Job Description :
Job Title Security Architect
Job Location Pittsburgh PA
Project Duration 6+ Months
Rate $95/hr on w2
Mode of Interview 2 Skype Rounds
Client will pay Travel and expenses so no need to relocate (although that will be preferable

Job description:
Client needs someone more cyber security focused who has experience around open authentication / identity and access management.
Client Need someone with below experience focused:
Must haves: fraud experience, coding, forensics, financial transactions, - need financial experience
Information security strategy and in-depth experience in Banking Digitization (if possible)
Cybersecurity industry standards (Open Authentication etc)
Hands on experience on TOGAF/ SABSA & CoBIT and exposer on application architectures design and assessments
creating various security architectures and frameworks
Product evaluations for vulnerability and secure delivery.
Good experience on securing APIs for new age digital banks.
It’s a security architect but has experience around Sign on, open authentication (O-auth), etc.
Assist in driving the overall information security strategy for Retail Digital / point of sale systems
Act as security SME utilizing current Information Security disciplines and industry standards (Open Authentication for instance)
Analyze existing application architectures and provide design assistance to application owners and managers
Develop reference security architectures and frameworks
Perform IT system and product evaluations to facilitate secure solution delivery
Champion a security centric development practice across the Digital development teams & work with various internal security teams to automate threat scanning capabilities of both UI and API

Below are the software modules we have currently for security and authentication in client. Most of this code is in one big EAR file in single code base
UI flows,
Registration of customer online access
Self-service of security setting
Services, combination of servlets and controllers with multiple versions of APIs created by different consuming clients
Aggregators, which connects to client customer accounts
I am looking for someone to come in and analyze current state of architecture, recommend way to structure our existing pieces in separate modules and include capabilities for security to truly be a service that can be incorporated into many experiences in an agnostic way. Move to an API based structure and have security and authentication as independent software module for both service layer and UI (front end)
I am not sure if this resource can support all of above. I definitely want more technical person who can come in and lay out framework/foundation for future state based on what I just described above.
Participate in the analysis, architecture, design, development and implementation of distributed systems applications using JAVA technologies and security authentication/authorization technologies. Lead and participate in architectural technology designs considering usability, scalability, security, and ongoing supportability of software applications and components. As an Lead, you will assess current application architecture and identify/recommend target application architecture for security and authentication related applications/services.
Ability to define proof-of-concept initiatives. Analyze feasibility by presenting proof-of-concepts
Development and/or technical leadership experience with the following technologies is a plus: J2EE, Java, JSP, Servlets, SQL, Hibernate, Spring MVC framework, git, Maven
Experience with web application and services security issues and technologies.
Experience with web services standards and related technologies (SOAP, REST, JSON
Experience with architecting and developing solutions for highly scalable, highly available systems.
Ability to solve complex software development/design issues.
Strong process orientation/planning, organizational and problem solving skills.
Ability to understand systems from all levels, from the ''big picture'' enterprise-level view to the low level technical view.
Federation and Cloud implementations
Implementation and integration experience with RSA Adaptive Authentication (good to have)