Terrific Long-Term Contract Opportunity with a FULL suite of benefits!
As one of the largest financial institutions in the world, our client has been around for over 150 years and is continuously innovating in today's digital age. If you want to work for a company that's not only a household name, but also truly cares about satisfying customers' financial needs and helping people succeed financially, apply today.
Position: Information Security Engineer
Location: Multiple Locations Across the U.S.
Term: 6 months
- The individual will be working with other subject matter experts to help various applications to harden their operational environments to ensure that confidential data is well secured while still allowing business to conduct their needed activities in pre-production (Data Analytics, Quality Assurance testing, etc.)
- The individual will work on helping to document hardening patterns based on various business use cases and operational environments.
- Designs, documents, tests, maintains, and provides issue resolution recommendations for highly complex security solutions related to networking, cryptography, cloud, authentication/directory services, email, internet, applications, and/or endpoint security.
- Provides security consulting on large projects for internal clients to ensure conformity with corporate information security policy, and standards.
- Leads computer security incident response activities for highly complex events, conducts technical investigation of security related incidents and conducts post-incident digital forensics to identify causes and recommend future mitigation strategies.
- Reviews and correlates security logs. Identifies current/emerging security vulnerabilities/issues, performs risk assessments, and evaluates remediation alternatives.
- Possesses subject matter expertise at a mastery level in current/emerging security solutions and best practices used to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification/modeling/monitoring, incident response, access management, and business continuity.
- May interface with executive management.
Is this a good fit? (Requirements):
- 7+ years design and planning experience in systems, applications or IT Architecture
- 7+ years of information technology systems design and planning experience; in systems, applications, or architecture
- 5+ years of information security experience
- Highly specialized skills in security architecture, application security and thread modeling
- 7+ years of information security applications and systems experience
- 6+ years of information technology applications and systems experience
- Advanced Information Security technical skills
- Ability to manage complex issues and develop solutions
- Strong verbal and written communication skills
- A “generalist” with experience with information security technologies in different domains including: identity management and access control, application and database security, network and infrastructure security, and cryptographic algorithms and key management
- Knowledge of security controls for data storage on system, shares and various databases.
- Understanding “Big Data” concepts and tools, including security concepts of data masking, tokenization and synthetic data.
- Understand current major threats and vulnerabilities facing the industry and financial sectors
- Understand end to end application security vulnerabilities and exploitations, and mitigation controls, familiarity with general security standards, such as OWASP, NIST, ISO, CVE, X9
- Knowledge of cloud-computing and the relevant security impacts. Experience with AWS, Azure, and/or Google cloud platforms.
- Experience with threat assessment and modeling, risk management, and regulatory compliance in the financial industry
- Knowledge of modern web application architecture and technologies
- Experience in conducting vulnerability tests of systems and/or code reviews.
- Have the demonstrated ability to quickly analyze an unfamiliar product or system, identifying and prioritizing threats and suggesting mitigating controls.
- Documentation skills to contribute to development of architecture patterns documents on how to keep confidential data secured in various non-production environments to support various use cases.