- *System policies andarchitecture
- Provides guidance to implementation groups for compliance with corporate information security protocols.
- Monitors adherence to the architecture and system-wide policies
- Responsible for managing application vulnerabilities by introducing security elements in the software development lifecycle (SDLC).
- Schedules scans and reviews of findings with clear precise remediation are an integral responsibility of this role.
- *Security implementation
- Ensures that security tools and technologies are deployed in the current environment in line with Enterprise Architectural requirements.
- Ensures that custom applications and IT operations management tools being deployed, such as network management and log management, have the appropriate security built into them.
- *Security Integration
- Ensures that new tools and technologies are appropriately integrated with the existing tools and technologies.
- Applies a thorough understanding of the existing architecture and policies in order to provide guidance to application development teams in coordination with Enterprise Architecture.
- *Strategy and Planning
- Participates in the planning and design of enterprise securityarchitecture, under the direction of the Director, IT Security where appropriate.
- Participates in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) under the direction of the Director, IT Security, where appropriate.
- Participates in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of the Director, IT Security, where appropriate.
- *Acquisition and Deployment
- Maintains up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved securityprocesses and the development of new attacks and threat vectors.
- Recommends additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Performs the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
- The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties and skills required.
EDUCATION AND EXPERIENCE:
Bachelor’s degree in Computer Science, Business or related field required. Eight to twelve (8-12) years of professional experience related to analytical or system supportexperience, or the equivalent combination of education, training and experience. In addition, three (3) years of experience with Intra/Internet/Extranet security issues and architecture; at least one of the three years in design, development and delivery of information security awareness programs. One (1) year of experience documenting technical analysis and making oral and written presentations related to IT security. Equivalent combination of education and experience is acceptable.
Knowledge of specialized principles or techniques equivalent to that which would normally be obtained through a formal four-year college/university academic program or an in-depth specialized training program directly related to the type of work being performed.
Requires knowledge of their professional discipline and a working knowledge of related fields. Understands information in several unrelated professional disciplines.
Working knowledge and experience with Ethical Hacking
Experience with Qualys Guard PCI, RSA SecurID, SecureACS, SolidCore FIM, Splunk, Rapid7 Nexpose scan, AirWatch MDM(VMWare), McAfee
Knowledge of computing and network operating systems, mobile device operating system
Strong understanding of UDP, TCP/IP, and other protocols.
Strong understanding of LINUX, Windows, UNIX, Android, Apple iOS, Cisco IOS
Familiarity with Oracle/PeopleSoft, Microsoft, Google apps