Description
Can you demonstrate a high level of expertise in information security and secure engineering disciplines?
Can you demonstrate an advanced working level in network and security best practices?
Can you advise product and operational teams on how to securely design applications and services following industry best practices and enhance existing security?
Can you analyze a solution to reduce the security risk to an acceptable level while still providing beneficial functionality for the end user?
Responsibilities
Apply knowledge of security principles, theories, and concepts, knowledge of business/function and development life cycle.
Takes a Lead Security Position in larger, more complex initiatives for DevOps, IaaS/Paas, Cloud and CI/CD strategic importance (eg, global initiatives, cross functional/cross geographies).
Define the security strategy, standards, and architecture for the security aspects of DevOps, Cloud, and CI/CD efforts.
Provides strategic leadership regarding organization-wide risks standards, technologies, and methodologies.
Recognizes security, fraud, regulatory or legal risks to the company and proactively implements solutions.
Influence on organization strategy, business function and/or processes.
Work closely with developers and evaluate business requests to determine feasibility; work with Software Engineers to define alternatives and recommend optimal solutions to meet security and regulatory requirements in the design of new/enhanced systems.
Ensure established security policies and standards are observed by consulting with Business Owners on projects.
Documenting and coordinating changes, enhancements of security standards and procedures.
Prepare and present business/technical presentations
Provide technical support for business owners to ensure adherence to requirements and document problem areas and coordinate resolutions.
Investigate/Research industry business/technical security processes.
Coordinate and document project/release level testing of new security software.
All About You:
Undergraduate degree preferably in computer science or work experience equivalent of 7-10 years in information security disciplines
Advanced knowledge of security protocols and standards, experience with software, security architectures and security designs.
Technical experience with Java
Extensive hands-on experience implementing operating system and application-level security controls.
Security design and implementation of web-based security architecture for secure on-line transactions
Technical experience with security practices of Intranet and Extranet
Knowledge or technical security experience in Cryptography
Working knowledge of symmetric and asymmetric encryption, Digital Certificates, SSL, VPN, IPSec, development of DMZ's and other security tools and processes such as privileged identity management, file integrity, audit, logging and IDS/IPS.
Experienced with the consumption of IaaS and virtualization platforms such as Amazon Web Services (AWS) EC2, VMware vCloud Director, VMware vSphere and Google AppEngine, OpenStack or Azure
Hands on experience in developing automated builds and tests using continuous integration (CI) tools
Experience with automation of content federation and life cycle management including OS images, binary packages and configuration management
Intermediate to advanced hands-on Scripting experience
Practical use of version control systems
Moderate to extensive hands-on administrative and security experience with Linux systems