Application Security ArchitectPosted: November 17, 2009
Application Security Architecture
Location: Wilmington, DE
Length: 3-6 month contract-to-hire
The IT Security Team is responsible for the implementation of controls and delivery of services ensuring appropriate logical and physical protection of information and other assets enterprise wide.
Job Summary:
This role will provide vision and direction for security as it supports the business. You will work closely with the technology organization to create innovative security solutions for our systems and educate our team on secure application development
Additionally, you will play a key role as you provide both strategic and tactical security advice and develop technology solutions which promote securing customer data including examining new and existing technologies.
Responsibilities include identifying and understanding the networks, infrastructure, software, middle-ware and development practices in order to identify the security issues that can put our success at risk, and then building solutions and mitigations to help resolve those risks.
Guide the security of applications by participating in design reviews, threat modeling, and in depth security penetration testing of our code and systems. These responsibilities extend to providing input on application design, secure coding practices, log forensics, log design and code security.
The ideal candidate will have in-depth experience protecting against web services security vulnerabilities including cross-site scripting, sql injection, DoS attacks, XML/SOAP and APIs.
This position is also responsible for performing cutting edge research on new attacks and defense mechanisms to maintain proactive system design/maintenance.
In addition this individual will hold responsibilities for evaluating external and/or building internal application security tools such as code security scanning and vulnerability assessment, and driving usage of these tools internally.
Essential Functions:
Ensure security standards are built into the SDLC
Maintain an ongoing process of evaluation and testing for compliance with established security design standards is integrated into the quality assurance program
Lead the effort to provide on-going training and awareness regarding application security to development, quality, and architecture teams.
Act as a technical resource and communicate security vulnerabilities while also providing recommendations to address or mitigate associated risk
Represent security interests on project teams by ensuring security standards and requirements are defined as part of the deliverables.
Participate in security testing and application assessments against vendor, partner or other 3rd party infrastructure (network, hosts, applications)
Assist in the development and implementation of information security polices and procedures
Provide planning and review of system and network designs to ensure compliance with company security policies and security best practices
Define application hardening; assist in the audit of security configurations for compliance and implement solutions to prevent identified variances from re-occurring
Evaluate new products, methods, and technologies to protect against existing and emerging security threats
Provide configuration tuning, troubleshooting services and incident response for security infrastructure where needed
Work with sensitive, confidential and/or proprietary information while maintaining the highest level of confidentiality, professionalism, and ethics
Identify and resolve complex issues and develop innovative solutions to achieve both business and technology goals while maintaining appropriate security.
Experience & Qualifications:
7+ years of broad work experience including administration, engineering and security
3+ years of experience in application security design,
Ability to work on multiple projects simultaneously and balance conflicting demands
Strong sense of professionalism, integrity and ethics
Ability to combine technical skills with an understanding of business needs to successfully protect assets
Excellent communication, negotiation and leadership skills
Ability to demonstrate strategic thinking
Extensive problem solving and analytical skills
Proven ability to communicate effectively, both verbally and in writing to technical and non-technical audiences
Education and/or Certifications:
A post secondary education is strongly preferred, graduate work a plus
CISSP, SANS GIAC, security+, MCSE or equivalent certifications a plus
Security experience in financial services a plus
Technical skills and abilities:
Extensive programming and application development experience in multiple languages such as Java, C, and scripting languages
Familiarity with multi-platform environments and their operational/security considerations
Knowledge of: UNIX, Oracle, LDAP, NT, Windows 2000, Active Directory, RSA, LANs WANs, Firewalls, VPN, Routers, Switches, Telecommunications, TCP/IP,
Knowledge of communications networks and architectures including LANs, WANs and WiFi
Knowledge of security and privacy requirements such as GLBA, PCI, SOX, SAS70, ISO 27001, HIPPA, CA CDPA/SB1386, CAN-SPAM, TrustE and EU Safe Harbor Please refer to job code 91904 when responding to this ad.
|
