DevOps Security Architect

Full Time Chicago IL Federal Home Loan Bank of Chicago

Day to Day:

The DevSecOps Security Architect provides accountability for the security of the technical solutions from the Modern Engineering Center of Excellence to ensure that the new technology, processes, and ways of working within IT align with IT strategy, increase the FHLBC security posture, and drive higher quality products. Modern Engineering is our clients adoption of DevSecOps processes and tools. The DevSecOps Security Architect is responsible for the technical thought leadership surrounding security considerations of modern product development technology and supporting processes across the organization. Primary responsibilities include developing security architecture, code and designs for Modern Engineering solutions (including SAST, DAST, RASP, CI/CD, IaC, immutability, and automated testing), consulting across the organization on implementation of security solutions, and training IT to adopt continuous security principles. The ability to build collaborative stakeholder relationships is a must.

Other responsibilities include but are not limited to:

Serve as security authority for IT on the Modern Engineering solutions; responsible for developing "security first" strategy and evangelizing cloud and application security best practices

Serve as subject matter expert for security and tooling landscape; stay current on market trends and research

Design and implement architecture of security solutions in accordance with IT strategy and leading practices from industry including AWS Well-Architected Framework

Work directly with business and IT technology owners to understand security requirements, complexities, and implementation strategies

Define, develop, and validate RBAC security configurations when applicable to Modern Engineering platforms and environments

Consult with all levels of the organization, including executive leadership, to provide direction for security practices and controls; this includes areas of application security, cloud security, DevOps, compliance, and organizational strategy

Engage and consult with other Security leadership including Information Security, Security Advisory & Analytics, and IT Risk & Compliance to define Security Standards and Procedures and integrate security considerations within the software development lifecycle

Define, review, and implement Modern Engineering cloud-specific Security Standards, Procedures, and Guidelines


Certification from leading vulnerability management frameworks (e.g., SANS, CISSP, OSCP)

Audit, compliance, and governance experience

In-depth knowledge of risk assessment methods and technologies
Must Haves:

10+ years of security experience including implementation of security controls for applications, cloud, and/or DevOps

3+ years of software engineering experience required

Least Privilege functionality and Segregation of Duties

Exposure to IAM processes

Knowledge of common information security management frameworks

In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls

Skilled in performing risk, business impact, control, and vulnerability assessments

To apply for this job please visit