Principal Digital Security Architect

Responsibilities

• API & Ecosystem Architecture
• The API Fortress: Architect the security layer for our API Gateway (e.g., Kong,
• Apigee, AWS Gateway). Define global policies for Rate Limiting, Throttling, and
• Authorization (preventing BOLA/IDOR attacks).
• Supply Chain Security: Design secure integration patterns for our 3rd party partners
• (Fintechs, Credit Bureaus, Payment Processors). Ensure their insecurities do not
• become our breaches.
• Microservices Mesh: Define how our internal services trust each other. Move from
• "Network Trust" to "Cryptographic Trust" using mTLS and Service-to-Service
• authentication.
• Identity & Access Management (CIAM)
• Identity Strategy: Own the architecture for Customer Identity (CIAM). Design flows for
• Biometric Binding, Adaptive MFA, and Step-Up Authentication for high-value
• transactions.
• Token Lifecycle: Define the standards for OAuth 2.0 and OpenID Connect (OIDC).
• Ensure we are using Financial-grade API (FAPI) standards for token issuance,
• revocation, and storage.
• Secure Development Lifecycle (SDLC)
• Threat Modeling: Lead "Whiteboard Hacking" sessions with product owners. Identify
• business logic flaws (e.g., race conditions in ledgers, bypassable KYC steps) before a
• single line of code is written.
• Paved Roads: Work with DevOps to architect secure-by-default libraries. (Example:
• Create a standard "Encryption Wrapper" library that all developers must use, so they
• don't invent their own crypto).
• Data Privacy & Cryptography
• Data Defense: Define the architecture for Field-Level Encryption (FLE) in the
• database for PII and Banking Secrets.
• Privacy Engineering: Architect systems that support "Right to be Forgotten"
• (GDPR/CCPA) without breaking the immutability of the financial ledger.
• Strategic Deliverables
• Identity Patterns: Deliver new security design patterns and components for
• authentication, authorization, SSO, MFA, and Partner security to ensure seamless and
• secure user access.
• Mobile & Edge: Deliver new security design patterns and components for Mobile
• security, ensuring consistency between iOS, Android, and the backend.
• Modern Tech Stack: Deliver API, container, cloud, and AI security design patterns to
• support the bank's move toward intelligent, cloud-native infrastructure.

Requirements

• The Background
• 8+ Years Experience: A mix of Software Engineering and Security Architecture.
• Ex-Developer: You must be able to read code (Java, Kotlin, React or Node.js, ).
• Banking/Fintech Experience: Strong preference for candidates who have secured
• payment gateways, ledgers, or wallets.
• The Technical Skills
• API Security: Deep mastery of REST and GraphQL security.
• Auth Protocols: You can draw the OAuth 2.0 Authorization Code Flow with PKCE
• from memory. You understand JWT signing and JWKS key rotation.
• Mobile Security: Understanding of how mobile apps store secrets
• (KeyStore/Keychain) and how to prevent API abuse from emulators/bots.
• The Mindset
• Business Aligned: You understand that a bank exists to process transactions. You
• design security that reduces risk without destroying the User Experience (UX).
• Pragmatic: You know when to demand a "Blocker" fix and when to accept a "Risk
• Acceptance" waiver.

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at encora10? Share your experience