Sr.Security Architecture ReviewApp Sec / Compliance @ Aujas Cybersecurity An

• Lead SecArch deep dives with the requestor of the assessment
• Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
  • AAA Authentication, Authorization, Auditing
  • Application Security Session Security, Vulnerability/Pen Testing items, Input Validation
  • Secure data transport and storage
• Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
• Participate in various Operational and Technology Risk governance processes
• Assist in identifying new areas and opportunities of technology investment for the firm

• Excellent communication skills: written, oral, presentation, listening
• Ability to influence through factual reasoning
• Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
• Strong focus on delivery when presented with short timelines and increased involvement from senior management
• Ability to adjust communication of technology risks vs business risks based on the audience

Security Architecture Skills

• Required In depth knowledge of application and basic knowledge of and network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
• Required Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buyin.
• Required Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
• Required The candidate must have working experience in the following application/network security domains:
  • Authentication: SAML, SiteMinder, Kerberos, OpenId
  • Entitlements and identity management
  • Data protection, data leakage prevention and secure data transfer and storage
  • App Security validation checking, software attack methodologies
  • Cryptography encryption and hashing

• Required Even though the SecArch Integrator role is not a development role, the candidate must have understanding in programming, design and application architecture.
• Required In order to be a practical SecArch Integrator the candidate must have experience implementing complex applications in an enterprise environment.
• Required knowledge of programming and scripting languages: Java, JavaScript, C#, C/C, Perl, Python, Ruby

Other Areas of Expertise

• Frameworks, protocols and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries, JMS, RMI, JMX, Hibernate.
• Knowledge of JSP /Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex / Silverlight.
• Database design and programming experience
• Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)
• Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
• Understanding of geographic regulations and their impact on Security assessments
• Previous experience in Financial Services is preferred
• CISSP or other industry qualification
• Desired experience working with global organizations