TECH ONLY - Contract - IT Dev / Int - Security - Level 4(USD)
Compensation: $115,490.00 - $170,130.00 /year *
Employment Type: Full-Time
Industry: Information Technology
Loading some great jobs for you...
POC - Gloria ChenJob Title: IT Security Architecture GeneralistThe Security Architecture (SecArch) team is part of the Technology Infrastructure Risk (TIR) organization. The mission of the SecArch team is to provide security architecture assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices. The SecArch Generalist is an internal consultant that is working on multiple security architecture and design assessments spanning multiple classes of technologies. It is an opportunity to get involved in multiple business units and technologies inherent to the mission of SecArch. The Integrator works with team members (Technology, Business, Suppliers, Stakeholders and Partners) globally to perform SecArch assessments. To be successful as an Integrator the candidate must have broad technology experience coupled, risk management, communication, and time management skills. A SecArch Generalist has the following responsibilities:1) Lead SecArch deep dives with the requestor of the assessment2) Prioritize risks identified in relation to business risks3) Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:a. Authentication, Authorization, Auditingb. Application Security Session Security, Vulnerability/Pen Testing items, Input Validationc. Secure data transport and storage4) Periodically review security reference architecture (security blueprints) and conduct updates/enhancements5) Participate in various Operational and Technology Risk governance processes6) Assist in identifying new areas and opportunities of technology investment for the firmSkills and Experience/Soft Skills (Required):1) Excellent communication skills: written, oral, presentation, listening2) Ability to influence through factual reasoning3) Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking4) Strong focus on delivery when presented with short timelines and increased involvement from senior management5) Ability to adjust communication of technology risks vs business risks based on the audienceSecurity Architecture Skills:1) [Required] In depth knowledge of application, network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers2) [Required] Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.3) [Required] Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.4) [Required] The candidate must have working experience in the following application/network security domainsa. Authentication: SAML, SiteMinder, Kerberos, OpenIdb. Entitlements and identity managementc. Data protection, data leakage prevention and secure data transfer and storaged. App Security - validation checking, software attack methodologiese. Cryptography encryption and hashing5) [Desired] Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, vpn, and load-balancers, and to understand network architecture.6) [Desired] The candidate must have working knowledge of the primary operating systems (Unix, Windows, z/OS, Mac OS), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.7) [Desired] Experience in testing tools, at least one of Veracode, Fortify, OunceLabs, AppScan, WebInspect,Burp Development Experience1) [Required] Even though the SecArch Integrator role is not a development role, the candidate must have previous background in programming, design and application architecture.
Associated topics: equipment, infrastructure, ip, maintain, maintenance, network, satcom, system engineer, system specialist, system technician
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.
Loading some great jobs for you...