Description

As a leading provider of human capital solutions, we help ourclientsand their people navigate the complexity of health, wealth and HR. We combine data-driven, consumer-centered technology with personalized care and service to deliver a superior customer experience. Our dedicated colleagues across 28 global centers help 23 million people and their 11 million family members simplify work and life, both now and in the future. At Alight, we are reimagining how people and organizations thrive.

As a member of Alight Wealth Management application development group, the Application Security Architect acts as its lead consultant for application and data security across multiple application teams. The role will partner very closely with Alight's Global IT Security area for overall security guidance and consistency. The rolewill toensure that organizational security standards are fully incorporated into Wealth Management applications while ensuring adoption of best practices, defining secure solutions that meet client requirements, supporting client assessments, and improving IT security risk and compliance management.

We're growing our team of technologists to drive innovation to support hundreds of millions of employee interactions per year. We build highly scalable enterprise solutions with leading technologies and are developing a strategic roadmap to continue driving future innovationsfor web, mobile, and third-party integrations.

Be part of a team that is taking our enterprise solutions to the cloud!

Note: this role is a virtual/work from home/remote opportunity

Responsibilities

Broaden Security Proficiency

• Identify, communicate, and champion the development of secure software development best practices and processes across Wealth IT
  
• Maintain awareness of the latest critical information security vulnerabilities, threats, and exploits
  
• Provide guidance on existing and emerging threats in the web and mobile application space, as they apply within the Wealth IT environment
  
• Partner with engineering and product teams to help guide security requirements and objectives to ensure that security best standards and policies are being met
  
• Provide guidance to harden application to help address potential vulnerabilities and avoid exploits
  
• Foster a culture of security by educating product engineering teams on security best practices, communicating vulnerability details and how they can and should be remediated and acting as an Application SME to other engineering teams
  
• Consulting on security architecture, design and development related to API, web applications, and mobile/cloud computingproducts and services
  

Security Testing Accountability for Applications

• Respond to client questions and concerns related to application and data security
  
• Design and lead security program including communicating best practice in application design and development
  
• Lead application security reviews throughout the application development lifecycle including static and dynamic application testing. Create and lead the remediation programs to mitigate applicationvulnerabilities
  
• Develop and implement workflows to automate security testing/vulnerability detection for the software development lifecycle
  
• Scope and perform security reviews of web applications, mobile applications, and private and public cloud environments
  
• Evaluate the results of various automated and manual security tests (e.g, static analysis, dynamic analysis, and 3rd party penetration tests.)
  

Compliance Consultation

• Work closely with fellow application development leaders, key business stakeholders, and corporate functions such as Audit & Risk Management, the Law/Privacy Department, and Global Security to represent Alight Wealth Management IT security program to Alight clients
  
• Lead application and data security compliance efforts and implementation of related process improvements
  
• Participate in client security audits and facilitate process with internal application stakeholder, lead pre-audit preparation and post-audit application security findings remediation
  
• Update and maintain application security compliance documentationrepositories;
  
• Assist in vendor/third-party security questionnaire responses and documentation when necessary
  
• Assist in third-party security assessment activities related to application and data security
  

Qualifications

Bachelor's orMaster'sdegree (or international equivalent) in a relevant field of study or equivalent work experience

Minimum 8 years of application development experience in a large scaled and complex technical environment with at least 3 years in an IT security role

Significant experience in two or more core technology areas:

• Java EE or node.jsstandards such as OAuth2, OIDC, SAML, and TLS
  
• SPA-based web development technologies, such as Angular
  
• Systems Integration orarchtecture
  
• Cloudservices (IaaS, serverless) and providers (AWS/Azure/Google)
  
• Solid understanding of Secure SDLC and Integration of Application Security controls (e.g., static and dynamic scans, design and architecture reviews) into product development life cycle
  
• Understanding of application and data security best practices
  
• Familiarity with security standards such asOWASP Top 10, SANS 25, NIST, and CVE
  
• MS Office and project management skills
  
• Professionally well-spoken and written English a must
  
• Experience working with auditors and/or regulators preferred
  
• Strong partnering, communication and presentation skills
  
• Strong analytical and problem-solving skills
  
• Security certifications (CISSP, CISA, CISM, ISO 27001) would be an advantage
  
• Position may occasionally require hours to accommodate US, EMEA & APAC time zones
  

Background Check Required

By applying for a position with Alight, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Alight's employment policies.

Background checks may include some orallofthe following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, fingerprint verification, credit check, and/ordrug test. You will be notified during the hiring process which checks are required by the position.Additionally, an active security clearance or the ability to obtain one may be required for this role.

Equal Employment Opportunity

Alight is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, ancestry, national origin, physical or mental disability, veteran or military status, or any other legally protected characteristics or conduct covered by federal, state or local law. In addition, Alight takes affirmative action to ensure that applicants are employed, and that employees are treated during employment, without regard to their race, color, religion, sex, sexual orientation, gender identity, protected veteran status, or national origin.

Reasonable Accommodations

Alight provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities, sincerely held religious beliefs, practices and observances, unless doing so would result in an undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting his/her recruiter.

Diversity Statement

At Alight, we believe that diversity should be visible, valued, and sustained throughout the organization. Alight provides equal treatment and employment opportunities to all employees and applicants for employment without regard to any protected status or other protected characteristic.

Authorization to Work in the United States

Applicants for employment in the United States must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States and with Alight.

We offer you a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.

DISCLAIMER:

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities of this job to other entities; including but not limited to subsidiaries, partners, or purchasers of Alight business units.
Alight Solutions provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, pregnancy, childbirth or related medical condition, veteran, marital, parental, citizenship, or domestic partner status, or any other status protected by applicable national, federal, state or local law. Alight Solutions is committed to a diverse workforce and is an affirmative action employer.