Desired Skills and Experience

  • Architect and implement security solutions; Evaluate, design, implement, and manage security tools/infrastructure such as intrusion detection and prevention systems (IDS/IPS), vulnerability scanners, anti-malware, security information and event management (SIEM) products, web application firewalls (WAF), data loss prevention (DLP) tools, web proxies, forensic toolkits, multi-factor authentication (MFA), key management, etc.
  • Perform risk assessments, vulnerability management, penetration testing and patch management for Linux, Mac, Windows systems and web applications. Work closely with engineering teams to proactively identify and fix security flaws and vulnerabilities.
  • Create framework for continuous security monitoring and incident response procedures. This includes app sec testing, scanning consolidated system logs and other audit trails on a continuous basis to detect attacks and working with internal and external parties to address events, conduct investigations, and carry out remedial actions. 
  • Oversee execution and completion of the company’s application and infrastructure related security tightening activities which include access reviews, password and key rotations, encryption, code analysis, penetration testing, etc.
  • Enforce security governance and promote a security culture within the company by maintaining and evangelizing information security policies, standards and procedures. 
  • Provide support and guidance for legal and regulatory compliance efforts, including audit support and ensure that our business processes are vetted from a risk and compliance perspective
  • Be the security subject matter expert and thought leader in the company. Stay abreast with latest developments in the field which includes awareness of new threats and vulnerabilities that may require proactively taking preventive measures.
  • 5+ years or more of information security experience implementing encryption and key management, intrusion detection (IDS), network security, Security Information and Event Management (SIEM) tools and log management, web application and network vulnerability scanning, penetration testing, etc.
  • Proficient in coding to automate security functions and processes
  • Experience with AWS security best practices and general infrastructure (KMS, EC2, S3, IAM, VPC, Route53)
  • Strong knowledge of networking concepts, protocols (TCP/IP, HTTP, DNS, TLS) and technologies including firewalls, TLS, IDS/IPS system, cryptographic systems, identity management systems, RADIUS, etc.
  • Strong knowledge of application and system security, web security, TLS/SSL, web authentication protocols such as OAuth, Role Based Access Control (RBAC), privilege models 
  • Experience with identity and access management concepts such as SAML federation, OAUTH and MFA
  • Experience with systems auditing and monitoring to ensure compliance
  • Knowledge of common attack patterns and exploitation techniques
  • Knowledge of enterprise and industrial security standards such as HIPPA, SOX, etc.
  • Good understanding of RESTful designs and cloud APIs
  • Experience in the Financial Services industry and working knowledge of SOX and Payment Card Industry (PCI) Data Security Standards (PCI DSS) as well as experience in the implementation of controls to mitigate PCI issues
  • CISSP certification