Previous Job
Previous
Mobile Security SME
Ref No.: 17-00872
Location: Wayne, New Jersey
Rate: 650 $ P/D (Including our margin)
Duration: 1 yrs
JD:
IT Security Architecture, Mobile Security SME Job Description:
The Security Architecture (SecArch) team is part of the Technology Infrastructure Risk (TIR) organization. The mission of the SecArch team is to provide security architecture assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices. The SecArch Mobile Security SME is an internal consultant that is working on multiple security architecture and design assessments spanning multiple classes of technologies, generally surrounding mobile security. The consultant is expected to be capable of conducting a SecArch review from a general scope, while having subject matter expertise in mobile security that includes an in-depth knowledge of mobile platform and application security. It is an opportunity to get involved in multiple business units and technologies inherent to the mission of SecArch. The Integrator works with team members (Technology, Business, Suppliers, Stakeholders and Partners) globally to perform SecArch assessments. To be successful as an Integrator the candidate must have deep mobile technology subject matter expertise & broad overall technology experience coupled with risk management, communication, and time management skills. A SecArch Mobile Security SME has the following responsibilities:
Lead SecArch deep dives with the requestor of the assessment
  • Prioritize risks identified in relation to business risks3. Conduct assessment and provide technology risk/requirements to the requestor.
  • Areas covered: a. Authentication, Authorization, Auditing. b. Secure data transport and storage c. Application Security
  • Session Security, Vulnerability/Pen Testing items, Input Validation.
  • Mobile Application Security - Data storage/protection, application hardening.
  • Infrastructure - Infrastructure supporting mobile applications/platforms, such as MDM.
  • Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
  • Perform hands-on assessments of mobile applications and platforms as part of assessment validation and strategy definition.
  • Produce position papers and knowledge articles on testing/research performed. Skills and Experience/Soft Skills (Required):
  • Excellent communication skills: written, oral, presentation, listening Ability to influence through factual reasoning.
  • Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking. Strong focus on delivery when presented with short timelines and increased involvement from senior management .Ability to adjust communication of technology risks vs business risks based on the audience Security Architecture Skills1Required
  • In depth knowledge of mobile, application, network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers Required Experience in conducting Information Security, IT Security, Audit assessments.
  • Presenting the outcomes of the assessment and obtaining buy in.
  • Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness. The candidate must have working experience in the following application/network security domains: a. Authentication: SAML, SiteMinder Kerberos, OpenIdb.
  • Entitlements and identity management.
  • Data protection, data leakage prevention and secure data transfer and storage.
  • App Security - validation checking, software attack methodologies.
Cryptography encryption and hashing Desired: Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, vpn, and load-balancers, and to understand network architecture