Hi BusinessPartners, Hope you are doing great! Our client is looking for* Lead Application Security Engineer at Eagan, MN - 6+ Months* - Please share resumes to [email protected]
*Lead Application Security Engineer * This is a new position, and has a possibility of being a temp to permanent assignment. The individual selected for this position will be working with internal stakeholders throughout Thomson Reuters, particularly the security team. The Hiring Manager stressed that candidates submitted to this position should not only have Network Security experience, this position will be very focused on Application Security. The candidates that will excel in this role will have a background in development, and should know how to coordinate security audits and leverage Veracode. The must haves for this position are Veracode, Blackduck, and Qualys. Preferred qualifications are experience in CISSP, CISM, or CISA (with particular weight given to CISSP); some experience in Network Security. The Lead Security Engineer supports FindLaw security operations in provisioning, event monitoring, incident management, compliance updates, and risk remediation efforts. The role will be involved in the implementation of new security solutions, creation and maintenance of policies, as well as coordinating vulnerability audits, security risk assessments and remediation plans. The Lead Security Engineer is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals. Division/Group/Role *Key Responsibilities & Technologies * • Participate in the planning and design of FindLaw’s security framework and strategy. Responsible for the creation of security documents (policies, standards, baselines, guidelines and procedures). • Serve as primary incident contact for any FindLaw security incidents and partner with other FindLaw and TR stakeholders to investigate root cause, recommend remediation steps and coordination execution of remediation plans. • Maintain up-to-date detailed knowledge of the Technology security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. • Contribute to the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically. • Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). • Participate in the design and execution of vulnerability scanning and assessments, penetration tests and security audits. Monitor all in-place security solutions for efficient and appropriate operations. Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security. • Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution. • Ensure that appropriate policies and procedures are followed to support timely and accurate provisioning of user access. Understand user access administration compliance requirements and ensure processes are designed to support and monitor compliance. *Qualifications, Knowledge, and Skills: * • Proven analytical and problem-solving abilities. • Ability to effectively prioritize and execute tasks in a high-pressure environment. • Strong written, oral, and interpersonal communication skills. • Ability to conduct research into Technology security issues and products as required. • Ability to present ideas and document artifacts to business, technology and executive audiences. • Highly self-motivated and directed. • Keen attention to detail. • Team-oriented and skilled in working within a collaborative environment. *Education and Experience: * • Bachelor’s Degree in Computer Science, Management Information Sciences, Mathematics, Engineering, Business, or area of functional responsibility preferred, or a combination of equivalent education and experience. • 7+ years hands-on experience and demonstrated expertise with security platforms and tools such as firewalls, logging and monitoring, intrusion detection, vulnerability scanning, and penetration testing. • Experience using security tool strongly preferred, including: Veracode, Blackduck, and Qualys • One or more of the following certifications is strongly preferred: o CISSP – Certified Information Systems Security Professional o CISM – Certified Information Security Manager o CISA – Certified Information Systems Auditor -- *Thanks & Regards* *Lucky Pawar* Sr Technical Recruiter *Integrated Technology Strategies, Inc.* Ph: 856-677-3043 [email protected] | www.itstrategiesinc.com Yahoo/Gtalk IM : laxmikanthpawar -- You received this message because you are subscribed to the Google Groups "US_IT.Groups" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/us_itgroups. For more options, visit https://groups.google.com/d/optout.
