Job Description :
Key Responsibilities Include:
Provide the technical guidance and partner with JDF architecture, data, application and infrastructure areas to interpret security standards and derive appropriate solutions to manage risk and maintain compliance within the JDF application development areas.
Drive JDF SecDevOps and Secure Programming practices and processes including application requirements and design reviews for improving security and assist with the interpretation, prioritization and resolution of vulnerabilities identified through code scanning methodologies.
Identify and support the remediation of security vulnerabilities in applications, databases, middleware, operating systems, and networks.
Leverage a variety of methods to identify vulnerabilities, including but not limited to scanning tools, automation tools, and data analysis.
Partner with delivery teams across JDF IT to ensure appropriate security configurations for application development, connectivity and data exchange, middleware, etc., including participation in the development of hardening standards for cloud adoption and the application of secure coding standards to ensure confidentiality of client information and compliance with applicable standards and regulatory controls.
Ensure continuous improvement in the vulnerability management process by preventing vulnerabilities from being deployed to production; examples include reviewing tools and processes such as secure configuration and patch management; providing input into standards and policies; and performing retrospectives.
Keep current with industry trends and enterprise initiatives, to ensure that our Information Security program capabilities evolve with emerging threats, new technology capabilities, and business needs.
Required Skills and Experience:
4+ years of experience in Information Security focusing on security solution design, engineering, implementation and assurance.
2+ years of experience working with Information Security and IT general controls, including experience defining and documenting controls using COBIT 4.1 or 5.0, the NIST Cybersecurity Framework, the ISO 27k framework, the SANS 20 critical controls or similar experience.
2+ years application security experience with corresponding SecDevOps technologies (e.g. Jenkins, GitHub
Demonstrated experience with AWS security and application deployment best practices.
Understanding of code scanning and application vulnerability discover technologies and methodologies (e.g. DAST, SAST, penetration testing)
Strong knowledge of the OWASP Top 10 and other common software security knowledge indexes.
Understanding of the regulatory environment and experience with regulators.
Strong written and verbal communication.
Comfortable delivering tasks and assignments in an evolving and a maturing environment.
Preferred Skills and Experience:
Experience in Financial Services and or Banking industries.
Deep understanding of Information Security technologies including firewalls, IDS/IPS, Password Vaults, CASBs, SIEM, IT GRC, DLP, etc.
Experience with the FFIEC Cyber Security Assessment Tool.
Applicable certifications (e.g. CISSP, CISA, CISM, CGEIT, CRISC