Sr. Information Security Specialist (applications AND infrastructure)

Sr. Information Security Specialist (applications AND infrastructure)

New York City, NY
10426099
02-14-2018
or
TITLE: Sr. Information Security Specialist
LOCATION: Midtown Manhattan
CLIENT: Fortune 100 Media Company
TYPE: FTE - Full Time Salaried Employment (SALARY plus bonus with SUPERB Benefits)
 
IMPORTANT
  • Candidates MUST be local, no relocation considered
  • NO H1s
ROLE DESCRIPTION
Our client is looking for a well-rounded Information Security Professional with experience in security operations, application development security, infrastructure security, security risk assessments, audits, compliance, governance, and high-level risk management.
This is a great opportunity for growth as they deploy new tools. The client's corporate culture is NOT one of a silo of infosec teams. You'll be involved in a variety of projects, so breadth of experience is a great attribute for a successful candidate.
 
DUTIES & RESPONSIBILITIES
The position will be 70% project management and 30% hands-on technical duties. 
  • Familiar with translating a policy document and improving it (baseline on mobile device management and then adding some specific things to sharpen it where appropriate)
  • Comfortable working both as an individual contributor as well as able to build partnerships and trust throughout the organization leveraging your industry infosec skills and knowledge
  • You'll be involved in security architecture design, administration, and support for ongoing IT and Web initiatives
  • Conduct security risk assessment and remediation for business processes, enterprise infrastructure and applications
  • Develop and facilitate deployment of information security governance documents: policies, frameworks, programs, procedures, and audits
  • Define, develop, and implement security models for Intellectual Rights Management, data confidentiality classification
  • Proactively monitor security threats and vulnerabilities; event management and logging, identify and prevent potential intrusions using SIEM, DLP, IPS/IDS, other tools; advanced malware/Threat analysis and protection
  • Plan and execute security related projects, deploying new security solutions and best practices, providing guidance to company’s engineering and QA teams
  • Establish, monitor, evaluate and report key security performance and risk assessment indicators to provide management with accurate evaluation of the enterprise security state and the information security program effectiveness
  • Compliance assessment and reviews; alignment of security controls for business processes and applications with applicable regulatory governing documents like SOX, PCI, COPA, Safe Harbor, ISO 27001, OWASP 
  • Develop and maintain User Security Awareness program; organize and provide security training to employees, contractors, interns
  • Monitor and study relevant media and specialized vendor resources, provide assessment and recommendations to address emerging threats, vulnerabilities
  • Site Security Assessment of corporate premises, third parties, cloud services
 
TECHNICAL SKILLS REQUIRED
  • Experience with TCP/IP, vulnerability management, pen testing, etc.
  • Knowledge of network security, TCP/IP, DNS, DMZ, Firewalls, Application Firewalls (Web, XML, Database), best practice design and deployment; hardening hardware/software, secure VPN and FTP, Forward and reverse proxies
  • Experience with Integration with Business, Information, Technology architectures
  • Familiarity with security aspects for N-tiered application architecture and web-based applications
  • Knowledge of authentication, authorization, data confidentiality, non-repudiation, integrity, audit logging
  • Experience in organizing and leading projects with managed security service providers
  • Assess and manage Third Party Security  
  • Incident response and digital forensics experience
  • Windows and Linux security models, basic administration and audit
  • Linux and Windows scripting, command line utilities (Shell, Visual Basic, Perl, Python, awk)
  • Knowledge of security policies and best practices; developing governance documents, certificate management
  • Experience with Identity access management (IAM) and role based user access control, end point security 
  • Knowledge of password management and SSO implementation
  • Virtualized, cloud, mobile environments, MDM
  • Browser security concepts (e.g. Tokens), risks (e.g. XSS); configuring SSL/TLS, PKI servers
  • Hardening J2EE, Tomcat, Web servers (IIS, Apache)
  • Application Security specifics development and custom codes - PHP, ASP, Java, C# platforms
  • Databases (Oracle, MS SQL) – audits, data encryption at rest and in transit
  • Vulnerability assessments and IT auditing
  • LDAP (Oracle Sun One preferred), Active Directory, including administration and design of custom LDAP schemas
 
QUALIFICATIONS
  • One of Major InfoSec Certifications (CISSP, CISM, SANS) REQUIRED
  • Knowledge of McAfee ePO, Nessus and Symantec tools preferred (equivalent experience with other tools may be considered)
  • Strong executive presence skills required
  • Must have strong prioritization skills, able to work on multiple complex projects at the same time (3-4) 
 
INTERESTED APPLICANTS
If you are interested in pursuing this opportunity, please respond back and include the following:
 
• Full MS WORD Resume
• Current and required compensation
• Current contact information
• Availability
 
Upon receipt, one of our managers will contact you to discuss the position in full detail.

 
 
Jason Denmark
INTERMEDIA GROUP, INC.
131 Varick Street
New York, NY 10013
Voice: 212-248-0100
Email: jdenmark@intermediagroup.com

Recruiter Contact

Jason Denmark
INTERMEDIA GROUP, INC.
131 Varick Street
New York, NY 10013
Voice: 212-248-0100
this job portal is powered by CATS