CyberSecurity Architect

CyberSecurity Architect

Country: United States of America

It Starts Here:

Santander is a global leader and innovator in the financial services industry and is evolving from a high-impact brand into a technology-driven organization. Our people are at the heart of this journey and together, we are driving a customer-centric transformation that values bold thinking, innovation, and the courage to challenge what’s possible.  This is more than a strategic shift.  It’s a chance for driven professionals to grow, learn, and make a real difference.

If you are interested in exploring the possibilities We Want to Talk to You!

Position Summary:

The Security Architect is responsible for designing, developing, comprehensive security architectures, strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls in business applications. The role’s specific focus includes mitigating and managing cyber security threats to the cloud, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity. 

Position Duties / Responsibilities

Cyber Security (Architecture, Development):
• Assess architectural patterns for service account authentication, Privileged Access Management, secdevops pipeline, security logging and monitoring, audit logging, and compliance guidance and monitoring.
• Responsible for protecting the Bank, customers and employees by mitigating and identifying technology threats to Santander.
• Provide expertise for cyber security technical and non-technical solutions; review and provide guidance enabling business system in the cloud while leveraging Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and Software as a Service (SaaS) in a manner that adheres to Santander information security policy and standards.
• Review and approve target state deployment topology, High-Level Architecture and Private Link interactions for the Public Cloud Workloads
• Provide consultative support to application teams including assessment of connectivity requirements, VNet/VPC, and subnet design and recommendations

• Other duties as assigned or requested by immediate supervisor

Specialized Knowledge 

• Designed application authentication and authorization solutions including Single-Sign On, Multi-Factor Authentication, OAuth, OpenID Connect, Sentinel, Dome9, Qualis, Azure Key Vault and related technologies for workloads moving to the cloud.
• Experience with Scrum, Kanban and SAFe Agile practices and strong aptitude to work in a DevOps culture and environment.
• Full-stack development experience building application software, test automation, and infrastructure as code
• Hands-on work experience working with SOAP and REST APIs, microservices design
• Experience in private network connectivity using Express Routes, Direct Connect, etc.
• Familiarity with load balancing technologies - ILB (Internal Load Balancers), Application Gateway, WAF (Web App Firewall), F5 appliance solutions, etc.
• Familiarity with network security principles (Network Security Groups, Application Security Groups), Private Link Services, Service Endpoint, Service Tags, etc.

Education: Bachelor’s degree preferred or equivalent experience

Business Experience: 7-10 years of relevant experience or demonstrated required level of proficiency  

Supervisory / Management Scope:

Individual contributor 

Technical Knowledge:

• Thorough understanding and experience with AZURE & AWS native controls
• Ability to configure, manage and apply Security best practices as per defined standards on Azure Security Center.
Good knowledge / hands-on experience in the following:
• Network Security Groups and Micro-segmentation concepts
• UDR and Load balancers
• VPN Gateways and ExpressRoute connection
• Azure Firewalls
• Service tags and service endpoints
• NAT and PAT concepts
• Automation frameworks (Terraform, Ansible, Chef, Puppet) and automation scripts to support the Azure environment tools (Azure Resource Manager Templates)
• Operation Management Suite (OMS) queries using Kusto query language (KQL)

Licenses / Certifications:

• Advanced Information Security Certification (ISACA or equivalent).

What Else You Need To Know:

The base pay range for this position is posted below and represents the annualized salary range. For hourly positions (non-exempt), the annual range is based on a 40-hour work week. The exact compensation may vary based on skills, experience, training, licensure and certifications and location.

Base Pay Range:

Minimum:

$93,750.00 USDMaximum:

$155,000.00 USD

We Value Your Impact:

Your contribution matters and it’s recognized.  You can expect a fair and competitive rewards package that reflects the impact you create and the value you deliver. We know rewards go beyond numbers.  Offering more than just a paycheck our benefits are designed to support you, your family and your well-being, now and into the future. Santander Benefits - 2026 Santander OnGoing/NH eGuide (foleon.com) 

Risk Culture:

We embrace a strong risk culture and all of our professionals at all levels are expected to take a proactive and responsible approach toward risk management.

EEO Statement:

At Santander, we value and respect differences in our workforce. We actively encourage everyone to apply. Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

Working Conditions:

Frequent minimal physical effort such as sitting, standing and walking is required for this role. Depending on location, occasional moving and lifting light equipment and/or furniture may be required.

Employer Rights:

This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties. You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time. This job description is not a contract for employment and either you or the employer may terminate your employment at any time for any reason.

What To Do Next:

If this sounds like a role you are interested in, then please apply.

We are committed to providing an inclusive and accessible application process for all candidates. If you require any assistance or accommodation due to a disability or any other reason, please contact us at [email protected] to discuss your needs.