*Information/Security Specialist - NYC * *Location: NYC*
*Duration: 12 months* *Rate: Open* Req: The Application Security Specialist role is primarily focused on implementing, developing, and owning the integration of security into the NYSE Euronext application development/software development lifecycles. While this role is focused on application/development security, the role also encompasses other domains of information security risk management and their integration into the software development lifecycle. • Own and drive the development of NYSE Euronext secure software development program including the development and maintenance of NYSE Euronext policies and standards • Liaise with the wider Information Security group to ensure consistency and alignment with broader information security strategy. • Actively manage the security activities associated with secure software development to address existing and evolving risks and threats appropriately. • Act as SME, provide consulting and support to application development teams. • Work closely with development teams to remediate application vulnerabilities detected through security scanning tools. • Liaise with relevant stake-holders within the NYSE Euronext Technology group and business units to ensure that security awareness and issues are communicated effectively. • Carry out risk assessments and/or threat modelling to articulate the levels and types of security controls appropriate NYSE Euronext application/product initiatives. • Perform source code reviews, to ensure secure software development. • Research, initiate and drive the evaluation of tools/technologies/processes to maintain and enhance the security of applications/software produced by NYSE Euronext. • will create simple and usable artifacts to guide development and testing teams. • Manage application penetration tests. • Provide and/or organize appropriate application security training and awareness for technical and non-technical staff. • University degree in Information Security or similar. • Relevant professional qualifications/certifications (CISSP, CISM, CISA, CSSLP, SANS, CHECK, CREST). • Good understanding of information security standards, frameworks and best practice (e.g. ISO 2700x, OWASP, ITIL, CoBIT). • Experience in developing software in some of the following areas: C++, Java, C#, PHP, Perl, AJAX, SQL, SOAP, WCF, ws-*, REST, custom APIs, SAML, • Good understanding of threat modelling and security strategic methodologies (e.g. STRIDE, OCTAVE, DREAD, OSSTMM). • Good understanding and awareness of documentation required as part of the secure software development lifecycle. • Significant experience of information and application security preferably in the financial sector. • Excellent communication skills (written and verbal) and able to articulate key messages to a range of audiences. - can effectively discuss security challenges with developers and testers - Experience of at least one code security review tool e.g. Fortify SCA. - Can demonstrate ability to subjectively identify and rationalize information security flaws in code. • Is able to offer remediation and solutions to problems created by insecure code. is able to work with agile development groups and their delivery deadlines • Ability to lead and influence change Thanks, Jay Chauhan cyberThink Inc 1125 US Hwy 22 West Bridgewater, NJ - 08807-9837 Tel : (877)-223-7153 ext 533 Fax :(908) 429-8005 Email: [email protected] -- You received this message because you are subscribed to the Google Groups "Associate Programs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/associate_programs?hl=en.
