Sec Design Generalist

A hashtag#SecDesign Generalist has the following responsibilities:

Lead hashtag#SecDesign deep dives with the requestor of the assessment.
Prioritize risks identified in relation to business risks.
Conduct assessment and provide technology risk/requirements to the requestor. Areas covered: hashtag#Authorization, hashtag#Auditing
hashtag#ApplicationSecurity – hashtag#SessionSecurity, hashtag#Vulnerability/Pen Testing items, hashtag#Input Validation
Secure data transport and storage
Network Security Principles and best practices.
Cloud Security Principles and best practices
Periodically review security reference architecture (security blueprints) and conduct updates/enhancements.
Participate in various Operational and Technology Risk governance processes.
Assist in identifying new areas and opportunities of technology investment for the firm.

Excellent communication skills: written, oral, presentation, listening.
Ability to influence through factual reasoning.
Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking.
Strong focus on delivery when presented with short timelines and increased involvement from senior management.
Ability to adjust communication of technology risks vs business risks based on the audience.

Security Architecture Skills

Required – In depth knowledge of application, network, and platform security vulnerabilities. Ability to explain these vulnerabilities to developers.
Required – Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.
Required – Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
Required – Knowledge of Cloud Service Providers (AWS/Google/Azure) cloud, DevOps and CI/CD
Required – The candidate must have working experience in at least three of the following application/network security domains:
Authentication: SAML, SiteMinder, Kerberos, OpenId
Entitlements and identity management
Data protection, data leakage prevention and secure data transfer and storage
App Security - validation checking, software attack methodologies.
Cryptography – encryption and hashing
Desired - Prior experience administering systems for version control (Bitbucket, Github), issue tracking (Jira), continuous integration (Jenkins, Github Actions), or release management.
Desired – Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, VPNs, and load-balancers, and understanding of common network architectures.