concept of "security as code", "infrastructure as code", and will relentlessly advocate for automation. The ideal candidate with be knowledgeable about coding weaknesses,securitythreats and vulnerabilities and how to remediate or neutralize thesethreats. The incumbent will understand, perform, review and teachthreat modeling,risk assessments, conduct and/or organize penetration tests, conduct vulnerability scans, document findings, and validate remediation steps. The ideal candidate will be comfortableworking within an Agile culture on teams. This is an individual contributor position. The position defines and delivers complex IT work products at agreeddeadlines. The position requires limitedsupervisionand works mostly independently.
Typical tasks and work products include:
- Monitor the compliance of Information Security programs, policies, procedures and systems to satisfy company policy, regulatory, compliance requirements and to protect the company’s technology and informational assets.
- Continuously identify, evaluate, rate, and reportinternal and external threats to the company’s information securityposture. Evaluate, recommend and implement reasonable security systems and/or procedures to mitigate identified threats.
- Prepare and publish Information Security reports as directed by management.
- Act as security SME for WFS by providing best practice guidance on how systems should be deployed or architected (i.e. Understand IT Operations such as firewalls, active directory, server/workstation hardening, patching, and encryption)
- Perform periodic risk and vulnerability assessments of critical systems and infrastructure to assess the information securityrisks to the Company. Recommend mitigating controls or procedures to eliminate or minimize identified risks.
- Promote information security awareness by developing, maintaining, and delivering information security awareness programs together with Corporate Training.
- Represent information security considerations in approved System Development LifeCycle, Change Management, Production Support and technology-enabled projects.
- Support the cause of Information Security throughout the company by actively participating as a trusted information security advisor to WFS. R5418