Researches, designs and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors – i.e. Intrusion Prevention Systems, Security Incident and Event Management Systems, Network Forensics, etc.
Evaluates and develops secure solutions, based on approved security architectures. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.
Communicates security risks and solutions to business partners and IT staff.
Perform security checkpoint reviews, ensuring security requirements have been identified and adequate testing performed
Serves as a security expert in application development, database design, network and platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
Researches technological advancements to ensure that security solutions are continuously improved, supported and aligned with industry and company standards.
Assist in responding to audit requests and issues
Professional certifications desired such as: CISSP ( Certified Information Security Systems Professional), Certified Ethical Hacker, SANS GIAC ( Global Information Assurance Certification), or similar
Minimum of 8 years’ experience in Information Security, with proven experience in an Information Security Architect/Senior Engineer role
Familiarity with Industry Best Practices e.g. NIST, NSA, SANS, OWASP, etc.
Requires strong knowledge of:
Information systems vulnerability management processes and technologies
Quality and process improvement disciplines
Recognize standards such as ISO2700x, COBIT, PCI-DSS, ITIL V3, COSO, CMMI and TOGAF
Compliance aspects of GLBA, EU Data Protection Directive, Sarbanes-Oxley and other relevant laws and regulations
Solid understanding of security principles and technologies: Firewalls, Web/E-mail Proxies, IPS/IDS, SIEM tools, Sourcefire, Office365
Proven experience with:
Developing information security policies and standards
Implementing and configuring information security tools
Developing and improving information security processes
Business Continuity Planning and Disaster Recovery
Requires strong technical knowledge and Information Security experience with at least five (5) of the following:
Scanning (must have heavy scanning experience) - scanning with dynamic code
Application Development SDLC
This is a tactical security solutions role where you will be designing and figuring out how to meet security standards
Strong understanding of information security concepts, threats, vulnerabilities, and controls
Network security experience with Cisco technologies, Routers, Switches, and Firewalls
Flexibility and adaptability in the face of changing priorities; ability to evaluate and manage risk; ability to negotiate resolutions of conflicting security and business objectives
Demonstrated ability to provide detailed communication to management and peers, the ability to work independently, and the ability to manage multiple projects with competing priorities.