Job Posting Title: Senior Security Consultant
This dual role will be the conduit between the architecture team and the operations team. This position is on the Security Delivery & Operations Team and works extensively with the Architecture and Operations teams to design, implement, document (run books), and support new security technologies. The successful individual will have extensive security experience across multiple security domains including: Identity and Access Management, Infrastructure Protection, Data Protection, Threat/Vulnerability Management, Auditing/Logging, etc. Secondly, this role will provide Security Consulting services to the IT project to ensure that they comply with Info Sec policies and Standards. This person will be part of the SDLC lifecycle, ensuring appropriate security deliverables have been addressed as part of the overall design.
Collaborate with Infrastructure, Architecture, and other IT Subject Matter Experts (SME) to ensure security elements are addressed in the overall business/IT solutions, align/assess impact of proposed solution on existing operations so appropriate technical/business/operational risks can be mitigated/accepted.
* Overall Solution Design including but not limited to Proof of Concept, detailed design, installation/configuration, integration, security, data/information flow, exception handling, operational readiness, scalability & performance, infrastructure needs, documentation/runbooks, testing, along with some level 3/4 support.
* Development of required Technical Design documentation in support of the total scope definition and review the complete design with all stakeholders.
* Discovery and solution estimates, scope, and ongoing validation (including any scope changes) of delivering project technical solutions including collaboration with internal and vendor resources.
* Validate that the solution meets Enterprise Security standards and overall reference architecture fit analysis.
* Follow and ensure defined SDLC process properly followed by all resources involved in development cycle
* Constantly learning & staying apprised of emerging security technologies
* You have a strong security background, and at least 3+ years' experience in a hands-on information security role and have a solid understanding of ISO 270001 and NIST Security Frameworks.
* You have experience in performing security vulnerability assessments, will know your way around regulations like PCI and SOX, and may have a CISSP or equivalent security accreditation.
* A strong understanding of IAM, role-based access controls, network security, and means of isolating environments is required. Experience implementing certificate and key management systems to enable encryption on cloud platforms is also required. An understanding of security and authentication protocols is desired including TLS, SSH, OAuth, SAML, Kerberos.
* You are familiar with various network controls including proxies and reverse proxies, network and application load balancers, stateful and deep packet inspection and understand how to design environments to protect against malicious accidental threats, such as data leakage and denial of service attacks.
* Experience defining unit and functional tests, security checks, validators, and integrating them into an SDLC framework (Waterfall and Agile) and DevOps practices.
* Experience in DevOps and Cloud based platforms (AWS, Azure, Oracle, IBM, or Rackspace).
* Knowledge of Linux and Windows administration and OS hardening is desired. The individual should also be familiar with configuration management.
* Experience with log management and monitoring tools, including cloud native tools, is strongly desired. The ideal candidate should be able to aggregate, correlate, and report on logs and metrics, use them for detecting anomalous or risky behavior, and triggering automated actions or alerts. Familiarity with common exploits, such as XSS, SQL Injection, DOS, man-in-the-middle, and buffer overflows, as well as how to detect them and protect against them, is a strong plus.
* You will work with product stakeholders to create, update, and implement Information Security designs, standards and procedures.
* You will evaluate and recommend new and emerging security products and technologies.
THIRD PARTY AGENCIES, SUBCONTRACTORS, AND RECRUITERS NEED NOT APPLY. Applicants received from firms will not be considered. Subcontracting is not available for this position.