Job Description :
Responsible for maintaining & enhancing information security management program(s) to ensure integrity, confidentiality, and availability of information.
Provide guidance and best practice recommendations for IT security policies, procedures, and standards that meet regulatory requirements.
Assess and recommend process improvements to ensure all operational and application system changes undergo security impact assessment.
Develop and maintain system security plans, contingency plans, preparing Authority-to-Operate/MOU packages.
Generate security reports related to incidents, vulnerabilities, and configurations. Serve as project manager/lead within IT security projects.
Maintain knowledge of security regulations, best practices, countermeasures, compliance standards, and current threats.
Experience with Penetration Testing and Vulnerability Scanning
Working knowledge of static code analysis and vulnerability assessment tools such as Fortify Static Code Analyzer, Fortify Web inspect, Nessus, Netsparker, Black duck, Coverity, etc.
Experience in determining system risks, threats and implementing and monitoring controls to mitigate defined risks
Knowledge of SecDevOps a plus
Basic Qualification
Minimum of 4-6 years’ experience in Information Security is required
Excellent communication skills. Must be able to handle client meetings and cater to their security needs.
Strong interpersonal skills and the ability to work as part of a team.
Proficient in reporting and answering analytical questions using vulnerability data
Must demonstrate experience with implementing NIST and Federal Security standards on-premise and cloud environments.
Must be familiar with security tools such as Netsparker, HP Fortify, Splunk, Windows/Linux environments, and application patching for vulnerabilities. Industry-relevant security certifications are desired.