BBVA Compass

  • Security Architect

    Job ID
    FLSA Status
  • Responsibilities

    Future of Banking

    At BBVA, we’re working to make banking better for everyone. That’s where you come in. We’re looking for smart, team-oriented people who want to be part of a first-class workforce that gives people the tools they need to meet their financial goals, all while delivering an outstanding client experience.


    Digital transformation is at the heart of BBVA. It’s how we will achieve our purpose to bring the age of opportunity to everyone. Our purpose reflects the bank’s role as a facilitator, offering customers the best banking solutions, helping them make the best financial decisions and making a real difference to their lives. We live in the age of opportunities where technology offers universal access to education and offers many more people than ever before the possibility of embarking on projects and pursuing their dreams.


    Are you a visionary?  Are you revolutionary?  Our Engineering teams are charged with reinventing the banking industry.  We are revolutionizing how banking is done today and how it will be done in the future.  Our team is made up of risk taking, intellectually curious, entrepreneurs who want to create the future of banking.


    What you will be doing.


    You will work as part of the Security Architecture team which is responsible for enterprise security architecture and strategy.  We are responsible for reviewing, designing and advising application teams regarding the implementation of security standards into the SDLC.  Another primary role will be architecting, designing, and assessing risk and threats to security solutions in a way that enforces security consistently across internally developed and commercial-off-the-shelf applications. The security architecture team also supports the Application Security team in analyzing and providing remediation guidance for vulnerabilities within software applications and systems using a variety of tools and methodologies.  As a member of security architecture, you will be required to design, architect and advise technical teams and business stakeholders on cloud security strategy for cloud based applications.  We serve as a hands on subject matter expert in the field of application security with the ability to work with developers, architects, project managers, business analysts and others to identify security requirements for projects and ensure that these requirements are met as part of the SDLC.


    As a part of this team, you will assist with the development of the security architecture program which meets regulatory requirements and aligns with industry security practices.

    • We will regularly perform security design review, threat modeling and architectural/system security assessments to ensure that solutions are being designed in a way that properly measures risk
    • We regularly create advisory and strategy documents, conduct proof-of-concept evaluations, selection advice and recommendations, and determine optimal ways of integrating technology into new and existing processes
    • We must apply and determine the impact of the introduction of new and emerging programming methods, technologies, and industry trends on the security posture of BBVA Compass' enterprise applications and development methodology.
    • We must also contribute to the development and maintenance of the information security strategy, policies and procedures



    What you will bring.


    • Working knowledge of common web application security vulnerabilities (OWASP Top Ten, etc.) and programming patterns that lead to them, as well as remediation techniques
    • Experience with enterprise applications (architecture, development, and support)
    • Working knowledge of authentication and identity management technologies
    • Working knowledge of cryptography and proper application to real-world situations
    • Strong experience supporting effective cyber and information security programs
    • Experience in working within information classification and/or data privacy frameworks
    • Understanding of the fundamental differences between cloud technology, specifically IaaS, and on premise solutions
    • Must be a relationship builder and capable of functioning with limited oversight
    • Must have experience in large scale security programs including identity & access management, cloud strategy, and devops and agile methodologies
    • Must manage ambiguity and be able to define clear goals and plans from it
    • Must have strong enterprise business acumen and demonstrate strong listening, communications, alliance-building, negotiation, conflict management and influencing skills
    • Must be able to consider business perspectives in projects and find solutions rather than focus on a black and white solution of yes or no


    Preferred Qualifications:

    • Ability to work in both agile and waterfall projects and understand the implications of when and how to be engaged in each
    • Experience with REST API security and related technologies
    • Experience with software security testing (static and dynamic analysis)
    • Conversational fluency in English and Spanish with relevant terminology in engineering and architecture terminology a plus
    • Professionally recognized certifications in a security-related field, OSCP, GIAC certifications, CISSP or other certifications preferred
    • Deep technical understanding of how cyber-attacks may be carried out and how they can be disrupted


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.