Principal, Cloud Security Architecture - Authentication & Authorization

About Northern Trust :

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity.

With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.

Description

• Guides the development, specification and communication of application or infrastructure architectures used by multiple business or application systems.
• Security architect primarily focused on technologies related to authentication, authorization, access management, governance, controls, regulatory requirements etc.

As a key member of Workforce authorization and authentication team this candidate will play a vital role in ensuring the secure and compliant implementation of various solutions (Hybrid and Cloud).

• Provides extensive, in-depth, technical consultation to the clients, partners, and IT Management to develop plans and directions to assure the integration of corporate business area requirements.
• Acts as cybersecurity expert for cloud migration projects / programs
• Thoroughly understands decision process issues of technology choice, such as design, data security, client server communication, etc.
• Evaluates and selects from existing and emerging technologies those options best fitting business / project needs
• Promotes sharing of expertise through consulting, presentations, and documentations, etc.
• Experienced, functional expert with technical and / or business knowledge and functional expertise
• Carries out complex initiatives involving multiple disciplines and / or ambiguous projects
• Displays a balanced, cross-functional perspective, liaising with the business to help improve efficiency, effectiveness, and productivity

Requirements

• Design Identity centric Workforce Security solutions to ensure secure and efficient authentication and access management aligned with the industry frameworks and standards (NIST CSF, COBIT, SOC, GDPR etc)
• Guides the architectural development of identity solutions, access patterns, modern security protocols, practicing Zero trust, least privileged, defense in depth principles
• In-depth knowledge and experience on Entra ID, EPM, Sentinel, Azure, M365, AWS Security is required
• Review and provide feedback on Identity and access management related security solutions proposed by stakeholders and can provide consultation to the partners and IT Management
• Thoroughly understands and provides solutions considering Security technology choices, such as design, protocols support, secrets management, data security, client server communication, token handling, Session management, credential vaulting, OIDC / OAuth flows, authorization patterns, identity federation, cloud architectures, cryptography, cloud native services, cloud security etc.
• Good understanding of Cloud Infrastructure Entitlement Management solution (CIEM) to ensure continuous improvement in Security Posture by providing consultations to application teams
• Design target architectures and roadmaps considering authentication and authorization security control frameworks and audit requirements
• Awareness of Cyber Security Risk management principles and frameworks, supply chain risk and third-party risk assessment controls
• Understanding and application of threat modeling concepts and methodologies
• Displays a balanced, cross-functional perspective under information security, liaising with other towers and business to help improve Security centric designs
• Knowledge on Okta, PingFederate, Entitlement management solutions
• In-depth knowledge of various cybersecurity frameworks, standards, and identity governance and administration
• Strong knowledge on Identities management on Azure AD with OAuth, OIDC, SAML, SSO, MFA, Conditional access policies, MFA, Kerberos, LDAP, Identity Federations etc.
• Experience in providing security solutions for Java based Micro services, React based frontends and Android / iOS based mobile applications on the Azure
• Hands-of experience in JWT, session handling, Code signing, Certificate authentication, TLS / SSL, API Security, Application registration, application integration scenarios etc.
• Exposure to API Management, Firewalls, DLP, VPNs, DNS, Azure Defender, MCAS, Sentinel, WAFs, Application Gateways, NSGs, App Proxy, Radius clusters, CDN etc.
• Deeper understanding of Applications security, OWASP standards, security best practices, browser compatibilities / storages / cookies
• Deeper understanding on Cloud Security areas such as Policies, RBAC, activities, identities, privileged access management etc
• Authentication / Authorization / Auditing / Accounting frameworks and hands-on experience, Privilege Identity / access management on the cloud
• Ability to support operations in troubleshooting complex identity scenarios with hands-on experience on Sentinel / KQL / Audit logs etc.
• Understanding of IaC, CI / CD pipeline, automation, and vulnerability scanning tools, Terraform, Powershell, bash script, Azure CLI
• Very good understanding of concepts related to docker Security, container orchestrations / Kubernetes, mTLS, Dapper, Service Mesh and security scenarios

Qualifications

• Bachelor's degree in computer science or a related discipline and experience in information security, or an equivalent combination of education and work experience.
• Deep knowledge of application or infrastructure systems architecture, usually having experience with multiple system technologies.
• Excellent consultative and communication skills, and the ability to work effectively with client, partner, and IT management and staff.
• Ten years of experience in the Information Security role. Five years of experience as a Security Architect
• Strong collaboration skills and a analytical ability
• Certifications on Azure, AWS security will be preferred. CISSP and / or CSSP will be value add

Working with Us :

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We'd love to learn more about how your interests and experience could be a fit with one of the world's most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRH redacted .

We hope you're excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.