Lead Information Security Architect
Fannie Mae · Reston, VA · 1 wk ago
Information TechnologyFull-time
Job Description
As a valued colleague on our team, you will provide expert advice and lead your team in implementing the design of components of technological structures. In this role, you will lead a team in implementing solutions with a process-driven view, as well as schedule maintenance and/or updates to existing structures.
THE IMPACT YOU WILL MAKE
- Expertise in defining and enforcing enterprise security guardrails for complex cloud-native architectures, including APIs, microservices, event-driven and streaming platforms, serverless workloads, and containerized applications within large enterprise environments.
- Analyze AWS IAM and network policies to ensure they align with Zero Trust security principles and enforce least-privilege access.
- Deep understanding of Zero Trust Architecture and the ability to integrate identity-centric security, least privilege, segmentation, continuous verification, and defense-in-depth into solution architectures.
- Extensive experience applying industry security frameworks and regulatory standards, including NIST Cybersecurity Framework (CSF), NIST SP 800-53, NIST SP 800-207 (Zero Trust), FedRAMP, ISO 27001, OWASP ASVS/API Security Top 10 and SOX to enterprise solution architectures.
- Strong understanding of secure application architecture, including RESTful APIs, API security, OAuth 2.0/OIDC, JWT, mTLS, secure service-to-service communication, and API gateway security.
- Experience defining cloud adoption strategies, reference architectures, technology roadmaps, and proof-of-concept (PoC) initiatives for AWS-based enterprise platforms.
- Strong knowledge of container and orchestration security, including Amazon ECS, Amazon EKS, AWS Fargate, Kubernetes security, workload identity, runtime protection, and container image security.
- Expertise in securing AWS database services, including Amazon RDS (PostgreSQL, MySQL), Amazon Aurora, DynamoDB, and ElastiCache, with emphasis on encryption, network isolation, backup, and disaster recovery.
- Proven ability to design secure, highly available, and resilient architectures, including multi-region deployments, disaster recovery, failover strategies, business continuity, and cyber resiliency.
- Familiarity with DevSecOps practices and Infrastructure as Code (IaC) technologies such as Terraform, AWS CloudFormation, and automated security policy validation.
- Experience establishing enterprise logging, monitoring, and security observability standards using Amazon CloudWatch, CloudTrail, AWS Config, Security Hub, GuardDuty, centralized logging platforms, and SIEM integrations.
- Experience defining enterprise network segmentation, firewall policies, security groups, and access control strategies to support Zero Trust architecture.
- Experience developing secure scalability and performance strategies while maintaining compliance with enterprise security, resiliency, and governance requirements.
THE EXPERIENCE YOU BRING TO THE TEAM
- 4 years of experience designing and implementing AWS-based solution architectures.
- Hands-on expertise with AWS services including network architecture, IAM, KMS, serverless computing (Lambda), Container Services (ECS, EKS), Amazon RDS, and messaging services (SNS/SQS/Event Bridge).
- Strong knowledge of cloud security principles and controls, including Identity and Access Management (IAM), security auditing, data encryption, data loss prevention (DLP), and Zero Trust architecture.
- Solid understanding of industry-standard cybersecurity frameworks and best practices, including NIST Cybersecurity Framework (CSF) and related standards.
Desired Experiences
- 12+ years of progressive experience in Information Security, including 6+ years specializing in cloud security, solution architecture, systems architecture, engineering, security analysis, and application security.
- AWS certifications such as: AWS Certified Solutions Architect – Professional, AWS Certified Security – Specialty, other relevant AWS Professional or Specialty certifications.
- CISSP (Certified Information Systems Security Professional) or equivalent certification strongly preferred.
- CCSP (Certified Cloud Security Professional)
- SABSA, TOGAF, or equivalent enterprise architecture certification (preferred)
Education
- Bachelor's Level Degree (Required)