Identify system vulnerabilities, correct risk exposures, and mitigate technical security risks for high-risk internet based banking applications.
Apply application security principles to interpret security standards, procedures, and guidelines for multiple platforms and diverse environments (client server, distributed, and mainframe).
Design and implement security solutions, recommend enhancements, and define mitigating risk controls for new and existing banking technology systems.
Define secure application configurations and work with development teams to Analyze root cause of technology security issues, identify system vulnerabilities, assess detection and protection capabilities, and develop corrective action plans to improve information and data security.
Experience and understanding of Industry Security Standards (e.g. NIST standards, ITIL, ISO 27001 etc.)Understanding of compliance standards in Financial domain (e.g. PCI)
Hands-on experience with Java enterprise application development: HTML, java script, SQL, JSON, XML, SSL/TLS, REST, SOAP
Understanding of Infrastructure security (network, host, application level)
Experience in secure application development & testing: application intrusion and vulnerability
Experience in data encryption (PHI, PII data), password security, tokenization techniques, PKI
Experience in developing enterprise security architecture and/or developing reference architecture for security controls including protecting data-in-motion and data at rest and identity and access management.
Experience with cryptography, implementing tools such as HPE Voltage, Oracle TDE, vulnerability assessment and mitigation, penetration testing, and security implementations.
Understanding of Micro services architecture, API management, Messaging and ETL.
Understanding of Java tech stack including containers such as WebSphere, and integration technologies such as WebMethods and Talend.