Application Security Process Manager, Cyber Defense
Company Name:
Deloitte
Deloitte
services
LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.
job
Overview:
Manages Cyber Defense programs focused on application security and application security testing. The application security program spans enterprise technologies to include purchased commercial applications, mobile applications, internally developed code, and 3rd party vendor solutions. Additionally supports enterprise penetration testing and vulnerability management. Will also assist with Security Intelligence programs used to tailor rapid security response to emerging threats. Performs analysis of application security scan results and provides the appropriate teams with guidance for security issues that need to be remediated. Strong awareness of current and developing security threats and technologies to support research and recommendations will be necessary. Works closely with management, leads, peers, development teams, business analysts, and end users to ensure data protection for systems used by all areas the organization.
Responsibilities:
Define, Manage, and perform continuous improvement of the application security testing program for the US Firms
Identify application security vulnerabilities through the use of security scanning tools and notify the appropriate team to take necessary action. This may include defining the security controls and parameters that will be measured. An understanding of current web application development languages is necessary to communicate compensating controls and potential remediation activities.
Assist with network and application security penetration testing activities, including scheduling, resources, tool execution, and reporting. An understanding of diverse operating system security controls is necessary in order to assist support teams in determining the level of remediation.
Independently, or through leading other staff, design, recommend, plan, develop and support implementation of project-specific security solutions to meet tactical, and control requirements.
Monitor results of vulnerability scanning tools, review the level of risk for each finding, and determine what actions are necessary while considering compensating controls. This includes working with support teams to resolve items of significant risk to the organization. An understanding of web and database technologies is necessary in order to ensure the risk-level of each finding is rated appropriately based on impact and likelihood.
Develop reports using data that is hosted in multiple sources (e.g. spreadsheets, databases) and communicate clearly to management and other team members.
Identify potential security exposures that may currently exist or may pose a potential future threat to the U.S. Firm's networks or systems. Ensure IRC management is notified when these exposures are identified, as well as a proposed solution for remediation.
Work jointly with Infrastructure and IRC teams to periodically review existing security device architecture and recommend potential updates or enhancements for group review.
Monitor security blogs, articles, reports, as well as other sources to keep up to date on the latest security threats and trends. Report significant threats to management for analysis and action.
Performs other job-related duties as assigned.
Primary
Qualifications:
5 years of relevant technology experience, preferably in a professional services environment; at least one year of information security related experience
Preferred Bachelor's Degree; 1 to 3 years of relevant experience may substitute equivalent experience for college degree
Understanding of code development, security architecture and design, countermeasures, and emerging threats to enterprise applications. Additionally should possess understanding of common attack tools, and vulnerability detection/management tools
Understanding of tools, techniques, and procedures to effectively assess the defensive posture of an information system
Possession of current CISSP and/or ethical hacking certifications preferred
Familiar with and able to apply time-proven, generally-accepted security methods, concepts and techniques as they relate to the Deloitte U.S. Firms
US Citizenship required. Must have or be eligible to attain a US Security Clearance in the future if needed
Familiar with and able to apply generally-accepted security methods, concepts and techniques as they relate to this organization
Understanding of underlying infrastructure architecture including WANs, LANs, Internet, intranets, and communication protocols such as TCP, UDP, and IPSEC
Excellent written/verbal/ communication, listening and facilitation skills
Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle
events
, issues and obstacles
Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
Consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.)
Negotiation skills needed to obtain commitments to remediate risks and vulnerabilities from leadership of other teams
Ability to learn and retain new skills as required meeting a changing technical environment.
Ability to occasionally work non-standard shifts and/or on-call to support the requirements of the organization
Ability to effectively network, participate in and lead matrixed teams, and develop key working relationships
Please apply here - http://careers.deloitte.com/
jobs
/eng-US/details/j/E14NATSMGRBJ201-ITL5/application-security-process-manager-cyber-defense
Estimated Salary: $20 to $28 per hour based on qualifications.
Deloitte
Deloitte
services
LP includes internal support areas such as Marketing and Communications, Human Resources/Talent, Information Technology, Facilities Management, and Financial Support Services.
job
Overview:
Manages Cyber Defense programs focused on application security and application security testing. The application security program spans enterprise technologies to include purchased commercial applications, mobile applications, internally developed code, and 3rd party vendor solutions. Additionally supports enterprise penetration testing and vulnerability management. Will also assist with Security Intelligence programs used to tailor rapid security response to emerging threats. Performs analysis of application security scan results and provides the appropriate teams with guidance for security issues that need to be remediated. Strong awareness of current and developing security threats and technologies to support research and recommendations will be necessary. Works closely with management, leads, peers, development teams, business analysts, and end users to ensure data protection for systems used by all areas the organization.
Responsibilities:
Define, Manage, and perform continuous improvement of the application security testing program for the US Firms
Identify application security vulnerabilities through the use of security scanning tools and notify the appropriate team to take necessary action. This may include defining the security controls and parameters that will be measured. An understanding of current web application development languages is necessary to communicate compensating controls and potential remediation activities.
Assist with network and application security penetration testing activities, including scheduling, resources, tool execution, and reporting. An understanding of diverse operating system security controls is necessary in order to assist support teams in determining the level of remediation.
Independently, or through leading other staff, design, recommend, plan, develop and support implementation of project-specific security solutions to meet tactical, and control requirements.
Monitor results of vulnerability scanning tools, review the level of risk for each finding, and determine what actions are necessary while considering compensating controls. This includes working with support teams to resolve items of significant risk to the organization. An understanding of web and database technologies is necessary in order to ensure the risk-level of each finding is rated appropriately based on impact and likelihood.
Develop reports using data that is hosted in multiple sources (e.g. spreadsheets, databases) and communicate clearly to management and other team members.
Identify potential security exposures that may currently exist or may pose a potential future threat to the U.S. Firm's networks or systems. Ensure IRC management is notified when these exposures are identified, as well as a proposed solution for remediation.
Work jointly with Infrastructure and IRC teams to periodically review existing security device architecture and recommend potential updates or enhancements for group review.
Monitor security blogs, articles, reports, as well as other sources to keep up to date on the latest security threats and trends. Report significant threats to management for analysis and action.
Performs other job-related duties as assigned.
Primary
Qualifications:
5 years of relevant technology experience, preferably in a professional services environment; at least one year of information security related experience
Preferred Bachelor's Degree; 1 to 3 years of relevant experience may substitute equivalent experience for college degree
Understanding of code development, security architecture and design, countermeasures, and emerging threats to enterprise applications. Additionally should possess understanding of common attack tools, and vulnerability detection/management tools
Understanding of tools, techniques, and procedures to effectively assess the defensive posture of an information system
Possession of current CISSP and/or ethical hacking certifications preferred
Familiar with and able to apply time-proven, generally-accepted security methods, concepts and techniques as they relate to the Deloitte U.S. Firms
US Citizenship required. Must have or be eligible to attain a US Security Clearance in the future if needed
Familiar with and able to apply generally-accepted security methods, concepts and techniques as they relate to this organization
Understanding of underlying infrastructure architecture including WANs, LANs, Internet, intranets, and communication protocols such as TCP, UDP, and IPSEC
Excellent written/verbal/ communication, listening and facilitation skills
Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project lifecycle
events
, issues and obstacles
Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
Consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.)
Negotiation skills needed to obtain commitments to remediate risks and vulnerabilities from leadership of other teams
Ability to learn and retain new skills as required meeting a changing technical environment.
Ability to occasionally work non-standard shifts and/or on-call to support the requirements of the organization
Ability to effectively network, participate in and lead matrixed teams, and develop key working relationships
Please apply here - http://careers.deloitte.com/
jobs
/eng-US/details/j/E14NATSMGRBJ201-ITL5/application-security-process-manager-cyber-defense
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
