Job Description :
Description:
Strong J2EE, EJB, MQ Series, Web Services/REST, Oracle 12.
Maven/Jenkins/Sonar.
Solid understanding of OWASP standards.
This is a hands on Java Developer/architect role that will work on the Compass Team and interface with UHG Security.
Candidate will need to have hands on Java, Rest Svcs, Strong middleware background, Soap Restful, MQ messaging.
Will need to review the testing reports in Fortify, facilitate any code changes.
Work with Architects to ensure code security issues are taken care of.
Should be familiar with Siteminder and how it interfaces with the web server.
Must be able to understand Application Roadmap.

What skills/attributes are a must have?
6 or more years of experience providing technical leadership and operational support for complex enterprise security projects/programs for large enterprise organizations
6 or more years of experience in network/applications/database security architecture, engineering, and technical oversight for large enterprise systems with PII/PHI/PCI/FISMA related data flows
Experience conducting and applying threat modeling to large and complex and virtualized architectures
Knowledge of infrastructure, application, and data security architecture best practices
Fluency with IT governance standards including NIST, COBIT, ISO 27001, OCTAVE, ITIL
Experience complying with regulatory guidance at the State and Federal level to include but not limited to SOX, HIPAA, HITRUST, GLBA, PCI-DSS, CMS/HHS and/or CFR Part 11
Experience executing security architecture processes within agile methodologies.
Specific experience leading security programs from requirements through implementation.
Experience working with large tier security vendors leading RFI/RFP’s
Experience with analyzing, troubleshooting, and investigating security-related, information systems'' anomalies based on security platform reporting, network traffic, log files, host-based and automated security alerts.
Experience with some or all of the following: TCP/IP | OSI Model, system logs (WMI, syslog, etc, antivirus, IDS/IPS, packet analysis, configuration standards, Group Policy, Vulnerability analysis, Event Correlation, Forensics, IDS/IPS rule sets and signature creation, web application security, pen-testing, reverse engineering, Honeypots, IOC, advanced threat detection, code analysis. Data Loss Prevention (DLP), Log Indexing and Correlation platform, Network Access Control (NAC), Physical access control systems

What skills/attributes are nice to have?
Industry-specific certifications, including one or more of the following: C|CISO, CISSP, CISA, CISM, CGEIT or current JCNE/CCIE lab passed with a valid certification number.
Master’s degree in Information Security, Software Engineering