SS&C Technologies Holdings, Inc. is a global provider of financial services software and software-enabled services. Founded in 1986, SS&C has built the most comprehensive powerhouse of software technology in the financial services industry – technology that complements our unrivaled expertise and professionalism in fund administration, insurance and pension funds, and asset and wealth management accounting and operations. Named by Forbes as one of America’s best midsize employers, SS&C has more than 20,000 employees and 15,000 clients worldwide, and is headquartered in Windsor, Connecticut, with offices throughout North America, Europe, Asia Pacific, Africa, and Australia.
This position will be based at 50 Milk Street, Boston, MA 02109.
The Jr. Application Security Architect is responsible for providing architectural and technical guidance to product security across all Deployed & SaaS products in our division of SS&C. The Architect will design, plan, and implement secure coding practices and security testing methodology; ensure that practices meet software certification processes; drive the security testing of the products; and test and evaluate security-related tools.
Specific roles and responsibilities include:
Drive overall software security architecture, working closely with product specific technical architecture experts.
- Provide technical leadership in the comprehensive planning, development, and execution of SS&C software security efforts.
- Work closely with product and engineering development teams to ensure that products meet or exceed customer security and certification requirements. This includes ensuring that the security architecture is well documented and communicated.
- Provide planning and input into the software engineering and product development process, related to security, sensitive to the constraints and needs of the business.
- Monitor security technology trends and requirements, such as emerging standards, for new technology opportunities.
- Liaise with corporate level security team to ensure conformity with any existing standards, technologies etc.
- Develop and execute security plans. This may include managing across third-party vendors, and providing guidance (with other departments) to the engineering and testing practices.
- Ensure, and create as needed, security policies, processes, practices, and operations to ensure reproducible development and high quality, while keeping costs under control.
- Engage in hands-on, in-depth analysis, review, and design of the software, including technical review and analysis of source code with a security perspective. Will include reviews of in-house developed code, as well as review of technologies provided by third party vendors.
- Provide primary technical role in the security certifications process, including preparing extensive documentation and working with third-party evaluations.
- Provide training to staff, contractors, development, and quality assurance teams, and product/software security champions related to product security.
- Guide SS&C software development teams through the Security Development Lifecycle (SDL) by participating in design reviews, threat modeling, and in-depth security penetration testing of code and systems. These responsibilities extend to providing input on application design, secure coding practices, log forensics, log design, and application code security.
- Maintain all tools and platforms required for all phases of the SDL (currently includes WhiteSource and HPE Fortify)
Experience, Skills, & Qualifications:
- Experience with Microservices & containerization technologies (e.g. Docker), node.js, Mongo DB, AnjularJS, Linux.
- Bachelors / Masters in Computer Science (ideally with a focus on Information Assurance / Cybersecurity)
- We would prefer candidates with recognized industry certifications (e.g. CISSP / CISM)
Unless explicitly requested or approached by SS&C Technologies, Inc. or any of its affiliated companies, the company will not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services.
SS&C offers excellent benefits including health, dental, 401k plan, tuition and professional development reimbursement plan.
SS&C Technologies is an Equal Employment Opportunity employer and does not discriminate against any applicant for employment or employee on the basis of race, color, religious creed, gender, age, marital status, sexual orientation, national origin, disability, veteran status or any other classification protected by applicable discrimination laws.