Previous Job
Previous
Information Security Architect
Ref No.: 18-00872
Location: Philadelphia, Pennsylvania
Application Security Architect in Philadelphia, PA 19103

Interview Logistics:
phone then face to face
Required Skills Set:
Years of Experience: •10+ years of experience with information security •Min 2 years' experience in Cloud Security Design / Implementation / Management with exposure to AWS / Azure Native Security
Education Required: Bachelors Degree or Equivalent Work Experience
•Architected security for products, enterprise, information and other initiatives
•Proficient at the secure software development lifecycle and DevSecOps
•Proficient at identity, authentication and authorization systems
•Good understanding of cryptographic trust based systems
•Cloud security knowledge is a must
•Data and database security
•Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH, Fido knowledge preferred
•Knowledgeable in compliance standards like: PCI, CPNI, ISO 27001, FCC Regulations, SOX, Subscriber PII
•Knowledge of Intrusion Detection & Prevention Systems
Additional Preferred Skills:
•Strong understanding and exposure to Network Security, Operating System Security, Web Security and End Point Security
•Coding experience preferred but not required
•Certifications are a plus (CISSP, CISM)
Project Description:
•Perform security assessment and compliance activities by using assessment tools and procedures
•Continue to engage and build relationships with global Technology and Product Security teams
•Plan, research and design robust security architectures in partnership with App/Dev/platform teams for any Application/IT project
•Conduct and facilitate Threat modelling workshops
•Perform/participate in security architecture review (SAR) to ensure all security architecture design best practices and standards are met
•Perform planning and remediation of application static, dynamic and run-time code analysis (SAST, DAST, IAST/RASP) and also work with application and internal teams for to ensure secure coding practices are implemented
•Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals
•Oversee security awareness programs and educational efforts
•Respond to security-related incidents and provide a thorough post-event analysis
•Research security standards, security systems and authentication protocols, keep abreast with latest trends in the cyber security industry
•PCI Compliance Experience to conduct PCI Compliance activities
o Assist with planning and remediation of internal and external vulnerability, and external penetration scans, as needed
o Determine, document, and publicize the availability of PCI technical requirements
o Work with various departments to ensure that they are aware of and understand the technical PCI requirements that they must adhere to and sign off on
o Contribute content on PCI compliant requirements to support resources, including knowledge-base articles, quick reference cards, webinars, and training classes to raise understanding of PCI compliance
•Assist in evaluation, selection and implementation of encryption solutions and key management systems
•Assist in Vulnerability remediation in coordination with other ops / application teams
•Configure and run penetration test & Analysis and Suggestions
Physical Environment and Working Conditions:
open floor plan
onsite 5 days a week