Architect Iii, Security - Digital

Company Description

Pilot Company is an industry-leading network of travel centers with more than 30,000 team members and over 750 retail and fueling locations in 44 states and six Canadian provinces. Our energy and logistics division serves as a top supplier of fuel, employing one of the largest tanker fleets and providing critical services to oil operations in our nation's busiest basins. Pilot Company supports a growing portfolio of brands with expertise in supply chain and retail operations, logistics and transportation, technology and digital innovation, construction, maintenance, human resources, finance, sales and marketing.

Founded in 1958 by Jim A. Haslam II and currently led by CEO Adam Wright, our founding values, people-first culture and commitment to giving back remains true to us today. Whether we are serving guests, a fellow team member, or a trucking company, we are dedicated to fueling people and keeping North America moving.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status or any other characteristic protected under applicable federal, state or local law.

Job Description

As a Digital Security Architect, you will play a pivotal role in fortifying the security of our digital assets, which include mobile applications, websites, backend APIs, and business services and integrations. Your primary responsibility will be to oversee the end-to-end security of our digital products, mitigate digital fraud, and develop a comprehensive cybersecurity roadmap for our Digital ecosystem. You will be responsible for proactively addressing security concerns, collaborating seamlessly with cross-functional teams, and staying current with evolving threats and the security landscape.

1. Assume overall responsibility for the security architecture and posture of digital applications and systems within the digital domain, to include: the development lifecycle, initial design, development, testing, deployment, and ongoing maintenance.
2. Develop and maintain a robust security architecture that aligns with Pilot Flying J’s goals and industry best practices, ensuring that the security architecture supports both current and future Digital development initiatives...
3. Conduct (or coordinate) comprehensive threat modeling exercises to identify potential security risks and vulnerabilities across all Digital products, both frontend and backend, and provide actionable recommendations for mitigating identified threats.
4. In concert with development and operation teams, seamlessly integrate security practices into every stage of the Software Development Life Cycle (SDLC).
5. Partner with the Cybersecurity team to conduct regular security testing, including penetration testing, vulnerability assessments, and security scans.
6. Assist the Cybersecurity team in tailoring incident responses specific to Digital threats and incidents, determine root causes of security events involving digital assets, and recommend mitigation strategies.
7. Ensure that digital applications and systems comply with relevant industry standards, regulations, and best practices (e.g., PCI DSS, OWASP, SSDF), while also continuously monitoring changes in compliance & security requirements and adapting security strategies accordingly.
8. Collaborate closely with cross-functional teams, including Digital Products, Digital Development, Frontend Design/UI/UX, PMO, DevOps, IT Ops, SecOps, Enterprise Architecture, Fraud Prevention, etc.
9. Engage in ongoing communication to align security efforts with business goals, user experience, and fraud prevention strategies.
10. Collaborate with observability team on planning, configuring, and maintaining proactive monitoring and alerting mechanisms.
11. Model behaviors that support the company’s common purpose; ensure guests and team members are supported at the highest level
12. Ensure all activities are in compliance with rules, regulations, policies, and procedures

#LI-CR1

Qualifications

1. Minimum of 3 years in security architecture required or equivalent combination of education and experience, with 3 years in digital development preferred.
2. Bachelor's or Master's degree in Information Security (IS), Computer Science, or a related field, or equivalent corporate experience.
3. Industry-recognized certifications such as CISSP, CISM, or GDSAor CEH are preferred.
4. Knowledgeable or experienced in application development using different languages and paradigms.
5. Experience working directly with:
   1. Native mobile application development (iOS, Swift, Android, Java, Kotlin, Xcode, Android Studio),
   2. Web development (.NET Framework, Node.js, CSS, JavaScript, HTML, IIS, React)
   3. Backend/API development (.NET Framework, .NET Core, Integration platforms such as MuleSoft and AWS API Gateway) & Cloud platform (AWS, Azure, Google Cloud) teams
   4. CIAM Platform (Ping, Okta, etc.) teams
   5. DevOps &CI/CD (Jenkins, GitHub Actions, CloudBees, AzureDevOps, etc.) teams
6. Proven experience in Digital security architecture and secure SDLC.
7. Strong knowledge of industry standards and best practices.
8. Strong data, metrics, and system log collection, analysis, and assessment skills are preferred.
9. Excellent communication and collaboration skills.
10. Ability to balance security requirements with business objectives.

Additional Information

Nation-wide Medical Plan/Dental/Vision
401(k) and Flexible Spending Accounts
Adoption Assistance
Tuition Reimbursement
Onsite Gym and Cafeteria
Weekly Pay

All your information will be kept confidential according to EEO guidelines