Senior Lead, Cyber Security Encryption & API Engineer

About Northern Trust:

Northern Trust a Fortune 500 company is a globally recognized award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the worlds most successful individuals families and institutions by remaining true to our enduring principles of service expertise and integrity. With more than 130 years of financial experience and over 22000 partners we serve the worlds most sophisticated clients using leading technology and exceptional service.

Role/ Department:

Seeking a dynamic engineer who is passionate for cloud and security technologies to be part of a team that develops enterprise security solutions. As an architect in our Data Protection team you will be responsible for designing implementing integrating testing and deploying features and components in a large-scale system. We expect you to drive improvements to code quality performance and team processes while leveraging modern web technologies and tools. The successful candidate will be able to debug problems arising as a result of implementing data protection technologies and be able to understand the implications of those implementations.

Develops and administers the solutions that meet system expectations relative to scalability performance fault tolerance usability and data integrity. Delivers solutions that meet end user expectations relative to performance usability and security for the Data Protection Engineering and Architecture function.

Uses specific knowledge of a discipline to achieve goals through own work. Has specific knowledge or expertise typically gained through formal education or equivalent experience. Uses expertise to provide guidance to others as a project manager or consultant. Requires in-depth conceptual and practical knowledge in own job discipline and basic knowledge of related job disciplines. Solves complex problems. Works independently; receives minimal guidance. Will lead projects or project steps within a broader project or may have accountability for on-going activities or objectives. Acts as a resource for colleagues with less experience

The key responsibilities of the role include:

• Setting up Encryption using Technologies such as Voltage Secupi Protegrity or Microsoft Purview
• Understanding Key Management framework and best practices around Bring Your Own Key and Hold Your Own Key.
• Design configure and deploy Layer 7 gateways (API Gateway).
• Implement and manage policies for throttling routing caching and request/response transformation.
• Apply secure authentication and authorization mechanisms such as OAuth2 JWT and SAML.
• Configure and maintain Web Application Firewalls (WAFs) to protect against OWASP Top 10 threats like SQL injection XSS CSRF.
• Monitor API traffic and logs for anomalies performance issues and security incidents.
• Integrate Layer 7 logs with SIEM tools (e.g. Splunk Azure ) for real-time threat detection and incident response.
• Implement data encryption at rest and in transit using industry-standard protocols (e.g. AES-256 TLS 1.2/1.3).
• Manage and rotate encryption keys using centralized key management systems (e.g. AWS KMS Azure Key Vault HashiCorp Vault).
• Enforce key lifecycle policies including key generation rotation archival and revocation.
• Ensure secure storage and access control of keys certificates and secrets.
• Design and maintain PKI (Public Key Infrastructure) for certificate issuance and validation.
• Integrate encryption practices into applications APIs and databases with minimal performance impact.
• Setting up DLP Policies in Microsoft Defender for Cloud Apps (CASB) Microsoft Defender for Endpoint and Microsoft Purview
• Assisting the Implementation of Data Loss Prevention and guide on unit testing and support documentation;
• Determining operational feasibility by evaluating analyzing problem definition requirements solution development and proposing solutions.
• Collaborating with Enterprise Architecture organization as needed.
• Reviewing documentation processes or procedures and recommends where automation or improvements can be implemented
• Operating independently; has in-depth knowledge of business unit/function; Accomplishes engineering and organization mission by completing related results as needed.
• As subject area expert provides comprehensive in-depth consulting and leadership to team and partners.
• Create and maintain access control policies including IP whitelisting blacklisting and header validation.
• Ensure secure API lifecycle management including onboarding versioning governance and documentation.
• Analyze and respond to cyber threats vulnerabilities and attack vectors.
• Lead incident response processes including detection containment eradication and recovery.
• Perform regular risk assessments threat modeling and security reviews of systems and applications.
• Implement identity and access management (IAM) practices using SSO RBAC and federated identity solutions.

Skills/ Qualifications:

• Excellent teammate skills effectiveness both in independent and collaborative work.
• Ability to learn and use new technologies.
• Background in networking data security and cloud-based applications.
• Experience with distributed computing platforms for high-scale systems.
• Experience with Azure services and eco-system.
• Experience with Microsoft and Linux-based environments.
• Experience with continuous integration and deployment tools.
• Conduct internal security audits and assist with external security assessments and certifications..
• Educate development and operations teams on secure coding practices and security awareness.
• Integrate security tools and practices into CI/CD pipelines (DevSecOps approach).
• Use vulnerability scanners (e.g. Nessus Qualys) and static analysis tools (e.g. Fortify SonarQube).
• Automate security testing monitoring and reporting with scripting (e.g. Python Bash) and infrastructure-as-code tools.
• Stay up to date on latest cybersecurity threats technologies and mitigation strategies.

Working with Us:

As a Northern Trust partner greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged senior leaders are accessible and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

Wed love to learn more about how your interests and experience could be a fit with one of the worlds most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process please email our HR Service Center at .

We hope youre excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.