Senior Cloud Product Security Architect

POSITION OVERVIEW

Fidelity National Financial (FNF) is seeking a Senior Cloud Product Security Architect to join our Information Security Office (ISO). This role reports to the Director of Product Security and Architecture and will play a critical role in shaping and executing FNF’s cloud security strategy across a diverse and evolving technology landscape. 

The Product Security Architecture team is dedicated to making our products and technologies as secure as possible. We report to the CISO, but work closely with development teams, product teams, and others across the organization to integrate security into the product lifecycle from design through deployment. Our colleagues depend on us to be application, network, and host security pros. We specialize in defining security requirements, performing application security assessments, and providing developers with remediation advice. On any given day we're pulled in to evaluate a new system, review a proposed network change, or provide guidance on application security/coding best practices.  

LOCATION

• This position can sit 100% remote.
• Quarterly travel to our HQ in Jacksonville, FL may be required.

DUTIES & RESPONSIBILITIES

• Work independently with developers, system/network engineers, product owners, and other colleagues to ensure secure design, development, and implementation of applications, infrastructure, and networks.
• Participate in engineering projects to identify threats and vulnerabilities in our cloud infrastructure and system architectures.
• Define cybersecurity requirements and security concepts and work with engineering teams to successfully deliver business solutions.
• Perform security design reviews of cloud systems, and networks. 
• Provide remediation guidance and recommendations to systems administrators. 
• Write enterprise standards based on security best practices. 
• Demonstrate deep expertise in Azure and either AWS or Google Cloud Platform (GCP), including native security services.
• Design secure cloud-native and hybrid architectures, including zero trust, micro-segmentation, and secure access patterns.
• Design secure VPCs, firewalls, VPNs, and secure connectivity between on-prem and cloud. 
• Protect data utilizing Encryption (at rest, in transit, and in use), key management (KMS, HSM), tokenization, and data classification. 
• Integrate security into CI/CD pipelines, infrastructure as code (IaC) scanning, and container security (e.g., Kubernetes, Docker). 
• Conduct threat modeling, risk assessments, and security reviews for cloud workloads. 
• Define and drive cloud security strategy aligned with business and IT goals. 
• Create architecture diagrams, security design documents, and architecture decision records.
• Represent the office of the Chief Information Security Officer in evaluating technology initiatives and projects to determine advanced cybersecurity requirements and controls necessary to comply with company policies, standards, and industry best practices.
• Demonstrate best practices, create proofs-of-concept and propose solutions to Customer’s Software and Infrastructure Architects and provide strategic technical direction across the development and infrastructure teams. 
• Build and sustain good working relationships with development and infrastructure teams and involve them in the overall application and cloud Security Technology strategy.
• Develop security related user stories and product specific threat models for products, as well as CI/CD pipelines and infrastructure-as-code.
• Develop technical security requirements for the business and see them through the development lifecycle. 
• Collaborate with business contacts to ensure third-party cloud applications comply with our standards, controls, policies, and principles. 

MINIMUM REQUIREMENTS

• Bachelor’s degree in computer science or business with emphasis in IT or the equivalent combination of education, training and work experience.
• Requires 8+ years of experience in cybersecurity, with at least 4 years focused on cloud security architecture. 
• Proven experience designing and securing solutions in AWS, Azure, and/or GCP (multi-cloud experience strongly preferred). 
• Deep understanding of cloud-native services, container security (e.g., Kubernetes), and serverless architectures. 
• Hands-on experience with security tools such as Terraform, CloudFormation, Sentinel, Prisma Cloud, Wiz, or similar. 
• Strong knowledge of DevSecOps practices and secure software development lifecycle (SSDLC). 
• Familiarity with compliance frameworks such as NIST, ISO 27001, SOC 2, HIPAA, and PCI-DSS. 
• Advanced knowledge of IAM principles, federation, SSO, RBAC/ABAC, and privileged access management. 
• Relevant certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, CISSP, or CCSP. 

PREFERRED EXPERIENCE

• Experience in regulated industries (e.g., financial services, insurance, healthcare). 
• Strong communication and leadership skills, with the ability to influence technical and non-technical stakeholders. 
• Experience leading security architecture programs or initiatives at the enterprise level.
• Experience with Container security platforms. 
• Experience incorporating security policy into Infrastructure as Code.

This position has the potential to earn compensation in the range of $175,000 - $225,000 annually based on location and job-related factors such as skillset and experience. Actual rate may vary within the range provided, depending on a number of factors, including skillset, experience and location.  The base compensation is one component of the total rewards package offered to our employees, including optional health and welfare insurance (medical/dental/vision/life/disability); paid holidays, vacation, and sick time off; and matching 401(k) plan and matching employee stock purchase plan.