Contribute to the security planning, assessment, risk analysis, risk management, and awareness activities for systems and platforms
Identify and document information security controls and patterns that support risk assessments and the development of secure architectures
Integrate security requirements into technology lifecycle management and contributes to multiple large, complex application projects with cross functional teams and business users
Responsible for threat analysis of architecture, design and development for critical solutions
Provide cross-functional and operational support to analyze and resolve key security vulnerabilities
Analyze and recommend strategy and direction to mitigate security risks within the across the organization
Responsible for security of SaaS Infrastructure including network
Identify security related gaps/deficiencies and formulate remediation plan and drive resolution
Perform Security Audits, Penetration Testing (Applications and OS), Vulnerability Scanning and Management
Advise project/products teams on security design, network, system hardening and implementation
Assist in reviewing third party services for security for compliance and security posture
Assist in the Risk Analysis/Management process
Assist in the development of policies and procedures which enable best practices in security for the organization
Helps Coordinate responses to information security incidents.
Coordinates and executes security architectures around IT and security projects
Participates in company-wide data classification assessment and security audits and manage remediation plans
Assists in the management and maintenance of user security awareness training
Is an escalation point and provides on-call support as required to assist in security related incidents as per the Incident Response Plan
Provides security positioning statements and consultation as it relates to company and SaaS environment for RFP's and Sales opportunities
Manages security tools, hardware and vulnerabilities scanning tools to ensure they meet compliancy requirements
8+ years of experience in creating and managing enterprise information security architectures and solutions across multiple disciplines (network, cloud, endpoint, software development, etc.)
Experience with the software development lifecycle (SDLC) of enterprise applications deployed in a multi-tier environment.
Working knowledge and experience with Web Application Security and addressing security vulnerabilities
Demonstrated experience designing, implementing and analyzing large-scale web-based client/server applications with a focus on security, performance and scalability, reliability, stability and ease of deployment.
Solid understanding of security protocols, cryptography, key management, authentication, authorization
Experience implementing multi-factor authentication, single sign-on (SSO), identity access management (IAM) or related technologies
Ability to work on complex technical problems and provide solutions that are highly innovative
Demonstrated experience supporting Web application security "best practices", including the OWASP top ten and CWE/SANS Top 25, security risks and performing DAST vulnerability testing.
Experience with SAST tools such as Veracode, Synopsis (Coverity), SonarQube etc.
Experience with DAST tools such as Nessus, Nexpose, QualysGuard etc.
Strong background and knowledge of SaaS applications, Proxy/API architecture, Cloud security
Strong experience with one or more security frameworks such as SOC 2, ISO 27001, NIST, CIS, HITRUST CSF
Familiarity with HIPAA and GDPR compliance
The ability to work collaboratively – to seek input and ideas from others, with a willingness to change.