JOBSEARCHER
SIGN IN

Lead Security Engineer

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

Security Architect - Digital SolutionsCharlotte, NCObjective:Lead the security architecture, standards, and governance for customer- and employee-facing digital platforms, APIs, and enabling services. Ensure solutions are secure by design, compliant with regulatory requirements, and resilient to evolving threats. Shape the roadmap for foundational security capabilities across the digital portfolio, including secure adoption of GenAI, fine-grained authorization, Open Banking security, and enterprise API and AI gateway controls.Key Responsibilities:Architecture & GovernanceLead end-to-end security architecture reviews for digital solutions, including web, mobile, APIs, microservices, integrations, GenAI-enabled capabilities, and drive risk treatment of residual findings.Maintain and evolve reference architectures, secure patterns, and standards across IAM, authorization, data, network, cloud, API gateways, AI gateways, and third-party/SaaS platforms.Define and govern enterprise authorization patterns, including fine-grained authorization for APIs, microservices, digital channels, and customer, employee, partner, and service-to-service use cases.Establish reference architectures and guardrails for centralized and distributed authorization platforms, including OpenFGA or similar fine-grained authorization solutions.Perform threat modeling and security risk assessments covering application, API, cloud, SaaS, supply chain, and GenAI threats, including OWASP-aligned attack scenarios and API abuse risks.Own and evolve the digital security architecture roadmap aligned to business priorities, regulatory requirements, and measurable risk reduction outcomes.Embed security in CI/CD and SDLC (secure coding guidance, security testing, cloud-native guardrails).Provide architecture oversight and governance for new technology adoption, vendor evaluations, and strategic platform decisions across the digital portfolio.Communicate security recommendations and tradeoffs clearly to engineers, product teams, and leadership; influence design decisions and risk acceptance outcomes.Core Security DomainsIAM and Authorization: Authentication, authorization, federation/SSO, least privilege, service-to-service identity, and fine-grained authorization for user-, service-, and resource-level access decisions. Define and implement modern authorization models such as RBAC, ABAC, ReBAC, and policy-based access control, including externalized authorization architectures and OpenFGA-based patterns where applicable.Network and Edge Security: Segmentation, ingress/egress controls, API gateway/WAF, DDoS protections, secure connectivity, and gateway policy enforcement for internal, partner, and external-facing services.Data Security: Data classification, encryption, tokenization/masking where applicable, key and secrets management, data minimization, and secure data-sharing controls.Cloud Security: AWS/Azure secure baselines, cloud-native architecture patterns, workload identity, secure service communication, logging/monitoring, and guardrails aligned to organizational standards.Third-Party and SaaS Security: Security due diligence, onboarding standards, contractual security controls, monitoring, ongoing assurance, and secure integration design for vendors and external platforms.Application and API Security: Establish integration security standards including API schemas, mTLS, OAuth2/OIDC, JWT validation, token storage and rotation, webhook security, idempotency and replay protections, schema validation, rate limiting, bot and abuse detection, and fine-grained authorization enforcement across APIs and services.Preferred Qualifications:Proven ability to mentor/coach and drive cross-team adoption of secure patterns.Demonstrated Financial Services experience supporting regulated environments, including one or more of the following: retail banking, commercial banking, wealth/investments, payments, Open Banking, or digital marketing/CRM ecosystems.Deep expertise in IAM, modern authorization architecture, network security, data protection, application security, and third-party/SaaS risk management.Strong experience designing fine-grained authorization models for APIs, microservices, and digital platforms, including RBAC, ABAC, ReBAC, and policy-based access control.Hands-on or architectural experience with OpenFGA strongly preferred; equivalent fine-grained authorization platform experience acceptable.Strong experience with API gateway architecture and security controls, including authentication and authorization enforcement, traffic shaping, rate limiting, schema validation, WAF integration, observability, and secure partner/external API exposure.Experience with AI gateway or equivalent control-plane patterns for GenAI/LLM access, including model routing, authentication and authorization, prompt/response filtering, audit logging, policy enforcement, and data protection controls.Experience with security reviews, threat modeling, technology evaluations, and vendor assessments.Knowledge of financial regulatory frameworks such as FFIEC, PCI DSS, SOX, and relevant privacy/data-sharing requirements, as well as security frameworks such as NIST, CRI and CIS.Strong communication, stakeholder management, and influence skills across engineering, product, risk, and executive audiences.