Sr. Consultant Security Architecture Review+App Sec / Compliance

Role Overview: You will be responsible for leading SecArch deep dives with the requestor of the assessment, conducting assessments, providing technology risk/requirements, reviewing security reference architecture, participating in governance processes, and identifying new areas of technology investment for the firm. Key Responsibilities: - Lead SecArch deep dives with the requestor of the assessment - Conduct assessment and provide technology risk/requirements to the requestor. Areas covered: - AAA Authentication, Authorization, Auditing - Application Security Session Security, Vulnerability/Pen Testing items, Input Validation - Secure data transport and storage - Periodically review security reference architecture (security blueprints) and conduct updates/enhancements - Participate in various Operational and Technology Risk governance processes - Assist in identifying new areas and opportunities of technology investment for the firm Qualifications Required: - Excellent communication skills: written, oral, presentation, listening - Ability to influence through factual reasoning - Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking - Strong focus on delivery when presented with short timelines and increased involvement from senior management - Ability to adjust communication of technology risks vs business risks based on the audience - In-depth knowledge of application and basic knowledge of and network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers - Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy-in. - Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness. - Working experience in the following application/network security domains: - Authentication: SAML, SiteMinder, Kerberos, OpenId - Entitlements and identity management - Data protection, data leakage prevention and secure data transfer and storage - App Security - validation checking, software attack methodologies - Cryptography encryption and hashing - Understanding of programming and scripting languages: Java, JavaScript, C#, C/C++, Perl, Python, Ruby - Knowledge of frameworks, protocols, and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries, JMS, RMI, JMX, Hibernate - Database design and programming experience - Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators) - Experience in conducting and/or reviewing penetration tests, dynamic vulnerability assessments, and static vulnerability assessments - Understanding of geographic regulations and their impact on Security assessments - Previous experience in Financial Services is preferred - CISSP or other industry qualification - Experience working with global organizations is desired.,