|Date Posted||August 27, 2019|
Cyber Security Lead Analyst for our expanding Blockchain Team!
My client is an emerging leader in blockchain technology and application delivery. They accelerate the development of blockchain infrastructure, middleware, and decentralized applications. Their teams bring extensive experience in architecting, designing, building, testing, securing and operating complex distributed systems to help early adopters of blockchain technology succeed. They work with multiple blockchain technologies including Hyperledger Fabric, Ethereum, and Stellar.
My client is looking for a Cyber Security Leader to oversee and administrate security for its commercial product security. The role is responsible for reviewing, implementing, updating and documenting the security policy framework(s) and controls to protect sensitive data and reduce organizational risk. The role will interface with clients and partners to define, communicate, execute, and certify Policy management and compliance to meet legal, regulatory and operational requirements.
Provide overall leadership for product security processes, controls, and procedures, ensuring compliance to global policies such as GDPR.
Maintain security certification levels such as NIST, ISO, and SOC for the product.
Ensure security policies and standards are reviewed and updated as necessary.
Work with partner organizations to ensure policies and standards comply with appropriate industry standards and regulations (Data Privacy, Compliance, Legal, Physical Security, etc...)
Present our internal policies and standards to customers, partners, internal teams, and senior leaders.
Design and manage the processes to enforce our policies and ensure they remain under control
Review proposed baseline configuration changes for compliance with policies and standards
Develop and Provide status reporting and metrics to leadership on a regular schedule.
Provide operational support, troubleshooting and maintenance of Security related processes, controls or products. Independently analyze and resolve problems of low complexity.
Configure, test, document and implement new or upgrades to security processes, controls or products as directed.
We are seeking candidate with following exposure:
You have breadth and depth of security knowledge and can identify and advise on risks across multiple areas of an organization. You will be working to help other teams create solutions while developing strong security culture and practices. You have industry-leading technical abilities and are strong in multiple domains. You are involved in hands-on security assessments, provide frequent code-reviews in embedded and cloud applications, develop and provide guidance, and advocate security engineering best practices. You proactively and continually improve your level of knowledge about the business, information security, the threat landscape and relevant technologies.
•Perform security reviews to identify security issues and risks, and develop mitigation plans
•Advise and consult with internal and external customers on risk assessment, threat modelling, code review, and vulnerability remediation
•Provide expert advice to internal teams on developing secure architectures, Develop, drive and evaluate security policies and procedures
•Evaluate and recommend new and emerging security products and technologies
•Develop and deliver training materials and perform general security awareness and specific security technology training
•Participate in security compliance efforts
•Participate in security escalations support
•Participate in code reviews as voice of security
•BA/BS degree in Computer Science, Information Systems or a related technical experience. A Master’s Degree is highly desired
•At least 7 years of software engineering experience in a development or security role working with development team(s) that delivered commercial software or software-based services
•Significant experience and detailed technical knowledge in multiple areas of: security engineering, system and network security, authentication and security protocols, cryptography, and application security
•Experience with service-oriented architecture and web services security
•Experience with the application of threat modelling or other risk identification techniques
•Experience with source code and vulnerability scanning tools as well as manual analysis techniques to evaluate embedded code and Web Services for effective use of security controls while identifying security gaps
•Experience in risk identification, secure software design, secure architectures, penetration testing and vulnerability detection including remediation
•Excellent written and verbal communication skills
•Excellent leadership skills and teamwork skills
•Ability to give directions and follow-up on results
Specialized Knowledge & Skills
•Technical proficiency and knowledge in reviewing application source code with a focus on accepted industry guidelines (OWASP Top 10, SANS Top 20, CIS Benchmarks).
•Familiarity with information security policies, standards, industry best practices and frameworks (NIST 800-53, FISMA ISO 27001).
•Strong scripting skills in one or more of the common languages (e.g., Perl, Python, shell scripting)
•Knowledge of network and web related protocols (e.g., PKI, PKCS, TLS, UDP, TCP/IP, UDP, IPSEC and HTTP)
•Relevant tool experience with static code analysis tools such as Fortify, Codesonar ; web vulnerability scanners such as HP WebInspect or IBM AppScan; open source vulnerability scanners such as Blackduck or Sonatype; assessment support tools.