---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Sr. Security Engineer
Location: Dublin , California, US
Type: Permanent F/T
Closing Date: 12/25/2004
Celebrating 20 years of innovation, Sybase enables the Unwired Enterprise for
customers and partners by delivering enterprise and mobile solutions for
information management, development and integration. The world's most critical
data in commerce, communications, finance, government and healthcare runs on
Sybase. Awarded as one of the best companies to work for in several locations
throughout the U.S. and Canada. For more information, visit the Sybase Web
site: http://www.sybase.com.
Purpose of the Position:
Plans and manages the strategic components of the Sybase Information Security
services, providing process and technology direction on a wide variety of
information security issues, concerns, and problems. Works closely with
business units and project teams throughout the organization to ensure Sybase
data, network resources and computer systems are protected from internal and
external unauthorized access, modification, deletion or disclosure in
compliance with Sybase policies and standards and security best practices.
Delivers on process and technology controls governing incident handling,
security architecture planning, policy development, service level management,
security program direction, strategic project coordination. Provides expert
level security consultative assistance and promotes security best practices
throughout the organization.
JOB REQUIREMENTS
---------------------------------------------------
Major Duties and Responsibilities:
· Drives enterprise security program framework strategy and
implementation initiatives. Provides strategic direction on the enterprise
security architecture and the implementation of appropriate safeguards and
controls.
· Develops corporate standards and test plans for
Security-related infrastructure hardware and software to ensure that systems
are configured to standards are not vulnerable to unauthorized changes or other
attacks.
· Develops, documents, and implements information security
policies, standards, guidelines and procedures across all computing platforms.
· Develops and implements internal audit and compliance programs
to ensure compliance with regulations pertaining to information security and
privacy. Advises the Director of Information Security of changes in technical,
legal and regulatory areas affecting information security and computer crime.
Serves as the internal auditor for information security processes. Ensures that
audit and assessment findings, regulatory requirements, and incident handling
lessons learned are accounted for in all enterprise security strategies and
plans.
· Performs information security risk assessments. Works closely
with business units to remediate security risks and recommends appropriate
controls.
· Participates on project teams in the role of an IT Security
Architect and reviews projects for compliance with corporate/industry security
practices and policies. Provides security consulting, solutions, designs,
reviews and recommendations for various projects and initiatives. Support
efforts between Information Security and implementation teams.
· Manages complex information security projects that are both
process and technology based. Delivers medium to large-sized solutions to meet
the company's Information Security objective.
· Provides the lead in security incident response. Provides
investigative and computer forensics support for HR, Legal and Audit teams for
information security-related incidents.
· Provides the lead in the evaluation of new technologies and
third party products to verify that they meet security standards. Design future
security strategies, architectures and security requirements based on business
needs, and publish necessary internal design documents, whitepapers, and
technical reports as needed.
· Develops, designs, implements and monitors corporate-wide
security awareness programs to assist the education and training of Sybase
employees regarding information security issues, policies, standards and
guidelines
· Provides training and guidance to other Information Security
team members. May be actively involved in training individuals and groups.
· Is ‘on-call’ for emergencies. Carries a personal
pager/cell phone 24-hours a day (except vacations)
· Other duties as required.
Qualifications:
Education:
- BS/BSCS & 9-11 years or MS/MSCS & 8-10 years.
Experience:
· Computer Science or related field of knowledge required.
· 9-11 years overall background in information technology with
7-9 years progressively increasing responsibility experience in information
security, including the areas of web and network security, operating systems
security, applications security, database security, administration of
information security assessment tool sets and delivery of security education
and awareness programs. Work performed within a large enterprise environment is
preferred.
· In depth knowledge of various aspects and components of the
security infrastructure, including encryption methods/standards, real-time
intruder detection, perimeter security, event correlation, authentication
services, vulnerability analysis, VPN, IPSEC, advanced incident handling and
forensics best practices.
· Extensive experience in several of the following areas: network
and application security architecture for Internet, Partner Extranet, and
Intranet E-commerce systems, web application security, identity management,
PKI, LDAP, wireless LAN/WPA security.
· Implementation experience with commonly accepted industry
standards and best practices such as COBIT, ISO17799, ITIL, or NIST.
· Detailed understanding of current legal and regulatory
requirements for state, federal, and international regulations associated with
information security, such as Sarbanes-Oxley, HIPAA, GLBA, SB1386, etc. Strong
knowledge of information security risk management framework.
· Proven ability to collaboratively plan, document, and present
security strategies, achieve buy-in from IT leadership, and manage the strategy
implementation process.
· Must have excellent verbal, written, and presentation
communication skills, effective analytical abilities, ability to work
independently, strong interpersonal skills and the maturity and motivation to
work effectively across project teams.
· Excellent project management skills, including the ability to
plan, organize and prioritize and balance multiple projects to ensure target
dates and goals are achieved
· Must demonstrate a keen understanding of security as a business
enabler.
· CISSP or SANS - GIAC certification preferred.
Benefits:
Sybase provides outstanding benefits, including Medical, Dental, Vision,
Employee and Dependent Life Insurance, Spousal equivalent benefits coverage,
Paid Time Off, Education assistance program, Adoption Assistance Program,
Employee stock purchase plan, 401K, Commuter Benefits, 529 College Savings Plan
information, Employee Assistance Program, Onsite Fitness Center, Onsite Day
Care, Onsite Cafe, and Credit Union.
Candidate must be legally authorized to work in the U.S.
Company will not be responsible for any relocation expenses incurred.
Sybase is an Equal Opportunity Employer (EOE)
CONTACT
---------------------------------------------------
For further consideration, send your resume to marilyns@sybase.com and
searesume@sybase.com
Marilyn Suess-Myers
Sr. HR Manager
Sybase
marilyns@sybase.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
