Director, Secure Design Review (Cybersecurity) Position Available In Hillsborough, New Hampshire

Job Description:

The Secure Design Review (SDR) team is a new team that is being built with Leadership support as part of the Application & Infrastructure Security Product Area of Enterprise Cybersecurity (ECS). We work closely with ECS teams including Penetration Testing and Red Team, Fidelity Architecture Engineering (FAE) teams, developers, and architects across Fidelity. The mission of the Secure Design Review (SDR) team is to protect Fidelity’s assets and our customers’ livelihoods from the threat of exploitation by malicious adversaries. The SDR team does this by proactively helping developers and architects across Fidelity to identify architectural flaws and potential vulnerabilities in our technology systems, and by serving as subject matter experts to enable the business units to mitigate them in a positive, collaborative, innovative manner. The team does this by performing secure design review assessments of applications, infrastructure, and technology solutions. Our Vision We aspire to be a best-in-class SDR team, with fully engaged, passionate members. Producing high-quality work in a consistent, effective, efficient, customer-oriented manner. Providing competitive advantage to the firm and serving as a differentiator in the marketplace. Serving as a role model for others across the Enterprise and wider industry. Driving advancement and research in the secure design review cybersecurity space. The Expertise You Have and The Skills You Bring 10+ years of IT experience. Bachelor’s degree in Computer Science, Information Systems, or equivalent work experience. 5+ years hands-on experience working within the cybersecurity domain. Experience assessing network, application, and infrastructure architecture (both cloud and on prem) and delivering the results and recommended mitigations. Experience with industry standard threat modeling and applying the standards to existing or new designs (e.g. STRIDE, PASTA, etc.). Expert level technical knowledge of application and network security vulnerabilities and best practices including OWASP Top 10 vulnerabilities and MITRE Tactics, Techniques and Procedures (TTPs) Knowledge of security industry best practices including encryption, SCIM, Oauth, OIDC, FIDO etc.

Preferred:

Experience using a threat modeling tool (eg IriusRisk etc.)

Preferred:

Hands-on experience with Security architecture, Penetration testing, Secure Code Review, Vulnerability Analysis, Red Team.

Preferred:

Relevant certifications such as CISSP, CISA, CCSP, OSCP, OSCE, GPEN, GXPN, or other industry recognized security certification Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues. Experience with fostering an environment of continuous improvement across the organization. Effective at communication with associates across the organization to positively influence partners and key technology decision makers. You will join a highly skilled and new team of subject matter experts to enable Fidelity’s developers and architects build secure technology solutions. Lead secure design review assessment efforts of Fidelity’s technology solutions, including web applications, mobile applications, infrastructures, and standardized architectural solutions. You will research and understand the technologies in use by Fidelity. You will also replicate the actual techniques and tools used by malicious attackers to model potential external threats. Upon completion of the assessment, you will prepare reports and present the results to application owners, developers, architects, and business unit information security teams. Document the results in the system of record and explain the results to both technical and non-technical audiences. Perform analysis of aggregated results, draw conclusions, and define both tactical and strategic recommendations. Consult with the remediation and enforcement teams to ensure the potential weaknesses are addressed.

Certifications:

Category:

Information Technology Fidelity’s hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office. At Fidelity, we are passionate about making our financial expertise broadly accessible and effective in helping people live the lives they want! We are a privately held company that places a high degree of value in creating and nurturing a work environment that attracts the best talent and reflects our commitment to our associates. We are proud of our diverse and inclusive workplace where we respect and value our associates for their unique perspectives and experiences. For information about working at Fidelity, visit FidelityCareers.com. Fidelity Investments is an equal opportunity employer. Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation please contact the following: For roles based in the

US:

Contact the HR Leave of Absence/Accommodation Team by sending an email to accommodations@fmr.com, or by calling 800-835-5099, prompt 2, option 2 For roles based in

Ireland:

Contact AccommodationsIreland@fmr.com For roles based in

Germany:

Contact Accommodationsgermany@fmr.com Fidelity Privacy Policy