Randstad IT Security Architect in Horsham, Pennsylvania
IT Security Architect
Monday, October 10, 2016
The Security Architect is responsible for the evaluation of the impact of security programs on the application and for the development and governance of application security.
This role is responsible for driving specific programs as well as the oversight of all application development to ensure developed solutions are secure and security concerns are addressed.
The architect also recommends information assurance/security solutions to support business requirements in a fast paced, evolving environment.
This position will ensure that IT security is applied to the technology infrastructure and information in accordance with established enterprise and industry Policies, Procedures and Standards.
- 6 or more years of experience providing technical leadership and operational support for complex enterprise security projects/programs for large enterprise organizations
- 6 or more years of experience in network/applications/database security architecture, engineering, and technical oversight for large enterprise systems with PII/PHI/PCI/FISMA related data flows
- Experience conducting and applying threat modeling to large and complex and virtualized architectures
- Knowledge of infrastructure, application, and data security architecture best practices
- Fluency with IT governance standards including NIST, COBIT, ISO 27001, OCTAVE, ITIL
- Experience complying with regulatory guidance at the State and Federal level to include but not limited to SOX, HIPAA, HITRUST, GLBA, PCI-DSS, CMS/HHS and/or CFR Part 11
- Experience executing security architecture processes within agile methodologies.
- Specific experience leading security programs from requirements through implementation.
- Experience working with large tier security vendors leading RFI/RFP s
- Experience with analyzing, troubleshooting, and investigating security-related, information systems anomalies based on security platform reporting, network traffic, log files, host-based and automated security alerts.
- Experience with some or all of the following: TCP/IP | OSI Model, system logs (WMI, syslog, etc.), antivirus, IDS/IPS, packet analysis, configuration standards, Group Policy, Vulnerability analysis, Event Correlation, Forensics, IDS/IPS rule sets and signature creation, web application security, pen-testing, reverse engineering, Honeypots, IOC, advanced threat detection, code analysis. Data Loss Prevention (DLP), Log Indexing and Correlation platform, Network Access Control (NAC), Physical access control systems
- Industry-specific certifications, including one or more of the following: C|CISO, CISSP, CISA, CISM, CGEIT or current JCNE/CCIE lab passed with a valid certification number.
- Master s degree in Information Security, Software Engineering