Looking for:Someone who has good understanding of Security Auditing, Threat Modeling, Network/DB security and compliance.Any programming knowledge is helpful but not mandatory, they are not doing any coding.
Knowledge of SAST, DSAT scan.Job Description:Targeted Years of Experience: 7 to 10 yearsThe Product Security Team ensures security by design product engineering and architecture for client products. In this role as a Senior Security Analyst, candidate will conduct security assessments for products and solutions developed by the Client Consumer Group.
Candidate will collaborate with various cross functional teams and help to create, define, and implement security controls and tooling in conjunction with internal product development and partner teams.Evaluate security postures and provide recommendations for improvement and risk reduction for Cloud services, Mobile Platforms(IOS/Android/TvOS/FireTV), Web and Embedded applications (eg, build threat models, design reviews, document mitigation techniques, apply security design patterns, code review).Manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements.
Participate in deep architectural discussions to build confidence and ensure success when building new or migrating existing cloud infrastructures, applications, software, and services.Support projects at various levels, from ground level up to fully evolved projects, be able to dive into existing environments or help with the security design and requirements of a new project by evaluating the end-to-end environment of different types of services (SaaS, IaaS, PaaS) and client platforms (mobile, web, embedded applications).Continually evaluate new threats and attacks to identify the impact on business and help to develop and implement appropriate security controls.
Apply cryptographic primitives and protocols for authentication, authorization and data protection. Recommend and manage transmission protection requirements for all environments (eg, systems, applications, containers) such as VPC peering best practices, SSL certificate management, RSA key pairs, etc.Implement security modules, tools, and code snippets when needed.
Develop architectural documentation and best practices for infrastructure, applications, data protection and IAM securityTrain and coach engineering teams to integrate CI/CD pipeline tools, test plans and vulnerabilities assessment tools for Cloud and other platforms.Must Have Skills:Bachelor's degree in Computer Science or related fieldsSix or more years of relevant work experience.Experience with performing security requirements analyses to secure the deployment of large globally distributed cloud-based and/or mobile-embedded platforms.
Experience with OWASP Top 10 vulnerabilities and Cryptographic Algorithms: (PKI), X.509 Public Key Certificates, authentication protocols, and transport layer security, OID, OAuth, SAML.Development experience in C+/C, Swift, Java, Scala, Python or other languages and the ability to solve complex operational issues.
Desired Skills:Master's degree in Computer Science or equivalent engineering experience.Direct experience with implementing Security Services and tools in AWS such as GuardDuty, Macie, CloudTrail, CloudWatch, KMS, Compute (eg, EC2, GCE) Experience with storage technologies such as: S3, Networking: VPC, IDS/IPS, WPA, firewalls, reverse proxies, Load Balancers, Security Groups/List.Experience with configuration tools: AWS Config, AWS Inspector, SDK/CLI.
Vulnerabilities tools: Prisma Cloud, Crowdstrike, etc.Experience Container Security experience with Docker, ECS, Kubernetes.Experience with configuration languages/IaaC: JSON, CloudFormation TerraformExperience with SDLC for mobile platforms including use of obfuscation techniques, Reverse Engineering and Tamper Resistant software development on Mobile Platform.
Understanding of various types of Exploits, Threat Modeling, and Attack surfacesExperience with IT Security Frameworks such as NIST, ISO27001, PCI, DSS, FedRAMPOne or more of the following certifications: AWS Certified Solutions Architect (professional), AWS Certified Security (Specialty), CSA Certificate of Cloud Security Knowledge (CCSK), ISC2 Certified Cloud Security Professional (CCSP), CISSP. Pay Range: $85 $95The specific compensation for this position will be determined by a number of factors, including the scope, complexity and location of the role as well as the cost of labor in the market; the skills, education, training, credentials and experience of the candidate; and other conditions of employment. Our full-time consultants have access to benefits including medical, dental, vision and 401K contributions as well as any other PTO, sick leave, and other benefits mandated by appliable state or localities where you reside or work.
aType: ContractCategory: IT | SecurityDate Posted: 2024-04-02.
