Enter the base name or location (i.e. "North Carolina" or "Pearl Harbor")
|Army||Air Force||Coast Guard||Navy||Marines|
Title: Security Architect
Location: US-FL-St. Petersburg-Saint Petersburg
The primary responsibility is to provide solution architecture and engineering guidance (design, development, deployment) on all aspects of security at Raymond James.
Implement Software Security Services
· Security Architecture Analysis and Design Reviews
· Security Code/Product Reviews (SDLC)
· Recommendations of procedural and technological compensating controls (Secure Coding best practices implementation and training)
· Application Threat modeling and Mitigation Services.
Strengthen the Risk Assessment process with pertinent technical criteria to better assess the risk ratings of our applications.
Institute/Strengthen our Vulnerability Management process which includes bugs, patches, configuration management advice.
Prospective candidate should possess the following skills and qualifications:
· Minimum 5 years in the Enterprise Security space covering information (storage, transmission, etc.), application (design and development), deployment, run-time (access), and operation/support.
· In depth understanding of Security Protocols that support applications such as SFTP, Secure-HTTP, SSH, SSL
· In depth understanding of Application and Web Layer Security : Web 2.0, Ajax/JSON, .NET, Share point, SOAP, SOA, Secure Messaging
· Ability to apply application security principles to multiple operating system platforms such as Windows, SUN OS, Linux, and others
· In depth understanding of application vulnerabilities and fault injections as cross-site scripting, SQL injects, buffer overflows, malicious code insertion etc.
· Experience in the following areas mandatory.
o Core Security and Vulnerability Scanning and Penetration Testing Tools : e.g., Nessus, Qualys, Nikto, Superscan, HTTPrint, WebScarab, Paros Proxy, OWASP CSRF Tool
o Code Security Analysis (manual and leveraging automated scanning tools such as Ounce Labs, Fortify, and Klockwork)
· Must have implemented an enterprise scale threat mitigation and assurance strategy for software development.
· Working knowledge of network, host, physical aspects of security infrastructure
· Experience working with offshore systems development vendors a plus.
An engineering (Computer Science/ Electrical & Electronics degree), preferably
from a top university, with a GSSP certification in Java or .Net