- Performing security design reviews to assess security implications for the introduction of new product features and functionality that could expose the risk of data loss or breach within the cloud-hosted service platform, especially as it relates to the back end architecture for data storage and transmission
- Providing specific guidance regarding security requirements and mitigations for securing business use cases with a defense-in-depth strategy
- Working with the Application Security team, assist in conducting software security assessments including threat modeling, security control reviews and vulnerability assessments
- Working with an application and functional teams across the business to encourage a security mindset throughout software development lifecycle from concept to testing and implementation
- Working closely with a server, network, and business teams during incident response events to speed remediation
- Utilizing both manual methods and automated tools to identify and assess web application, network and system design and vulnerabilities
- Evaluating and recommending technologies that could improve current systems and ensure that plans for security technologies integrate with existing solutions and do not introduce any security vulnerabilities
- Designing and implementing a comprehensive data protection strategy designed to enforce technical and organizational measures to protect intellectual property and confidential information for clients and customers
- Assisting the Sr Mgr of Risk and Compliance to conduct security assessments of current and perspective third-party vendors and partners to ensure their compliance with client Information Privacy and Security requirements
- Ensuring that the security of all systems, applications, and data is active, consistently and verifiably maintained throughout information technology lifecycle, including design, implementation, operation, and disposal
- Working with product owners, business stakeholders, business analysts and engineering teams to review security requirements and approve/modify designs as needed
- Advising on data security issues, compliance, and privacy requirements including, but not limited to SOC 2, ISO 27001, C5 and GDPR
- Taking a lead role in conducting security research on threats and remediation techniques/technology and making recommendations for implementation
- Extensive knowledge of current and emerging IT security technologies and techniques that cover all levels of IT architecture, including those that affect business processes, data, applications, network and systems infrastructure
- Designing, implementing and deploying data protection solutions to align with GDPR and Information Security policies, especially for cloud-hosted data environments
- Providing oversight and guidance for periodic security assessments to ensure compliance with information security policies and established security controls
- Ensuring applications, networks, systems and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the corporate Information Security Policy
- Analyzing infrastructure, networking, and system design from a security perspective and providing recommendations and approvals for implementation decisions
- Assisting in the development and automation of threat management, vulnerability management, and incident management processes
- Minimum 7+ years of experience in Information Security with an emphasis on leading security personnel to secure applications, networks, and systems
- At least one security-related certification, such as CISSP, GIAC, CompTIA Security+, required. CISSP strongly preferred.
- Strong hands-on experience in Application, Network, System and Cloud Security Architecture design and review
- Proven ability to design end-to-end security solutions across large enterprise IT ecosystems
- Proven experience leading implementation programs for improved network security, including segmentation, perimeter, and in-depth monitoring, and active response
- Experience breaking down complex systems and applications to find relevant security risks
- Significant experience with industry has known common vulnerabilities and attack vectors
- Experience with enterprise disaster recovery and business continuity planning
- Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
- Experience in DevOps environments and maintaining security in CI/CD processes highly desired
- Solid understanding of AWS and Microsoft Azure architecture and services
- Deep understanding of container architectures for cloud services
- Deep understanding of Apache Spark, Kudu and Mesos preferred
- Detailed understanding of Microsoft Office 365 application security, especially related to email and One Drive
- Deep understanding of VPN, PKI, IPAM and MFA technologies required
- Demonstrated proficiency in system hardening techniques for Microsoft Windows, Linux, and Mac OSX
- Working knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2
- Hands-on technical proficiency with IDS/IPS and SIEM tools. IBM QRadar, Splunk, and Graylog expertise highly preferred.
- Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
- Proven ability to succinctly communicate complicated technical security issues and the risks they pose to R&D programmers, DevOps engineers, system administrators and management
- Hands-on ability to troubleshoot issues on security platforms
- Specific understanding of the application and operating system hardening, vulnerability assessments, security auditing, TCP/IP & network fundamentals, intrusion detection systems, firewalls, VPNs, WAFs
- Working knowledge of and experience in policy and process creation and management
- You must be experienced with designing and running security solutions with the following tools: vulnerability scanners, forensics software, SIEM, HIDS/NIDS, IPS, malware analysis and protection, content filtering, logical access controls, physical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, security incident response techniques
- Experience with a secure network firewall, application firewall, and DDoS prevention technologies
- Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc, highly preferred.
There’s a 5% chance that a hurricane will cause $60 billion of insured losses next year and a 1% chance an earthquake will cause $50 billion of insured loss in the next 12 months. At RMS, we build the simulation models that allow insurers and investors to understand portfolio risks due to catastrophes: natural catastrophes (hurricane, earthquake, flood), terrorism, pandemic, and changes in life expectancy.
We are one of the most exciting firms you’ve probably ‘never’ heard of, unless you’re one of our hundreds of clients in the (re)insurance, banking or hedge fund sector. We lead an industry we helped pioneer and ultimately our work makes a true impact on the world at large. How we understand and manage risk affects everybody and our passion is nothing less than creating a more resilient world through a better understanding of catastrophic events.
We are evolving our vision by delivering future solutions in the cloud, releasing in 2016 a cutting-edge risk management platform ‘RMS(one)’ for the global risk market. RMS(one) will create a holistic and integrated view across the enterprise with one platform for all models, all points of view, and all data. All will be run as equal partners on RMS(one).
To find out more, visit www.rms.com Or follow us on Facebook, LinkedIn or @rmsjobson Twitter.
RMS is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity without regard to race, color, creed, gender, religion, marital status, registered domestic partner status, age, national origin or ancestry, physical or mental disability, genetic characteristics, sexual orientation, or any other classification protected by applicable local, state, or federal law.