Senior Identity Product Security Architect

POSITION OVERVIEW

Fidelity National Financial (FNF) is seeking a Senior Identity Product Security Architect to join the Information Security Office (ISO). Reporting to the Director of Product Security and Architecture, this role is pivotal in shaping FNF’s enterprise identity security strategy. The architect will lead the design and development of reference architectures and roadmaps for Identity, Credential, and Access Management (ICAM), with a strong emphasis on Zero Trust principles and Privileged Access Management (PAM) integration across hybrid and multi-cloud environments. This role requires close collaboration with cybersecurity, infrastructure, and application teams to deliver secure, scalable, and compliant identity solutions that align with both regulatory standards and business objectives.

The Product Security Architecture team is dedicated to making our products and technologies as secure as possible. We report to the CISO, but work closely with development teams, product teams, and others across the organization to integrate security into the product lifecycle from design through deployment. Our colleagues depend on us to be application, network, and host security pros. We specialize in defining security requirements, performing application security assessments, and providing developers with remediation advice. On any given day we're pulled in to evaluate a new system, review a proposed network change, or provide guidance on application security/coding best practices

LOCATION

• This role can sit 100% remote.
• Travel may be required up to 5%.

DUTIES & RESPONSIBILITIES

• Develop and maintain ICAM reference architectures, including identity governance, authentication, authorization, and PAM. 
• Define and evolve roadmaps for identity modernization, including federation, SSO, MFA, and password-less strategies. 
• Lead zero trust identity architecture initiatives, integrating with network, endpoint, and data security domains. 
• Architect secure identity flows across cloud (Azure AD, AWS IAM, GCP IAM) and on-prem environments. 
• Design and implement PAM solutions (e.g., CyberArk, BeyondTrust) for infrastructure, applications, and DevOps pipelines. 
• Integrate identity controls into CI/CD pipelines, APIs, and microservices architectures.
• Define identity-related security controls, policies, and standards aligned with NIST, ISO, and CIS benchmarks.
• Conduct risk assessments and threat modeling for identity systems and privileged accounts.
• Ensure compliance with regulatory frameworks (e.g., NYDFS, GLBA, SOX, Other).
• Partner with product teams, IAM engineers, and business stakeholders to align identity architecture with enterprise goals.
• Provide technical leadership and mentorship to junior architects and engineers.
• Represent identity architecture in security governance boards and architecture review committees.
• The ability to explain complex security concepts to technical and non-technical audiences
• Create architecture diagrams, security design documents, and architecture decision records
• Represent the office of the Chief Information Security Officer in evaluating technology initiatives and projects to determine advanced cybersecurity requirements and controls necessary to comply with company policies, standards, and industry best practices
• Demonstrate best practices, create proofs-of-concept and propose solutions to Customer’s Software and Infrastructure Architects and provide strategic technical direction across the development and infrastructure teams.
• Develop technical security requirements for the business and see them through the development lifecycle.  

MINIMUM REQUIREMENTS

• Bachelor’s degree in computer science or business with emphasis in IT or the equivalent combination of education, training and work experience.
• Active CISSP certification.
• Requires 8+ years of experience in cybersecurity architecture, with 5+ years focused on identity and access management. 
• Deep expertise in IAM protocols (SAML, OAuth2, OIDC, SCIM, LDAP, Kerberos). 
• Hands-on experience with PAM platforms (e.g., CyberArk, BeyondTrust, HashiCorp Vault). 
• Strong understanding of zero trust principles, identity federation, and cloud-native identity services. 
• Familiarity with identity governance platforms (e.g., SailPoint, Saviynt). 
• Experience with DevSecOps, API security, and infrastructure-as-code (Terraform, Ansible). 
• Familiarity with compliance frameworks such as NIST, ISO 27001, SOC 2, HIPAA, and PCI-DSS. 

PREFERRED EXPERIENCE

• Experience in regulated industries (e.g., financial services, insurance, healthcare).
• Strong communication and leadership skills, with the ability to influence technical and non-technical stakeholders.
• Experience leading security architecture programs or initiatives at the enterprise level. 

This position has the potential to earn compensation in the range of $175,000 - $225,000 annually based on location and job-related factors such as skillset and experience. Actual rate may vary within the range provided, depending on a number of factors, including skillset, experience and location.  The base compensation is one component of the total rewards package offered to our employees, including optional health and welfare insurance (medical/dental/vision/life/disability); paid holidays, vacation, and sick time off; and matching 401(k) plan and matching employee stock purchase plan.