Sr. Information Security Specialist (applications AND infrastructure)

Sr. Information Security Specialist (applications AND infrastructure)

New York City, NY
10426099
02-14-2018
or
TITLE: Sr. Information Security Specialist
LOCATION: Midtown Manhattan
CLIENT: Fortune 100 Entertainment / Media company
TYPE:  Salaried Employment 
SALARY plus bonus with SUPERB Benefits
 
IMPORTANT
  • Candidates MUST live in the NYC / NJ / CT area, commutable to midtown NYC
  • Client WILL NOT sponsor visas so Green Card or Citizenship is required
     
Our client is looking for a hands-on, seasoned, Information Security Professional with experience in security operations, application development security, infrastructure security, security risk assessments, audits, compliance, governance, and high-level risk management.
This is a great opportunity for growth and knowledge expansion as we deploy new tools. Our corporate culture is NOT one of a silo of infosec teams. We get to do it all, so breadth of experience is a great attribute for a successful candidate.
 
DUTIES & RESPONSIBILITIES
  • The role will be 70% project management and 30% hands-on technical duties. First-hand experience with TCP/IP, vulnerability management, pen testing, etc.
  • Should be comfortable taking a policy document and improving it (baseline on mobile device management and then adding some specific things to sharpen it where appropriate)
  • Candidates must be able to both work independently as an individual contributor, as well as have good interpersonal skills to ‘market’ infosec to the rest of the organization and build partnerships and trust
  • Security architecture design, administration, and support for ongoing IT and Web initiatives
  • Provide security protection to company’s information technology systems and data
  • Security risk assessment and remediation for business processes, enterprise infrastructure and applications
  • Conduct periodically risk assessments, vulnerability assessments and threat analyses to be able identifying and managing associated risks
  • Develop and facilitate deployment of information security governance documents: policies, frameworks, programs, procedures, and audits
  • Define, develop, and implement security models for Intellectual Rights Management, data confidentiality classification
  • Proactively monitor security threats and vulnerabilities; event management and logging, identify and prevent potential intrusions using SIEM, DLP, IPS/IDS, other tools; advanced malware/Threat analysis and protection
  • Plan and execute security related projects, e.g., deploying new security solutions and best practices, providing guidance to company’s engineering and QA teams
  • Establish, monitor, evaluate and report key security performance and risk assessment indicators to provide management with accurate evaluation of the enterprise security state and the information security program effectiveness
  • Compliance assessment and reviews; alignment of security controls for business processes and applications with applicable regulatory governing documents like SOX, PCI, COPA, Safe Harbor, ISO 27001, OWASP 
  • Develop and maintain User Security Awareness program; organize and provide security training to employees, contractors, interns
  • Monitor and study relevant media and specialized vendor resources, provide assessment and recommendations to address emerging threats, vulnerabilities
  • Site Security Assessment of corporate premises, third parties, cloud services
 
REQUIRED KNOWLEDGE
  • Integration with Business, Information, Technology architectures
  • Securing business processes, applications, and infrastructure
  • Security aspects for N-tiered application architecture and web-based applications
  • Authentication, authorization, data confidentiality, non-repudiation, integrity, audit logging
  • Linux and Windows scripting, command line utilities (Shell, Visual Basic, Perl, Python, awk)
  • Security policies and best practices; developing governance documents, certificate management
  • Identity management and role based user access control, end point security 
  • Password management and SSO implementation
  • Network security, TCP/IP, DNS, DMZ, Firewalls, Application Firewalls (Web, XML, Database), best practice design and deployment; hardening hardware/software, secure VPN and FTP, Forward and reverse proxies
  • Virtualized, cloud, mobile environments, MDM
  • Security specifics in applications development and custom codes - PHP, ASP, Java, C# platforms
  • Hardening J2EE, Tomcat, Web servers (IIS, Apache)
  • Windows and Linux security models, basic administration and audit
  • Databases (Oracle, MS SQL) – audits, data encryption at rest and in transit
  • Browser security concepts (e.g. Tokens), risks (e.g. XSS); configuring SSL/TLS, PKI servers
  • LDAP (Oracle Sun One preferred), Active Directory, including administration and design of custom LDAP schemas
  • Vulnerability assessments and IT auditing
  • Incident response and digital forensics experience
  • Experience in organizing and leading projects with managed security service providers
  • Assess and manage Third Party Security  
 
QUALIFICATIONS
  • One of Major InfoSec Certifications (CISSP, CISM, SANS) REQUIRED
  • Knowledge of McAfee ePO, Nessus and Symantec tools preferred (equivalent experience with other tools may be considered)
  • Strong executive presence skills required
  • Must have strong prioritization skills, able to work on multiple complex projects at the same time (3-4)
INTERESTED APPLICANTS
If you are interested in pursuing this opportunity, please respond back and include the following:
 
• Full MS WORD Resume
• Current and required compensation
• Current contact information
• Availability
 
Upon receipt, one of our managers will contact you to discuss the position in full detail.
 
 
Jason Denmark
INTERMEDIA GROUP, INC.
131 Varick Street
New York, NY 10013
Voice: 212-248-0100
Email: jdenmark@intermediagroup.com

Recruiter Contact

Jason Denmark
INTERMEDIA GROUP, INC.
131 Varick Street
New York, NY 10013
Voice: 212-248-0100
this job portal is powered by CATS