Jobs · Information Technology · Virginia

Lead Information Security Architect

Fannie Mae · Reston, VA · 1 wk ago
Information TechnologyFull-time

Job Description

As a valued colleague on our team, you will provide expert advice and lead your team in implementing the design of components of technological structures. In this role, you will lead a team in implementing solutions with a process-driven view, as well as schedule maintenance and/or updates to existing structures.

THE IMPACT YOU WILL MAKE

  • Expertise in defining and enforcing enterprise security guardrails for complex cloud-native architectures, including APIs, microservices, event-driven and streaming platforms, serverless workloads, and containerized applications within large enterprise environments.
  • Analyze AWS IAM and network policies to ensure they align with Zero Trust security principles and enforce least-privilege access.
  • Deep understanding of Zero Trust Architecture and the ability to integrate identity-centric security, least privilege, segmentation, continuous verification, and defense-in-depth into solution architectures.
  • Extensive experience applying industry security frameworks and regulatory standards, including NIST Cybersecurity Framework (CSF), NIST SP 800-53, NIST SP 800-207 (Zero Trust), FedRAMP, ISO 27001, OWASP ASVS/API Security Top 10 and SOX to enterprise solution architectures.
  • Strong understanding of secure application architecture, including RESTful APIs, API security, OAuth 2.0/OIDC, JWT, mTLS, secure service-to-service communication, and API gateway security.
  • Experience defining cloud adoption strategies, reference architectures, technology roadmaps, and proof-of-concept (PoC) initiatives for AWS-based enterprise platforms.
  • Strong knowledge of container and orchestration security, including Amazon ECS, Amazon EKS, AWS Fargate, Kubernetes security, workload identity, runtime protection, and container image security.
  • Expertise in securing AWS database services, including Amazon RDS (PostgreSQL, MySQL), Amazon Aurora, DynamoDB, and ElastiCache, with emphasis on encryption, network isolation, backup, and disaster recovery.
  • Proven ability to design secure, highly available, and resilient architectures, including multi-region deployments, disaster recovery, failover strategies, business continuity, and cyber resiliency.
  • Familiarity with DevSecOps practices and Infrastructure as Code (IaC) technologies such as Terraform, AWS CloudFormation, and automated security policy validation.
  • Experience establishing enterprise logging, monitoring, and security observability standards using Amazon CloudWatch, CloudTrail, AWS Config, Security Hub, GuardDuty, centralized logging platforms, and SIEM integrations.
  • Experience defining enterprise network segmentation, firewall policies, security groups, and access control strategies to support Zero Trust architecture.
  • Experience developing secure scalability and performance strategies while maintaining compliance with enterprise security, resiliency, and governance requirements.

THE EXPERIENCE YOU BRING TO THE TEAM

  • 4 years of experience designing and implementing AWS-based solution architectures.
  • Hands-on expertise with AWS services including network architecture, IAM, KMS, serverless computing (Lambda), Container Services (ECS, EKS), Amazon RDS, and messaging services (SNS/SQS/Event Bridge).
  • Strong knowledge of cloud security principles and controls, including Identity and Access Management (IAM), security auditing, data encryption, data loss prevention (DLP), and Zero Trust architecture.
  • Solid understanding of industry-standard cybersecurity frameworks and best practices, including NIST Cybersecurity Framework (CSF) and related standards.

Desired Experiences

  • 12+ years of progressive experience in Information Security, including 6+ years specializing in cloud security, solution architecture, systems architecture, engineering, security analysis, and application security.
  • AWS certifications such as: AWS Certified Solutions Architect – Professional, AWS Certified Security – Specialty, other relevant AWS Professional or Specialty certifications.
  • CISSP (Certified Information Systems Security Professional) or equivalent certification strongly preferred.
  • CCSP (Certified Cloud Security Professional)
  • SABSA, TOGAF, or equivalent enterprise architecture certification (preferred)

Education

  • Bachelor's Level Degree (Required)

Similar jobs