Job Description :
Job Description
Position 1
Application Security Analyst:
What you'll be doing:
Assess software security by performing security testing, participating in code reviews
Work in partnership with software development teams to ensure that appropriate software security controls have been designed and built within web and client/server applications
Lead the development, implementation and maintenance of the Application Security initiatives as part of a larger security program across all technology and development groups
Conduct security training for the developers
Other various security tasks
What you'll need to be considered:
Requires Bachelor’s degree in Computer Science, Business or a related field.
At least 2 years of Application security experience is a must.
Strong working knowledge of general networking concepts with a variety of the field’s concepts, practices, applications and procedures.
Working knowledge of Microsoft’s Active Directory is preferred.
Must be proficient in use of Microsoft Office applications.
Working knowledge of Linux is preferred.
Experience with programming languages such as Web, J2EE and .Net frameworks and their architectures, with JAVA required.
Must have an understanding of Information Security and Secure Coding principles.
Security qualifications: CEH, GSEC, GWEB, GSSP-JAVA, GWAPT, certification preferred.
General knowledge of security requirements required by HIPAA, HITECH or other federal or state regulations is preferred.
Customer focused and service oriented to ensure timely and accurate performance and benchmark achievement.
Position 2
Information Security Engineer:
What you will be doing:
You will be responsible for system security efforts. You will help the enterprise IT team by providing access to and protecting the confidentiality and integrity of customer and business information. You will also responsible for the research, technical analysis, recommendation, configuration, and administration of systems and procedures. Your goal will be to ensure the protection of information processed, stored or transmitted across the enterprise and externally. You will need to develop a strong working relationship with IT and business users to ensure security services are aligned with the needs of the business. You will need to make sure risks are effectively managed and the proper level of security awareness is maintained across the organization.
What you need:
· Requires Bachelor’s degree in Computer Science, Business or a related field.
· At least 1 year of Information Security / Technology experience required.
· Industry certifications in the areas of Information Security/Systems preferred.
· Strong working knowledge of general networking concepts.
· Customer focused and service oriented to ensure timely and accurate performance
and benchmark achievment.
· Must be proficient in use of Microsoft Office applications.
· Vulnerability Assessment process and tools experience is preferred.
· General knowledge of security requirements required by HIPAA, HITECH or other federal
or state regulations is preferred.
· Experience working with perimeter technologies (e.g., router, firewalls, web proxies
and intrusion prevention, etc and vulnerability management tools (i.e. vulnerability
scanners, file integrity monitoring, configuration monitoring, etc.
· Knowledge of configuration management, change control, risk assessments, exception
mgt and security baselines (e.g. CIS Baselines, NIST, vendor security technical
implementation guides, etc.
· Knowledge of and experience with applying Common Weakness Enumeration (CWE),
Common Vulnerability Scoring System (CVSS), Common Vulnerablilities and Exposures
(CVS), and Open Web Application Security Project (OWASP) processes and remediation
· Ability to effectively identify, evaluate and communicate new and ongoing security threats
to senior management.