Design and administer procedures in the organization that sustain the security of the organization's data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization's data security measures.
KEY JOB FUNCTIONS
- Respond to critical alarms involving the data center and provide assistance in resolving alarms. Update upper management on the status of critical alarms.
- Minimize risk to data center operations by reviewing facilities change controls and method of procedures (MOP) and revising change controls or MOPs as needed.
- Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
- Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.
- Plan or lead projects designed to develop and test new methodologies and systems for recovery of the critical core business processes and the enterprise infrastructure. Create policies and procedures for data center work.
- Work with internal and external auditors to verify controls and address gaps accordingly.
- Plan, manage, document, and evaluate the performance of subordinate staff. Make provision for their technical and professional growth through assignments, mentoring, and technical training opportunities.
- Bachelor's Degree or equivalent required
- 6+ years of related experience
SPECIALIZED KNOWLEDGE & SKILLS
- Knowledge of Application security, application penetration testing, vulnerability analysis and resolution
- Knowledge of secure coding practices and of conducting security assessments and analysis of applications
- Knowledge of risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options
- Information security and application security or application development experience
- Ability to coordinate activity among multiple teams, both technical and non-technical
- Strong verbal and written communications skills; comfortable briefing senior management
- Knowledge and or experience DevOps, CI/CD, Fortify
- Knowledge of testing automation.
- Knowledge about performing multiple information security support services associated with vulnerability assessments (including vulnerability, database, and web scanning along with network mapping) and security functional testing; evaluating/analyzing vulnerabilities, developing a mitigation plan and validating remediation for on-prem and cloud-based environments
- Knowledge of and or experience in customizing vulnerability and/or secure configuration checks of scanning tools
- Knowledge of Information Security including vulnerability & compliance tools and processes, associated vulnerabilities, awareness of emerging threats and attacks mapped to effective controls and/or mitigation solutions
- Knowledge and or experience overseeing and managing internal penetration testing teams and operations
- Familiar with the development of vulnerability metrics/status reports and recommendations for vulnerability remediation
- Familiar with the work to assess the security risk associated with security vulnerabilities
- Familiarity of end to end Vulnerability Management processes
- Familiar with risk analysis methods and techniques
- Familiarity with key security concepts/frameworks such as OWASP, CVE, and CVSS
- Familiarity with emerging applications security exploits
- Familiarity with AWS and containers
- Familiarity with Mobile application security assessments
- Ability to initiate and promote activities to foster Information Security awareness and education among application development
- Strong verbal and written communications skills; comfortable briefing senior management.
- Strong interpersonal skills for developing relationships with individuals and teams across the enterprise.