The Application Security Technical Lead provides expert technical leadership, insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions. This role provides application security and/or information security architecture direction, knowledge, and assessments to relevant departments. He or she directs and/or conducts web application and/or information security assessments using in-house tools, as well as coordinating with other third parties as necessary for external penetration scans or application assessments. This role leads and directs efforts that result in the integration of application security and/or information security requirements, controls, and processes into the our cleints software development, integration or acquisition process. This role role includes leading project and support teams to define and support coordination, implementation, testing, analysis and tracking of the remediation or mitigation process of known security issues. The application security technical lead adheres to and promotes compliance to information security policies, standards, and best practices, and leads process improvement and risk mitigation initiatives. He or she provides technical risk assessments, exposure assessments, and recommendations for remediation. This is a technical, application-oriented security leadership role critical to the success of the organization..
• Serve as information security leader and subject matter expert and actively assist our cleints teams in the development of secure business solutions for medium to highly complex problems.
• Monitor, analyze, and interpret security/system logs for events and incidents reflective of unauthorized access or operational irregularities.
• Work on multiple projects as the team member who leads the security design of the project.
• Support or lead information security incident response as required.
• Monitor security advisories and ensure security updates, patches, and preventive measures are in place throughout the relevant our cleints security control environments.
• Perform technical IT security risk assessments and lead remediation efforts.
• Analyze audit findings and make recommendations to lower security risks to acceptable levels.
• Support information security awareness efforts throughout our cleint.
• Consult, advise, and approve secure application and network design.
• Ensure that security changes comply with company change management policies and procedures.
• Author security policies, procedures, standards, and guidelines for computing infrastructure.
• Establish and enforce operating system and application hardening standards.
• Establish, maintain, and monitor mechanisms to ensure protection against malware on company computing systems.
• Automate security processes and tasks to achieve efficiencies and/or improved accuracy.
• Perform additional duties as assigned.
• Bachelor’s degree in Computer Science or similar field of study, or have equivalent industry experience.
• 10+ years of technical IT experience, 5 of which working as an information security engineer or similar, including IP based applications (DNS, SMTP, SSL, etc.).
• Strong background working with security technologies: firewalls, intrusion detection, AV, IDS, vulnerability scanning and remediation, security log and event management, network traffic analysis, privilege management, etc.
• Knowledge of regulatory compliance standards used in financial industry (e.g., PCI, GLBA, SOX, SAS70).
• Strong understanding of LAN, WAN, and wireless communications and protocol, including network packet analysis and routing protocols.
• Strong knowledge of UNIX and Windows operating systems as well as supporting technology (Active Directory).
• Prefer CISSP, GIAC, or CISM certification.
• Must be able to juggle priorities and operate with little ongoing supervision.
• Must have excellent teamwork and communication skills.
• Scripting knowledge for automation of tasks (such as C, PERL, VBScript, etc.).
• Application and mobile security a plus.
• Demonstrates refined written and verbal communication skills, fosters open communications, listens effectively, and builds strong partnership networks that result in consistent forward momentum; has excellent negotiation skills with an ability to orchestrate change through influence.
• Highly experienced at solving complex challenges in a directed, methodical, cost-effective, and data-driven manner and has the ability to analyze the current issue to envision creative solutions.
• Takes initiative to complete critical tasks, especially in team settings with dependencies on other people. Comfortable providing subject matter leadership and direction.
• Works effectively in the face of stress, ambiguity, difficult situations, and shifting priorities all while championing the long-term architectural view.
• Steps outside of “comfort zone” to tackle new issues/challenges in an aggressive manner, demonstrates the ability to leverage self-directed learning opportunities, and is comfortable dealing with ambiguity in a fast-paced, cutting-edge, and entrepreneurial environment.
• Challenges the status quo to generate new ideas; is open to challenges and implements unique solutions to solve them; focuses on the best outcome for the company, rather than on ego.
• Collaborates and openly seeks and shares information across teams and departments.
• Has established experience in his or her technical field and continually augments experience and skills with the latest research results and techniques.
• Demonstrates a bold commitment to the total alignment of actions, words, and professional beliefs.
|Job Category||Technical Lead|