Job Description

Software Security Architect

Company Overview

SS&C provides software and software-enabled services for the global financial services industry. Through a combination of organic innovation and strategic acquisitions, we have assembled a comprehensive selection of technology and service capabilities, backed by industry-leading expertise. Since 1995, SS&C has acquired 51 businesses with products, services and/or technologies in existing or complementary vertical markets. Acquisitions include GlobeOp, Advent Software, Citi Alternative Investor Services, Wells Fargo Global Fund Services and DST Systems.

SS&C has more than 20,000 employees worldwide.  Our head office is located in Windsor, Connecticut with offices throughout North America, Europe, Asia Pacific and Australia. SS&C provides the global financial services industry with a broad range of highly specialized software, software enabled-services and software as a service (SaaS) solutions for operational excellence.  

SS&C is the leading independent provider of cloud-based fund administration services and software for the alternative investment industry, including hedge funds, fund of funds, private equity funds and managed accounts.

Position Overview

This role is working as a key part of the global Deployment & Integration team, focused on delivering secure and reliable deployments across a cloud-enabled, microservices platform for the Institutional & Investment Management division. The Software Security Architect is responsible for providing architectural and technical guidance to product security across all Deployed & SaaS products in our division of SS&C.  The Architect will design, plan, and implement secure coding practices and security testing methodology; ensure that practices meet software certification processes; drive the security testing of the products; and test and evaluate security-related tools

Responsibilities

  • Drive overall software security architecture, working closely with product specific technical architecture experts.

  • Provide technical leadership in the comprehensive planning, development, and execution of SS&C software security efforts.

  • Work closely with product and engineering development teams to ensure that products meet or exceed customer security and certification requirements. This includes ensuring that the security architecture is well documented and communicated.

  • Provide planning and input into the software engineering and product development process, related to security, sensitive to the constraints and needs of the business.

  • Monitor security technology trends and requirements, such as emerging standards, for new technology opportunities.

  • Liaise with corporate level security team to ensure conformity with any existing standards, technologies etc.

  • Develop and execute security plans. This may include managing across third-party vendors, and providing guidance (with other departments) to the engineering and testing practices.

  • Ensure, and create as needed, security policies, processes, practices, and operations to ensure reproducible development and high quality, while keeping costs under control.

  • Engage in hands-on, in-depth analysis, review, and design of the software, including technical review and analysis of source code with a security perspective. Will include reviews of in-house developed code, as well as review of technologies provided by third party vendors.

  • Provide primary technical role in the security certifications process, including preparing extensive documentation and working with third-party evaluations.

  • Provide training to staff, contractors, development, and quality assurance teams, and product/software security champions related to product security.

  • Guide SS&C software development teams through the Security Development Lifecycle (SDL) by participating in design reviews, threat modeling, and in-depth security penetration testing of code and systems. These responsibilities extend to providing input on application design, secure coding practices, log forensics, log design, and application code security.

  • Maintain all tools and platforms required for all phases of the SDL (currently includes WhiteSource and HPE Fortify)

Experience, Skills & Qualifications

  • Experience with Microservices & containerization technologies (e.g. Docker), node.js, Mongo DB, AngularJS, Linux.

  • Bachelors / Masters in Computer Science (ideally with a focus on Information Assurance / Cybersecurity)

  • We would prefer candidates with recognized industry certifications (e.g. CISSP / CISM) <

Save Job