Dear All,
Kindly send me suitable profiles to sudha@arimaaforcellc.com;
Role : Lead Application Security Engineer
Location : Eagan, MN
Duration : 6+ Months
Lead Application Security Engineer
This is a new position, and has a possibility of being a temp to permanent assignment. The individual selected for this position will be working with internal stakeholders throughout Thomson Reuters, particularly the security team. The Hiring Manager stressed that candidates submitted to this position should not only have Network Security experience, this position will be very focused on Application Security. The candidates that will excel in this role will have a background in development, and should know how to coordinate security audits and leverage Veracode. The must haves for this position are Veracode, Blackduck, and Qualys. Preferred qualifications are experience in CISSP, CISM, or CISA (with particular weight given to CISSP); some experience in Network Security.
The Lead Security Engineer supports FindLaw security operations in provisioning, event monitoring, incident management, compliance updates, and risk remediation efforts. The role will be involved in the implementation of new security solutions, creation and maintenance of policies, as well as coordinating vulnerability audits, security risk assessments and remediation plans. The Lead Security Engineer is expected to be fully aware of the enterprise's security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.
Division/Group/Role
Key Responsibilities & Technologies
• Participate in the planning and design of FindLaw's security framework and strategy. Responsible for the creation of security documents (policies, standards, baselines, guidelines and procedures).
• Serve as primary incident contact for any FindLaw security incidents and partner with other FindLaw and TR stakeholders to investigate root cause, recommend remediation steps and coordination execution of remediation plans.
• Maintain up-to-date detailed knowledge of the Technology security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Contribute to the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically.
• Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).
• Participate in the design and execution of vulnerability scanning and assessments, penetration tests and security audits. Monitor all in-place security solutions for efficient and appropriate operations. Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.
• Ensure that appropriate policies and procedures are followed to support timely and accurate provisioning of user access. Understand user access administration compliance requirements and ensure processes are designed to support and monitor compliance.
Qualifications, Knowledge, and Skills:
• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Strong written, oral, and interpersonal communication skills.
• Ability to conduct research into Technology security issues and products as required.
• Ability to present ideas and document artifacts to business, technology and executive audiences.
• Highly self-motivated and directed.
• Keen attention to detail.
• Team-oriented and skilled in working within a collaborative environment.
Education and Experience:
• Bachelor's Degree in Computer Science, Management Information Sciences, Mathematics, Engineering, Business, or area of functional responsibility preferred, or a combination of equivalent education and experience.
• 10+ years hands-on experience and demonstrated expertise with security platforms and tools such as firewalls, logging and monitoring, intrusion detection, vulnerability scanning, and penetration testing.
• Experience using security tool strongly preferred, including: Veracode, Blackduck, and Qualys
• One or more of the following certifications is strongly preferred:
o CISSP – Certified Information Systems Security Professional
o CISM – Certified Information Security Manager
o CISA – Certified Information Systems Auditor
Sudha
Sr.Technical Recruiter, ArimaaForce LLC., USA | India
Direct : +1 (262)-885-1519 | Fax : +1 (855)-659-5918
Email | WebSite | Linkedin | Facebook | Twitter | Hot Reqs
Gtalk & Skype – arimaa.sudha | Yahoo - arimaa.sudha@yahoo.in
Disclaimer: We respect your on-line privacy. This is not an unsolicited mail. Under Bill 1618 Title III passed by the 105th US Congress this mail cannot be considered Spam as long as we include contact information and a method to be removed from our mailing list. If you are not interested in receiving our e-mails then please reply with a "REMOVE" in the subject line and we will remove your name from the mailing list. I am sorry for the inconvenience caused to you.
---
You received this message because you are subscribed to the Google Groups "Best IT Consulting Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to best-it-consulting-group+unsubscribe@googlegroups.com.
To post to this group, send email to best-it-consulting-group@googlegroups.com.
Visit this group at http://groups.google.com/group/best-it-consulting-group.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment