Director, Cloud Security Architecture Leader

Job Title
Director, Cloud Security Architecture Leader
Job ID
St. Louis-Missouri-United States of America,  MO 63109
Other Location

Director, Cloud Security Architecture Leader

Job Description
Director, Product Security

Refinitiv is looking for a few highly skilled cyber security specialists to help staff a new location in the central business district of Hoboken, NJ. This new facility will be home to a number of critical cyber security disciplines, designed to improve the overall security posture of Refinitiv – including its assets, data and operations. Be part of an exciting, fast-paced environment that will help Refinitiv strengthen its position.

The Cyber Security & Technology Risk team seeks a high-energy, motivated individual who combines solid technical credentials with a high degree of business insight for the position of Director, Product Security within the Secure Architecture & Design team. You will collaborate with technology peers and business partners while leading a team of architects. Holistic product security has been defined as a strategic direction for Refinitiv and a cornerstone of security for both infrastructure and product. You will lead a team that strengthens the security posture of products & enterprise applications. This vision will be implemented in Refinitiv’s data centers, in cloud services worldwide and will be used by a diverse set of enterprise technologies across all business units.

Primary Responsibilities:

  • Define a Product Security strategy for Refinitiv products to support business and customer needs.
  • Partner with software engineers and development teams on building information security requirements and specifications into Refinitiv products.
  • Facilitate compliance with product security policies, practices and legal requirements
  • Review internally developed code for advanced security issues as part of an Agile Development process and educate Product Development teams on secure coding best practices.
  • Develop and leverage automation and analytics capabilities to improve our cyber threat detection and prevention capabilities.
  • Develop and assist in the implementation of threat modeling exercises with product teams.
  • Assist with product penetration testing and interact with penetration testers and other external vendors to validate security controls.
  • Evaluate the security posture of third party libraries and frameworks and provide product teams with guidance and documented best practices for safely incorporating them into their products.
  • Develop and maintain internal libraries that provide common implementations of critical security controls.
  • Research and evaluate new Product Security technologies for internal consumption.

Required Skills:

  • Extensive software development experience:
  • Fully competent in most of the programming languages, software engineering methodologies, and software development tools our team uses:

            - Java, Groovy, jUnit, Spock, SQL, Elasticsearch

            - Angular2, ngrx, HTML5, JSON

            - AWS, UNIX/Shell, Jenkins, Gradle

            - Aspose, JxBrowser

  • Extensive experience of application/product security experience in a large enterprise.
  • Demonstrated and hands-on experience in the following areas:
  • Source code auditing, penetration testing, product assessments, vulnerability research, and reverse engineering
  • Strong understanding of the software development lifecycle (SDLC).
  • Willing to travel internationally up to 20%.
  • Familiarity with common software flaws that lead to exploits, and experience with techniques for securing embedded systems (e.g. ASLR).
  • Strong experience in conducting static analysis (SAST), dynamic analysis (DAST), security technical implementation guide (STIG), and fuzz testing (FUZZY) and vulnerability scans
  • Experience with various security tools and products (Fortify, Burp Suite, HP Webinspect, Checkmarx, Nessus, IBM AppScan, etc.)
  • Experience with common security scoring systems – CVSS v3 and CWSS, and secure coding standards/best practices
  • Experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
  • Excellent verbal and written communication skills.

The Financial and Risk Business of Thomson Reuters is now Refinitiv. Refinitiv equips the financial community with access to an open platform that uncovers opportunity and catalyzes change. With a dynamic combination of data, insights, technology, and news from Reuters, our customers can access solutions for every challenge, including a breadth of applications, tools, and content—all supported by human expertise. At Refinitiv, we facilitate the connections that propel people and organizations to find new possibilities to move forward.

As a global business, we rely on diversity of culture and thought to deliver on our goals. Therefore we seek talented, qualified employees in all our operations around the world−regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Refinitiv is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

St. Louis-Missouri-United States of America

Option 1: Create a New Profile