Vacancy expired!
- Five (5) years of combined experience in a direct/indirect IT Security or Technical IT role
- Familiarity with secure software development lifecycle maturity models such as BSIMM, Microsoft SDL, others
- Understanding and practical experience in at least 4 of the following:
- Network infrastructure and architecture (traditional, SDN)
- Cloud service/service delivery (PaaS, IaaS, SaaS)
- Infrastructure as Code
- OS configuration management & hardening (Windows, Linux, Mac)
- Encryption / PKI
- SOA / Microservices
- Application / API security
- Identity Management (IDM)
- Application Vulnerability Management (SAST/DAST/Package Scanning/other)
- DevSecOps / Scaled Agile Framework
- Development in a major language, such as PHP, .NET, etc.
- Experience working in a consulting/delivery role
- Practical knowledge of any combination of PCI-DSS, Sarbanes-Oxley, GLBA, HIPAA, state/federal privacy laws
- Experience working in a decentralized IT environment
- ?Options Before Obstacles? mentality
- Strong passion for information security
- Ability to maintain trust and strict confidentiality
- Work with a high sense of urgency
- Outstanding interpersonal skills
- Ability to analyze situations objectively and love to challenge assumptions
- Comfort with acting decisively with limited information
- Ability to be efficient and methodical in a fast-paced environment
- Love for mentoring, cross-training and building stronger teams
- Knowledge of the mortgage and financial services industry
- Collaborate with Project Management, IT, Architecture and Information Security teams to help teams interpret and build a secured software development lifecycle
- Refine the standard set of security gates and non-functional requirements used across the organization
- Interact with software engineering teams to ensure that deployment methodologies are built with security in mind
- Act as a development security consultant to the business, translating business requirements into security solutions
- Work with InfoSec Analysts to ensure visibility and security controls are implemented and maintained
- Collaborate with Architecture and other InfoSec teams when identifying emerging new trends in the business and work on updating standards to protect our team members and clients
- Review changes to technical controls to jump into action when it looks like a business process needs help
- Review project and process plans to ensure security is baked in
- Consult with teams to ensure data is properly handled throughout our environment
- Foster secure cross-platform development, collaboration, and solutions
- Mentor other architects to expand their knowledge of secure software development and standards
Vacancy expired!