---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Application Security Architect
Location: London, , United Kingdom
Type: Contract
Closing Date: 2006-09-15
Reference No. SF-165
Company Global Financial Services Company
Location London
Salary Generous
Duration 4 months +
Start Date ASAP
No. Required 1
The Role
This is a highly leveraged, internal consulting position within the Bank’s
IT Security organization. The Security Integration team works with IT groups on
a global basis to ensure that IT projects are executed on a secure basis. The
Security Integrator is expected to provide technical leadership to these teams,
which are themselves extremely technical organizations. Some of the specific
roles and responsibilities for this position are:
• Build out a formalized structure around an existing vendor review
process
• Subject Matter Expert on IT security across a variety of platforms in
use at the Bank and at 3rd parties.
• Assess Vendor and 3rd part relationship security
• Lead architecture design and review sessions with IT teams to ensure
that security is incorporated into projects at the earliest stages by
identifying potential risks and threats as well as mitigating designs or
controls.
SKILLS REQUIRED
Skills are divided into two categories, Required and Additional. All of the
Required skills must be present for a candidate to be considered. We do not
require all of the Additional skills, but will give clear preference to
candidates that demonstrate proficiency in a significant number of them.
Required:
• Strong interpersonal skills are critical, since the individual will be
interacting with IT clients and executives around the world, and must be able
to effect change and influence decisions.
• Platform security: The candidate must have deep knowledge of at least
one primary operating system (Unix or Windows), the security risks to that
platform, and how to mitigate those risks.
• Network security: The candidate will be expected to thoroughly
understand the standard network model and the risks present at each layer, and
to understand network architecture.
• Multi-tier application security: Many of our most important
applications are multi-tier applications, and the candidate will be expected to
understand how to secure all layers of an n-tier application. This includes
applications incorporating web services.
• Authentication issues: An understanding of system authentication
technologies (Active Directory and Kerberos in particular) and broader Identity
Management technologies (SiteMinder, SAML, Liberty Alliance, WS-Security) is
key.
• Across all topics, candidate should have expertise with
security-related topics such as authentication mechanisms, data protection,
validation checking, encryption, hashing, principle of least privilege,
software attack methodologies, physical security, social engineering, etc.
Genuine expertise is required here, as the candidate will be extensively tested
on security principles.
Additional:
• Experience in financial services is highly desired.
• Security expertise in multiple operating systems is strongly preferred.
• Programming: Experience with C/C++, Java, C# / .NET, Perl, and shell
programming would be beneficial.
• Automated testing tools: Experience with automated vulnerability
assessment tools (Watchfire), or with more general purpose testing tools (such
as Purify).
• Experience in formulating policy and ensuring compliance with
regulatory requirements
• Experience with mainframe technologies would be beneficial.
• Database programming experience is highly important, which minimally
includes a detailed understanding SQL and ideally encompasses broader knowledge
of database security and management.
• Security expertise with MQSeries.
EDUCATIONAL REQUIREMENTS
Bachelors Degree with min 5+ yrs relevant work experience in high-paced,
enterprise environment.
JOB REQUIREMENTS
---------------------------------------------------
Candidates must be eligable to work in the UK when applying.
CONTACT
---------------------------------------------------
Information Security Solutions
Iain Sutherland
iain@InformationSecuritySolutions.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
