Job
Description
As a Security Architect Integrator in Mumbai, India, you will have the following responsibilities: - Lead SecArch deep dives with the requestor of the assessment - Conduct assessment and provide technology risk/requirements to the requestor. Areas covered: - AAA (Authentication, Authorization, Auditing) - Application Security (Session Security, Vulnerability/Pen Testing items, Input Validation) - Secure data transport and storage - Periodically review security reference architecture (security blueprints) and conduct updates/enhancements - Participate in various Operational and Technology Risk governance processes - Assist in identifying new areas and opportunities of technology investment for the firm In order to excel in this role, you should possess the following qualifications: - Excellent communication skills: written, oral, presentation, listening - Ability to influence through factual reasoning - Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking - Strong focus on delivery when presented with short timelines and increased involvement from senior management - Ability to adjust communication of technology risks vs business risks based on the audience Security Architecture Skills: - In-depth knowledge of application and basic knowledge of and network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers - Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy-in. - Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness. - The candidate must have working experience in the following application/network security domains: - Authentication: SAML, SiteMinder, Kerberos, OpenId - Entitlements and identity management - Data protection, data leakage prevention and secure data transfer and storage - App Security - validation checking, software attack methodologies - Cryptography - encryption and hashing - Even though the SecArch Integrator role is not a development role, the candidate must have understanding in programming, design, and application architecture. - In order to be a practical SecArch Integrator, the candidate must have experience implementing complex applications in an enterprise environment. - Knowledge of programming and scripting languages: Java, JavaScript, C#, C/C++, Perl, Python Other Areas of Expertise: - Frameworks, protocols, and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries, JMS, RMI, JMX, Hibernate. - Knowledge of JSP/Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex/Silverlight. - Database design and programming experience - Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators) - Experience in conducting and/or reviewing penetration tests, dynamic vulnerability assessments, and static vulnerability assessments - Understanding of geographic regulations and their impact on Security assessments - Previous experience in Financial Services is preferred - CISSP or other industry qualification - Desired experience working with global organizations,
