps and develop mitigation strategies.

• Perform Application Architecture security reviews, documenting risk assessment finding and proposing remediation.
• Help shift security left by having tollgates in place for security testing to be done early in SDLC (Software Development Lifecycle) and by ensuring security considerations are embedded in early architecture designs.
• Understanding of identity federation (SAML, OAuth, OpenID Connect, etc.)
• Designing and documenting reusable security reference architecture patterns.
• Support Development of Technical security standards, aligning and enforcing these across the organization.
• Work closely with IAM architects, Cloud Architects, Solution Architects, Security teams, and other stakeholders.
• Help harden the security control on cloud landing zone and cloud services.
• Participate in regular security audits and compliance activities.
• Review vendor product security, ensure a shared responsibly model is in place.
• Help guide teams through the security related governance processes.

What we value:

• Strong understanding of IAM technologies, ITDR, UEBA and behavior analytics platforms
• Hands-on experience in working with AD in both on-premises and hybrid environments, including Azure AD (Microsoft Entra ID).
• Good problem solving and analytical skills.
• Knowledge of diagnostic and support tools used in a support environment.
• Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment.
• Experience in security engineering, with a focus on hybrid and multi cloud solutions.
• Knowledge of scripting, automation and security analytics, and attack path analysis tools.
• Hands experience in designing and securing cloud-based solutions and cloud services.
• Certifications like Microsoft Certified: Azure Administrator Associate or AWS Certified Security - Specialty can be beneficial.
• Experience in design and documenting application solution architecture.

Education & Preferred Qualifications

• You have multiyear (>3 years) experience within Cybersecurity including SecOps, penetration testing, security analytics, threat hunting, and/or security architecture.
• Bachelor's degree in cyber security, Computer Science, or related technical discipline, with >3 years of experience.
• You have experience with security observability and identity threat monitoring in hybrid cloud environments.
• You have a proven ability to Independently drive transformational security projects cross-organization.
• You have knowledge of security testing and penetration testing tools and techniques, and with security analytics tools and platforms.
• You are a strong communicator who is comfortable working cross-functionally, with a track record of delivering results and demonstrating strong ownership.
• Preference for candidates who have had experience in security analytics, security research, offensive security, or advanced threat prevention teams.
• Given that much activity will have to be centred in US ET hours, we are looking for a candidate located on the eastern seaboard.

Salary Range:

The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.