A leading global investment bank is looking for a senior security expert with application security background to join their strategic team.
– Work with network, platform, engineering and development teams in architecture design and review session
– Provide specific security expertise to engineering teams including secure network, database access, testing, authentication, encryption, entitlement design, logging, validation, secure data transfer, etc
– Identify/document areas of risk on projects and present them to senior business, IT and Security team members
– Help identify areas of security that requires long-term strategic investment/improvement
– Create documentation and guidance on the secure implementation of new technologies by collaborating with other technology subject matter experts
– Conduct security training for IT groups
Required / Desired Skills:
Below is a comprehensive list of relevant skills. We are not looking for candidates who possess all the points mentioned. The more skills from the below and the greater depth the candidate has the better.
– Knowledge of the common application and infrastructure level vulnerabilities – ability to explain these risks to developers and senior management
– Knowledge and experience with application/network penetration testing
– Expertise with security-related topics such as authentication (Single-Sign-On, SAML, Kerberos, etc.), entitlements (LDAP), identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage etc.
– Ability to identify possible threats or areas of weakness early within the software development process; Experience in taking part and contributing to design sessions
– Platform: Deep knowledge of at least one primary operating system (Unix or Windows), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks
– Mobile: The candidate will be expected to understand the basic architecture of mobile applications especially Apple iOS
– Network security: Understand the standard network model and the risks present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, vpn, and load-balancers, and to understand network architecture
– In-depth knowledge of network technologies such as SFTP, firewall, DMZ design, IPSec, VPN, Wireless, network topologies and protocols
– Some experience in testing tools, at least one of Fortify, OunceLabs, AppScan, WebInspect, Burp. The successful candidate will be able to explain the ‘hows and whys’ of the tools, as well as being experienced in using them
– Architecture/Implementation: The ideal candidate will have experience in architecting and implementing enterprise projects that touch all components of the IT stack to fully appreciate level of effort and appropriate roles in IT
– Languages: The ideal candidate will have experience with several practical languages such as Java/J2EE, Perl, C/C++, C#, Python
CISSP or other industry qualifications
– 5+ Years of commercial experience in application/infrastructure security