Sr. Consultant – Security Architecture Review+App Sec / Compliance | Experience: 5+ Years

Location: Mumbai (India)

Category: Security Verification

Job Id: 56781

Responsibilities:

  • Lead SecArch deep dives with the requestor of the assessment
  • Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
    • AAA – Authentication, Authorization, Auditing
    • Application Security – Session Security, Vulnerability/Pen Testing items, Input Validation
    • Secure data transport and storage
  • Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
  • Participate in various Operational and Technology Risk governance processes
  • Assist in identifying new areas and opportunities of technology investment for the firm

Desired Profile:

  • Excellent communication skills: written, oral, presentation, listening
  • Ability to influence through factual reasoning
  • Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
  • Strong focus on delivery when presented with short timelines and increased involvement from senior management
  • Ability to adjust communication of technology risks vs business risks based on the audience

 

Security Architecture Skills

  • Required – In depth knowledge of application and basic knowledge of and network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
  • Required – Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy-in.
  • Required – Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
  • Required – The candidate must have working experience in the following application/network security domains:
    • Authentication: SAML, SiteMinder, Kerberos, OpenId
    • Entitlements and identity management
    • Data protection, data leakage prevention and secure data transfer and storage
    • App Security - validation checking, software attack methodologies
    • Cryptography – encryption and hashing
  • Required – Even though the SecArch Integrator role is not a development role, the candidate must have understanding in programming, design and application architecture.
  • Required – In order to be a practical SecArch Integrator the candidate must have experience implementing complex applications in an enterprise environment.
  • Required – knowledge of programming and scripting languages: Java, JavaScript, C#, C/C++, Perl, Python, Ruby

 

Other Areas of Expertise

  • Frameworks, protocols and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries, JMS, RMI, JMX, Hibernate.
  • Knowledge of JSP /Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex / Silverlight.
  • Database design and programming experience
  • Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)
  • Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
  • Understanding of geographic regulations and their impact on Security assessments
  • Previous experience in Financial Services is preferred
  • CISSP or other industry qualification
  • Desired – experience working with global organizations


 

Learn more about our Security Verification Services.

Apply Now