Northern Trust
Location
Pune | India
Job description
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.
Create and review threat models using various approaches such as off the shelf tools, whiteboarding etc.
Research and analyze security architecture for applications developed in-house as well as vendor products.
Analyze / create conceptual and logical architecture designs
Good to have hands on Microsoft Threat Model and SD Element or any other open source threat modelling tools.
Work with dev teams to evaluate application architecture, analyze trade-offs, and recommend solutions and mitigating controls.
Assess risks through threat modeling and security reviews with teams.
Advise product teams on the security implications of their designs and roadmaps.
Collaborate within the SSDLC space for other team functions like SAST, DAST, SCA, and pen-testing.
Must keep up with industry trends, especially in cloud service provider services and related security threats and common misconfigurations and anti-patterns.
Must pick up the skills to influence and collaborate with a combination of technical and non-technical people to further security goals and objectives.
In addition to technical ability, an awareness of broader risk landscape and the ability to understand and improve SSDLC and related processes is desirable.
Specific knowledge/ skills:
Knowledge of security architecture patterns across major CSP's like Azure, AWS and GCP is required, along with specific awareness of TLS, key management, SAML integration, encryption and logging patterns.
Familiarity with popular threat modeling methodologies such as STRIDE is required.
Knowledge of security architecture and development of secure software is required.
Familiarity with exploitation patterns and mitigations are required.
Familiarity with DevSecOps pipelines, methods and practices is required.
Past experience in SAST, DAST, open source scanning and penetration testing is preferred.
Past experience in software development in a mainstream language is preferred.
Experience using ServiceNow is preferred.
Qualifications:
BE/BTech degree and relevant work experience is required
7-12 years of experience in software development, information security and architecture design & controls
Job tags
Salary
