This candidate would work closely with Architecture team to secure the enterprise information system by determining security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures; mentoring team members.
- Enhances security team accomplishments and competence by planning the delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates
- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards
- Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation
- Verifies security systems by developing and implementing test scripts
- Maintains security by monitoring and ensuring compliance to DoD standards (RMF, NIST), policies, and procedures; conducting incident response analyses; developing and conducting training programs
- Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements
- Prepares system security reports by collecting, analyzing, and summarizing data and trends
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
- Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
- Bachelor’s degree with 10 or more years of hands-on experience in enterprise IT application development. May substitute equivalent combination of education and experience.
- Security+ or CISSP Certification or the ability to obtain one
- Experience working with development teams to build secure solutions
- Experience breaking down complex systems and applications to find security flaws
- Experience in Application Security vulnerabilities including the OWASP Top Ten Web Application Security Risks.
- Experience with static code (Fortify is a Plus) and dynamic scanning tools (Web Inspect or equivalent is a plus). Integration of scanning tools and Automation for periodical and on demand and integration with SDLC is a plus
- Knowledge of common web application and mobile frameworks • Familiarity with common vulnerabilities and attack vectors
- Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, TLS, PKI, etc.) and common protocols (RADIUS, LDAP, KERBEROS, SAML, etc.)
- Solid understanding of secure network and system design
- The ability to communicate complicated technical issues and the risks they pose to R&D programmers, network engineers, system administrators and management
S Nimbus LLC is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.