Responsibilities:
- Lead SecArch deep dives with the requestor of the assessment
- Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
- AAA – Authentication, Authorization, Auditing
- Application Security – Session Security, Vulnerability/Pen Testing items, Input Validation
- Secure data transport and storage
- Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
- Participate in various Operational and Technology Risk governance processes
- Assist in identifying new areas and opportunities of technology investment for the firm
Desired Profile:
- Excellent communication skills: written, oral, presentation, listening
- Ability to influence through factual reasoning
- Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
- Strong focus on delivery when presented with short timelines and increased involvement from senior management
- Ability to adjust communication of technology risks vs business risks based on the audience
Security Architecture Skills
- Required – In depth knowledge of application and basic knowledge of and network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
- Required – Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy-in.
- Required – Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
- Required – The candidate must have working experience in the following application/network security domains:
- Authentication: SAML, SiteMinder, Kerberos, OpenId
- Entitlements and identity management
- Data protection, data leakage prevention and secure data transfer and storage
- App Security - validation checking, software attack methodologies
- Cryptography – encryption and hashing
- Required – Even though the SecArch Integrator role is not a development role, the candidate must have understanding in programming, design and application architecture.
- Required – In order to be a practical SecArch Integrator the candidate must have experience implementing complex applications in an enterprise environment.
- Required – knowledge of programming and scripting languages: Java, JavaScript, C#, C/C++, Perl, Python, Ruby
Other Areas of Expertise
- Frameworks, protocols and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries, JMS, RMI, JMX, Hibernate.
- Knowledge of JSP /Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex / Silverlight.
- Database design and programming experience
- Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)
- Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
- Understanding of geographic regulations and their impact on Security assessments
- Previous experience in Financial Services is preferred
- CISSP or other industry qualification
- Desired – experience working with global organizations
Learn more about our Security Verification Services.