- Lead SecArch deep dives with the requestor of the assessment
- Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
- AAA Authentication, Authorization, Auditing
- Application Security Session Security, Vulnerability/Pen Testing items, Input Validation
- Secure data transport and storage
- Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
- Participate in various Operational and Technology Risk governance processes
- Assist in identifying new areas and opportunities of technology investment for the firm
Desired Profile:
- Excellent communication skills: written, oral, presentation, listening
- Ability to influence through factual reasoning
- Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
- Strong focus on delivery when presented with short timelines and increased involvement from senior management
- Ability to adjust communication of technology risks vs business risks based on the audience
Security Architecture Skills
- Required In depth knowledge of application and basic knowledge of and network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
- Required Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buyin.
- Required Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
- Required The candidate must have working experience in the following application/network security domains:
- Authentication: SAML, SiteMinder, Kerberos, OpenId
- Entitlements and identity management
- Data protection, data leakage prevention and secure data transfer and storage
- App Security validation checking, software attack methodologies
- Cryptography encryption and hashing
- Required Even though the SecArch Integrator role is not a development role, the candidate must have understanding in programming, design and application architecture.
- Required In order to be a practical SecArch Integrator the candidate must have experience implementing complex applications in an enterprise environment.
- Required knowledge of programming and scripting languages: Java, JavaScript, C#, C/C, Perl, Python, Ruby
Other Areas of Expertise
- Frameworks, protocols and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries, JMS, RMI, JMX, Hibernate.
- Knowledge of JSP /Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex / Silverlight.
- Database design and programming experience
- Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)
- Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
- Understanding of geographic regulations and their impact on Security assessments
- Previous experience in Financial Services is preferred
- CISSP or other industry qualification
- Desired experience working with global organizations
