Senior Security Architect

About The Position

Requirements

• A minimum of 5 years of effective experience building and assessing enterprise systems.
• Deep conceptual understanding of AWS and Azure, and their identity platforms.
• Strong understanding of OAuth, OIDC, and modern access control. Fluidity in designing and reviewing authorization flows.
• Strong familiarity with adversary tradecraft, including identity and network perimeter attack primitives. Able to produce PoC attack sequences, for controls testing. Prior offensive security experience, or hands on offensive security certification strongly preferred.
• Ability to accurately, and pragmatically threat model business workflow, identifying the areas of control required, and documenting them.
• AI-first mindset; able to identify and act upon opportunities to automate analysis and administrative tasks, while improving the quality of assessment output.
• Effective communicator, both in writing and speaking.
• Strong organizational skills, with a proactive approach to enhancing team processes and tools.
• Strong scripting or automation skills (Python, Go, PowerShell).
• Understanding of security compliance frameworks (e.g., ISO 27001, NIST, SOC 2).

Nice To Haves

• Experience with microservices and frameworks such as Spring-Boot.
• Good understanding of LLMs, Agentic AI and mainstream coding assistants like GitHub copilot and/or Amazon Q.
• Knowledge of emerging AI API standards like MCP and A2A.
• Demonstrated ability to quickly learn and adapt to new technologies, knock down impediments, and deliver great products in an agile environment.
• Ability to work with cross-functional teams towards a common goal.

Responsibilities

• Lead in tactical and strategic design and implementation of control sets for emerging technologies. Delegating action and keeping senior stakeholders aligned.
• Scope and own execution of assessments performed by third party consultants, ensuring remediation is adequately negotiated and ultimately enacted by other technology teams.
• Reviewing target architecture designs, ensuring any security risks are understood and documented. These changes include application updates, and modifications to network and identity provider configurations.
• Reviewing security policies, standards, procedures, and metrics, and participating in security monitoring use case design.
• Owning the continuous optimization of team workflows with the help of agentic technology and scrum tooling

Benefits

• Hybrid Work Environment: 2 to 3 days a week in office required based on your line of business and location
• A Culture of Learning & Mobility: Dedicated trainings, leadership development and mentorship programs designed to ensure that your time at Fitch will be a continuous learning opportunity
• Investing in Your Future: Retirement planning and tuition reimbursement programs that empower you to achieve your short and long-term goals
• Promoting Health & Wellbeing: Comprehensive healthcare offerings that enable physical, mental, financial, social, and occupational wellbeing
• Supportive Parenting Policies: Family-friendly policies, including a generous global parental leave plan, designed to help you balance career and family life effectively
• Inclusive Work Environment: A collaborative workplace where all voices are valued, with Employee Resource Groups that unite and empower our colleagues around the globe
• Dedication to Giving Back: Paid volunteer days, matched funding for donations and ample opportunities to volunteer in your community