Purpose
To increase Security around current and all future applications, this is to be done by testing, training and awareness.
Key Responsibilities
* Perform high and low level application security testing. Duties primarily consist of running automated scanners, using advanced attack and assessment methodologies, as well as review of source code to thoroughly evaluate the security of target applications. Other duties include meeting with application owners prior to assessment, correlating resulting data for delivery, and validating vulnerability mitigation.
* To enhance IT security and controls in response to increased internal and external web applications as well as legal and regulatory requirements.
* Work on team projects throughout the year to help push the progress of the Global IT Security initiatives. Some projects will be given ownership and a leadership role expected. Some example projects are: Firewall hardware refresh, Intrusion Prevention System initiative, Endpoint Security initiative, Policy Review and Refresh, Vendor and Managed Service management.
* Participate in training and research to ensure that technical skill set stays current with modern practices and methodologies. This should include conferences and online training as well as knowledge transfer to the team via internal training, documentation and process development and maintenance.
Essential Duties & Responsibilities
* Create and maintain application test vulnerability and risk assessment database.
* Develop and maintain an IT security application testing strategy, policies and standards, and architecture.
* Do application tests remotely and onsite to help ensure audit, regulatory and policy satisfaction.
* Provide support within the Global IT Security team on all application testing matters.
* Provide endorsement to Manager on security projects and operations personnel.
Qualifications
1. At least 3 years of technology experience as a network engineer, analyst, architect or designer experience with implementation of network security systems such as intrusion detection, cryptography, firewalls, VPNs, remote access solutions, and endpoint protection solutions.
2. At least 2 years in network security in the services and industry experience in developing network security policies and standards.
3. Extensive knowledge of distributed data networking technologies and systems
4. Thorough knowledge of internetworking, including TCP/IP, IPsec, routers, IP internetwork configuration and design
5. Substantial knowledge of information security practices and technology
6. Basic level of understanding in Compliance (PCI, CoBIT)
7. 5-10 as a Code reviewer and Programmer. With strengths in Application testing and code evaluation.
8. Experience with standards work in security, such as ISO, ANSI, IETF, etc.
9. Graduate degree in computer or electrical engineering, mathematics, computer science or related discipline.
10. Good Project management skills