Sr. Information Security Specialist (applications AND infrastructure)

Sr. Information Security Specialist (applications AND infrastructure)

New York City, NY
10426099
02-14-2018
or
 
TITLE: Sr. Information Security Specialist
LOCATION: Midtown Manhattan
CLIENT: Fortune 100 Media Company
TYPE: FTE - Full Time Salaried Employment (SALARY plus bonus with SUPERB Benefits)
 
IMPORTANT
  • Candidates MUST be local, no relocation considered
  • NO H1s
ROLE DESCRIPTION
  • Our client is looking for a well-rounded Information Security Professional with experience in security operations, application development security, infrastructure security, security risk assessments, audits, compliance, governance, and high-level risk management.
  • The candidate will use identify vulnerabilities (using tools like Qualys, Nessus, etc) and interface with the Development Team to implement changes in the development process / coding to address application level security issues.
  • Its a small team in a large multi billion dollar organization, and would require a candidate be a mix of both HANDS ON as well as Strategic / Policy / Project Management focused.
This is a great opportunity for growth as they deploy new tools. The client's corporate culture is NOT one of a silo of infosec teams. You'll be involved in a variety of projects, so breadth of experience is a great attribute for a successful candidate.
 
DUTIES & RESPONSIBILITIES
The position will be a mix of strategic / project management and hands-on technical duties. 
  • Familiar with translating a policy document and improving it (baseline on mobile device management and then adding some specific things to sharpen it where appropriate)
  • Comfortable working both as an individual contributor as well as able to build partnerships and trust throughout the organization leveraging your industry infosec skills and knowledge
  • You'll be involved in security architecture design, administration, and support for ongoing IT and Web initiatives
  • Conduct security risk assessment and remediation for business processes, enterprise infrastructure and applications
  • Develop and facilitate deployment of information security governance documents: policies, frameworks, programs, procedures, and audits
  • Define, develop, and implement security models for Intellectual Rights Management, data confidentiality classification
  • Proactively monitor security threats and vulnerabilities; event management and logging, identify and prevent potential intrusions using SIEM, DLP, IPS/IDS, other tools; advanced malware/Threat analysis and protection
  • Plan and execute security related projects, deploying new security solutions and best practices, providing guidance to company’s engineering and QA teams
  • Establish, monitor, evaluate and report key security performance and risk assessment indicators to provide management with accurate evaluation of the enterprise security state and the information security program effectiveness
  • Compliance assessment and reviews; alignment of security controls for business processes and applications with applicable regulatory governing documents like SOX, PCI, COPA, Safe Harbor, ISO 27001, OWASP 
  • Develop and maintain User Security Awareness program; organize and provide security training to employees, contractors, interns
  • Monitor and study relevant media and specialized vendor resources, provide assessment and recommendations to address emerging threats, vulnerabilities
  • Site Security Assessment of corporate premises, third parties, cloud services
 
TECHNICAL SKILLS REQUIRED
  • Experience with TCP/IP, vulnerability management, pen testing, etc.
  • Knowledge of network security, TCP/IP, DNS, DMZ, Firewalls, Application Firewalls (Web, XML, Database), best practice design and deployment; hardening hardware/software, secure VPN and FTP, Forward and reverse proxies
  • Experience with Integration with Business, Information, Technology architectures
  • Familiarity with security aspects for N-tiered application architecture and web-based applications
  • Knowledge of authentication, authorization, data confidentiality, non-repudiation, integrity, audit logging
  • Experience in organizing and leading projects with managed security service providers
  • Assess and manage Third Party Security  
  • Incident response and digital forensics experience
  • Windows and Linux security models, basic administration and audit
  • Linux and Windows scripting, command line utilities (Shell, Visual Basic, Perl, Python, awk)
  • Knowledge of security policies and best practices; developing governance documents, certificate management
  • Experience with Identity access management (IAM) and role based user access control, end point security 
  • Knowledge of password management and SSO implementation
  • Virtualized, cloud, mobile environments, MDM
  • Browser security concepts (e.g. Tokens), risks (e.g. XSS); configuring SSL/TLS, PKI servers
  • Hardening J2EE, Tomcat, Web servers (IIS, Apache)
  • Application Security specifics development and custom codes - PHP, ASP, Java, C# platforms
  • Databases (Oracle, MS SQL) – audits, data encryption at rest and in transit
  • Vulnerability assessments and IT auditing
  • LDAP (Oracle Sun One preferred), Active Directory, including administration and design of custom LDAP schemas
 
QUALIFICATIONS
  • Knowledge of McAfee ePO, Nessus and Symantec tools preferred (equivalent experience with other tools may be considered)
  • Must be able to interface with the Development Team to implement changes in the development process / coding to address application level security issues.
  • The manager is seeking a candidate who is able to work both hands on and at a high (strategic) level
  • Strong executive presence skills required
  • Must have strong prioritization skills, able to work on multiple complex projects at the same time (3-4) 
  • One of Major InfoSec Certifications (CISSP, CISM, SANS) would be preferred but not required.
 
INTERESTED APPLICANTS
If you are interested in pursuing this opportunity, please respond back and include the following:
 
• Full MS WORD Resume
• Current and required compensation
• Current contact information
• Availability
 
Upon receipt, one of our managers will contact you to discuss the position in full detail.
 
 
Jason Denmark
INTERMEDIA GROUP, INC.
131 Varick Street
New York, NY 10013
Voice: 212-248-0100
Email: jdenmark@intermediagroup.com

Recruiter Contact

Jason Denmark
INTERMEDIA GROUP, INC.
131 Varick Street
New York, NY 10013
Voice: 212-248-0100
this job portal is powered by CATS