Senior Lead, Cyber Security Encryption & API Engineer - Northern Trust

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world's most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world's most sophisticated clients using leading technology and exceptional service.

Role/ Department:

Seeking a dynamic engineer who is passionate for cloud and security technologies to be part of a team that develops enterprise security solutions. As an architect in our Data Protection team, you will be responsible for designing, implementing, integrating, testing and deploying features and components in a large-scale system. We expect you to drive improvements to code quality, performance, and team processes while leveraging modern web technologies and tools. The successful candidate will be able to debug problems arising as a result of implementing data protection technologies and be able to understand the implications of those implementations.

Develops and administers the solutions that meet system expectations relative to scalability, performance, fault tolerance, usability, and data integrity. Delivers solutions that meet end user expectations relative to performance, usability and security for the Data Protection Engineering and Architecture function.

Uses specific knowledge of a discipline to achieve goals through own work. Has specific knowledge or expertise typically gained through formal education or equivalent experience. Uses expertise to provide guidance to others as a project manager or consultant. Requires in-depth conceptual and practical knowledge in own job discipline and basic knowledge of related job disciplines. Solves complex problems. Works independently; receives minimal guidance. Will lead projects or project steps within a broader project or may have accountability for on-going activities or objectives. Acts as a resource for colleagues with less experience

The key responsibilities of the role include:

• Setting up Encryption using Technologies such as Voltage, Secupi, Protegrity, or Microsoft Purview
• Understanding Key Management framework and best practices around Bring Your Own Key and Hold Your Own Key.
• Design, configure, and deploy Layer 7 gateways (API Gateway).
• Implement and manage policies for throttling, routing, caching, and request/response transformation.
• Apply secure authentication and authorization mechanisms such as OAuth2, JWT, and SAML.
• Configure and maintain Web Application Firewalls (WAFs) to protect against OWASP Top 10 threats like SQL injection, XSS, CSRF.
• Monitor API traffic and logs for anomalies, performance issues, and security incidents.
• Integrate Layer 7 logs with SIEM tools (e.g., Splunk, Azure ) for real-time threat detection and incident response.
• Implement data encryption at rest and in transit using industry-standard protocols (e.g., AES-256, TLS 1.2/1.3).
• Manage and rotate encryption keys using centralized key management systems (e.g., AWS KMS, Azure Key Vault, HashiCorp Vault).
• Enforce key lifecycle policies including key generation, rotation, archival, and revocation.
• Ensure secure storage and access control of keys, certificates, and secrets.
• Design and maintain PKI (Public Key Infrastructure) for certificate issuance and validation.
• Integrate encryption practices into applications, APIs, and databases with minimal performance impact.
• Setting up DLP Policies in Microsoft Defender for Cloud Apps (CASB) , Microsoft Defender for Endpoint and Microsoft Purview
• Assisting the Implementation of Data Loss Prevention and guide on unit testing, and support documentation;
• Determining operational feasibility by evaluating, analyzing, problem definition, requirements, solution development, and proposing solutions.
• Collaborating with Enterprise Architecture organization as needed.
• Reviewing documentation, processes or procedures, and recommends where automation or improvements can be implemented
• Operating independently; has in-depth knowledge of business unit/function; Accomplishes engineering and organization mission by completing related results as needed.
• As subject area expert, provides comprehensive, in-depth consulting and leadership to team and partners.
• Create and maintain access control policies including IP whitelisting, blacklisting, and header validation.
• Ensure secure API lifecycle management including onboarding, versioning, governance, and documentation.
• Analyze and respond to cyber threats, vulnerabilities, and attack vectors.
• Lead incident response processes, including detection, containment, eradication, and recovery.
• Perform regular risk assessments, threat modeling, and security reviews of systems and applications.
• Implement identity and access management (IAM) practices using SSO, RBAC, and federated identity solutions.

Skills/ Qualifications:

• Excellent teammate skills, effectiveness both in independent and collaborative work.
• Ability to learn and use new technologies.
• Background in networking, data security and cloud-based applications.
• Experience with distributed computing platforms for high-scale systems.
• Experience with Azure services and eco-system.
• Experience with Microsoft and Linux-based environments.
• Experience with continuous integration and deployment tools.
• Conduct internal security audits and assist with external security assessments and certifications..
• Educate development and operations teams on secure coding practices and security awareness.
• Integrate security tools and practices into CI/CD pipelines (DevSecOps approach).
• Use vulnerability scanners (e.g., Nessus, Qualys) and static analysis tools (e.g., Fortify, SonarQube).
• Automate security testing, monitoring, and reporting with scripting (e.g., Python, Bash) and infrastructure-as-code tools.
• Stay up to date on latest cybersecurity threats, technologies, and mitigation strategies.

Working with Us:

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We'd love to learn more about how your interests and experience could be a fit with one of the world's most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com .

We hope you're excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.