Security Architect

Security Architect
Company:

Tsr Consulting Services, Inc.


Place:

Maryland


Area:

Programmer

Security Architect

Details of the offer

TSR is a premier National U.S. Staffing company with over 50 years of staffing excellence.
Our client, a leading financial company is hiring aSecurity Consultant on contract basis
Work Location:Location Baltimore MD
Client: Financial
Job Title: Security Consultant - Security Architecture
Job Description:The Security Architecture (SecArch) team is part of the Technology & Operations Risk (TOR) organization. The mission of the team is to protect the Firm by ensuring in-scope technologies built internally, products purchased and services used meet security requirements that include the Firms Policies, external guidelines, regulatory expectations, and appropriate controls in the areas of information security, secure design, and cyber security.We accomplish this mission via three primary services: architecture consulting, solutions consulting, and design review.
The Senior Security Architect is an internal consultant that is working on multiple security architecture engagements across the enterprise as either a single contributor, managing a dispersed team, or participating in a virtual team across business units. The senior security architect works with team members (IT, Business, Suppliers, Stakeholders and Partners) globally to address SecArchs mission.To be successful as a Senior Security Architect the candidate must have broad technology experience coupled with strong communication, influencing and time management skills.A Senior Security Architecture Specialist has the following responsibilities:
1- Lead architecture consulting to construct Security Architectures for a business unit or infrastructure Technology team
2- Conduct risk assessment and provide technology risk/requirements to address risks identified.Areas covered:a) Authentication, Authorization, Auditingb) Application Security: Session Security, Vulnerability/Penetration Testing items, Input Validationc) Secure data transport and storage
3- Periodically review security reference architecture (security blueprints) and conduct updates/enhancements to guidance, policies, or other applicable reference materials4- Participate in various Operational and Technology Risk governance processes5- Lead, where applicable, a role in architecture review committees representing Security ArchitectureSkills and Experience:Soft Skills Required:1- Excellent communication skills: written, oral, presentation, listening
Ability to influence through factual reasoning
Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking4- Strong focus on delivery when presented with short timelines and increased involvement from senior management5- Ability to adjust communication of technology risks vs business risks based on the audience
Ability to operate in multiple virtual teams, directly manage teams, or ability to operate as a sole-contributor
Security Architecture Skills
Required:1- In depth knowledge of application, network and platform security vulnerabilities
.2- Ability to explain vulnerabilities to developers
3- Experience in conducting Information Security, Security Architecture, Audit assessments.
Presenting the outcomes of the assessment and obtaining buy in
.4- Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
The candidate must have working experience in the following application/network security domains:a) Authentication: SAML, SiteMinder, Kerberos, OpenIdb) Entitlements and identity managementc) Data protection, data leakage prevention and secure data transfer and storaged) App Security - validation checking, software attack methodologiese) Cryptography: encryption and hashing
Desired Skills:1- Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, vpn, and load-balancers, and to understand network architecture
.2- The candidate must have working knowledge of the primary operating systems (Unix, Windows, z/OS, Mac OS), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks
.3- Experience in testing tools, at least one of Veracode, Fortify, OunceLabs, AppScan, WebInspect, BurpDevelopment
Even though the SecArch role is not a development role, the candidate must have previous background in programming, design and/or application architecture.In order to be a practical SecArch the candidate must have experience implementing complex applications in an enterprise environment
:1- Working knowledge of programming and scripting languages: Java, JavaScript, C#, C/C++, Perl, Python, Ruby
2- In-depth knowledge of web technologies such as Web Browsers, Web Servers, Web ServicesOther Areas of Expertise
Desired:1- Frameworks, protocols and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries,JMS, RMI, JMX, Hibernate2- Knowledge of JSP /Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex / Silverlight3- Database design and programming experience
4- Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)5- Experience in conducting and/or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
6- Understanding of geographic regulations and their impact on Security assessments7- Previous experience in Financial Services is preferred
8- CISSP or other industry qualification
Experience working with global organizations
Educational Requirements:- Bachelors Degree with minimum 7 years relevant work experience in high-paced, enterprise environment

Requirements


Knowledges:

  • Ruby

Entry level quality analyst (training & placement)

Company Description We are a E-Verified, IT consulting company that specializes in Business Analysis/Quality Assurance with over 300+ employees working all over...


From It Excel - Maryland

Published a month ago

Software developer

Who We Are Tavour makes it possible to discover and access the highest-rated craft beers from all over the nation through our mobile app experience. We believe...


From Tavour - Washington

Published a month ago

Senior software developer

Who We Are Tavour makes it possible to discover and access the highest-rated craft beers from all over the nation through our mobile app experience. We believe...


From Tavour - Washington

Published a month ago

Software developer

Who We Are Tavour makes it possible to discover and access the highest-rated craft beers from all over the nation through our mobile app experience. We believe...


From Tavour - Washington

Published a month ago