Principal Digital Security Architect

Key Responsibilities 
1. API & Ecosystem Architecture 
● The API Fortress: Architect the security layer for our API Gateway (e.g., Kong, 
Apigee, AWS Gateway). Define global policies for Rate Limiting, Throttling, and 
Authorization (preventing BOLA/IDOR attacks).  
● Supply Chain Security: Design secure integration patterns for our 3rd party partners 
(Fintechs, Credit Bureaus, Payment Processors). Ensure their insecurities do not 
become our breaches. 
● Microservices Mesh: Define how our internal services trust each other. Move from 
"Network Trust" to "Cryptographic Trust" using mTLS and Service-to-Service 
authentication. 

2. Identity & Access Management (CIAM) 
● Identity Strategy: Own the architecture for Customer Identity (CIAM). Design flows for 
Biometric Binding, Adaptive MFA, and Step-Up Authentication for high-value 
transactions. 
● Token Lifecycle: Define the standards for OAuth 2.0 and OpenID Connect (OIDC). 
Ensure we are using Financial-grade API (FAPI) standards for token issuance, 
revocation, and storage. 

3. Secure Development Lifecycle (SDLC) 
● Threat Modeling: Lead "Whiteboard Hacking" sessions with product owners. Identify 
business logic flaws (e.g., race conditions in ledgers, bypassable KYC steps) before a 
single line of code is written. 
● Paved Roads: Work with DevOps to architect secure-by-default libraries. (Example: 
Create a standard "Encryption Wrapper" library that all developers must use, so they 
don't invent their own crypto). 

4. Data Privacy & Cryptography 
● Data Defense: Define the architecture for Field-Level Encryption (FLE) in the 
database for PII and Banking Secrets. 
● Privacy Engineering: Architect systems that support "Right to be Forgotten" 
(GDPR/CCPA) without breaking the immutability of the financial ledger. 
Strategic Deliverables 
● Identity Patterns: Deliver new security design patterns and components for 
authentication, authorization, SSO, MFA, and Partner security to ensure seamless and 
secure user access. 
● Mobile & Edge: Deliver new security design patterns and components for Mobile 
security, ensuring consistency between iOS, Android, and the backend. 
● Modern Tech Stack: Deliver API, container, cloud, and AI security design patterns to 
support the bank's move toward intelligent, cloud-native infrastructure. 

What We Are Looking For 

1. The Background 
● 8+ Years Experience: A mix of Software Engineering and Security Architecture. 
● Ex-Developer: You must be able to read code (Java, Kotlin, React or Node.js, ).  
● Banking/Fintech Experience: Strong preference for candidates who have secured 
payment gateways, ledgers, or wallets. 

2. The Technical Skills 
● API Security: Deep mastery of REST and GraphQL security. 
● Auth Protocols: You can draw the OAuth 2.0 Authorization Code Flow with PKCE 
from memory. You understand JWT signing and JWKS key rotation. 
● Mobile Security: Understanding of how mobile apps store secrets 
(KeyStore/Keychain) and how to prevent API abuse from emulators/bots. 

3. The Mindset 
● Business Aligned: You understand that a bank exists to process transactions. You 
design security that reduces risk without destroying the User Experience (UX). 
● Pragmatic: You know when to demand a "Blocker" fix and when to accept a "Risk 
Acceptance" waiver.