As a Security Architect, you will work across complex and critical technology programs paramount to Fidelity Charitable’s digital ecosystem driving strategic security and fraud protection objectives.  You’ll work in close collaboration with product and engineering teams within Fidelity Charitable as well as across the enterprise to continually evaluate emerging threats as well as drive impactful security architecture solutions that will promote standard methodologies and enhance the security posture of our capabilities.

In addition, you will provide technical vision and leadership over critical capabilities as part of multi-year programs providing new business capabilities and continually evolving existing platforms. You will be a part of a broader team that defines and maintains our overall technical strategy and coordinated roadmap.  This position requires strong technical expertise, strategic thinking, and the ability to foster collaboration across cross-functional teams to ensure Fidelity remains at the forefront of cybersecurity innovation.  Key responsibilities include engaging with senior leadership to influence product roadmaps, driving adoption of enterprise security standards, and producing high-quality documentation such as blueprints and frameworks.

•Deep understanding of application security frameworks, disciplines and practices, experience with secure application development and application security risk mitigation techniques

• Experience architecting and implementing solutions for identity management including single sign-on and federated identity management, authorization and identity provisioning.  Relevant certifications such as CISSP, CISA, CCSP, AWS Security Principles, and AWS Certified Solution Architect preferred.

• Knowledge of Identity and Access Management (IAM), Cryptography / Key Management, Access Controls and Security Protocols, secrets modernization, secrets management e.g., Multi-factor, SAML, OAuth, OIDC etc.

• Experience with firewall, WAF and other edge services and good understanding of DMZ and other network architectures

• Experience managing the unique security challenges of cloud environments, with a strong focus on AWS

• The ability to guide the development and design of security standard methodologies to all layers of the application stack.

• Experience in developing applications with Java and Spring frameworks as well as experience in integration patterns utilizing APIs, streaming, messaging, and file exchange.

• Demonstrated ability to convert theoretical ideas into real-world implementations by building complete proofs of concept and providing tangible solutions along with well‑defined migration plans.

• Proven ability to define new strategies or enhance existing ones, ensuring alignment with enterprise direction while collaborating with and influencing technology partners to drive adoption and execution.

• Ability to communicate clearly and build positive working relationships across teams.

• Driven by curiosity and teamwork to develop sound and effective approaches to intricate problems, making solid tradeoffs that ensure both effective design and high‑quality delivery.

• Solid foundation and experience base in software engineering and continuous delivery practices

• Bachelor’s degree in computer science, Information Technology, or a related field