Job Seekers, Please send resumes to email@example.com
Title: Security Web Architect
Location: Quincy, MA
Duration: 12+ Month Contract
Submission Process: If interested, please reply with a current resume and the best number to reach you on.
The Security Architect will be responsible for the overall security requirements and implementation of the program. This role will analyze the program’s enterprise requirements and derive the technical security architecture. This position will analyze the current technology environment to detect critical security deficiencies and recommend solutions for improvement for both the current and future state architectures. The Security Architect will document the security architecture design, possibly including project postmortem documentation and metric collection. He/she will consult on the LAN and WAN infrastructure utilizing the industry's security best practice and systems integration of several platforms (UNIX and Windows). The Security Architect will be responsible for securing the data infrastructure from potential external and internal threats by complying with PCI and other governing authorities.
- Provide input and partner with IT security management in defining security strategy and direction for security systems and architecture using industry best practices.
- Serve as the IT security expert; review architecture and engineering designs from other IT architects to align information system security improvements to support business plans.
- Develop and execute security plans for the Client Program. This will include managing 3rd party vendors, and providing guidance (with other departments) to the security best practices.
- Develop a deep understanding of Client network health, security events, and TCP/IP infrastructure.
- Work hands on with technologies that support the Program including Identity and Access Management, Anti-Virus, Intrusion Detection, Log Management, Web Filtering, Data Encryption, Data Loss Prevention and Compliance and Governance systems.
- Develop secure coding policies, procedures and standards, modification of the SDLC to include the necessary Security Checkpoints, code review methodologies etc.
- Ensure confidentiality, integrity, availability, authenticity, and non-repudiation of critical information system resources and related activities, including but not limited to, data/information, application software, servers and desktop hardware, physical assets, network and telecommunications.
- Identify and mitigate risks, implement necessary mitigating safeguards and controls, implement ongoing monitoring activities and countermeasures, and coordinate the multitude of activities that protect the business information assets from intentional or inadvertent modification, disclosure or destruction, and provide support for applicable legal and regulatory requirements.
- Provide monitoring and compliance tracking for the protection of information assets to business units throughout the enterprise based on the organization’s risk assessment, and is a key member of the various information security work groups.
- Recommend and assist in the development and implementation of appropriate information security policies, standards, procedures, and guidelines required to safeguard information resources.
- Design, develop and deploy security systems consistent with the evolving the organizaitons standards.
- Interface with systems development teams to ensure that new and modified systems are developed in accordance with defined Information Security Standards.
- Work directly with vendors, suppliers and network architect to design, configure and maintain effective security architecture.
- Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing.
- BA or BS in Computer Science, Management Information Systems, or related field. Advanced degree desirable.
- CISSP required. SABSA or CISSP-ISSAP concentration preferred. CISA or CISM is a plus.
- Seven+ years of progressive experience in computing and information security, including experience with Internet technology and security issues.
- At least 5 years information security architecture experience with application security technologies.
- In depth knowledge and experience with one or more of the following security specialization fields: Application Security (RACF, DCE, LDAP, etc.) and testing, Network Security Architecture, PKI Technology, Intrusion Detection, Vulnerability Assessment, Penetration Testing, Firewalls, Log Management, Anti-Virus/Anti-Spam technology, Data Encryption or Data Loss Prevention technology.
- Security clearance is not required but must be able to pass criminal and credit check.
- Knowledge of regulations and security compliance requirements such as PCI DSS.
- Experience in any of the following security technologies is a plus (ex - HIDS (Host-based intrusion detection services), NIDS (Network based intrusion detection services), Wireless network based IDS), Antivirus, Security Log Monitoring, ID Access Management, and Perimeter. Assessments/Penetration Testing.
- Familiarity with common application security vulnerabilities (OWASP Top10)
- Working knowledge of SOA and SOA security features is a plus.
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (CobiT) frameworks.
- Extensive experience with developing and delivering commercial/enterprise software required.
- Experience with security architecture related to protocols such as SSH, SNMP, HTTP, SOAP, SOA, Web Services
- Experience with performing vulnerability and risk assessments and developing risk treatment plans.
- Experience with network and server security, including firewalls, IDS/IPS, VPN, Anti-Virus, Patch Management, and vulnerability analysis.
- Cross-functional knowledge of security in relation to application and networking.
- High level of expertise with Security Monitoring systems, Forensics tools and Malware analysis.