Request Technology - Craig Johnson
Oakland, California, United States
*This role can be remote, located anywhere in the continental US* *We are unable to sponsor for this permanent Full time role* Prestigious Enterprise Company is currently seeking a Lead Cyber Security Operations Engineer with Cloud Security experience. Candidate will be responsible for the planning, deployment and operations of enterprise information security solutions (such as cloud security, authentication and authorization, public key infrastructure, data loss prevention, network and endpoint security) to address the current and emerging security needs of the business. This role requires in depth knowledge of infrastructure and cloud technologies. The person will develop cutting edge cyber security automation capabilities for our upcoming cloud deployments. This person will also progress our analytics instrumentation and implementation. Candidate should have a breadth of technical experience in one or more of the following areas: Cloud Security, Cloud Automation, Data Analytics, Platform as a Service, and Software as a Service. Responsibilities: Design, build, and operate cyber security controls for the enterprise. Act as the subject matter expert for one of more of the following areas - cloud security, cloud automation (AWS and Azure) and data analytics (Splunk) Apply ITIL or other technology management best practices to an enterprise cyber security platform. Engages with security specialists, enterprise architects and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serve as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Serve as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices. Communicate and interact effectively and professionally with co-workers, management, internal and external customers and partners. Communicate cybersecurity risks and solutions to various technical and non-technical audiences and levels of management. Maintain communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. Develop strong working relationships with and offer continuous assistance and thought leadership to other leaders in the information technology organization. Establish and maintain relationships with suppliers and business partners in the information security industry. As needed, draft and negotiate professional services contracts, statements of work, and technology acquisition & support agreements. Continuously track and report the status of all development efforts through boardroom-quality visual communication deliverables. Educate, coach, and mentor all members of the team on technical, interpersonal, team dynamics, company policy & procedure, enterprise business model and other topics. Maintain complete confidentiality of company business. Comply with HIPAA, Diversity Principles, Corporate Integrity, Compliance Program policies and other applicable corporate and departmental policies. Qualifications: A strong, complete, and working understanding of architecture-level information security and appropriate use enforcement technology solutions. Specifically looking for cloud security experts, cloud deployments and automation, and data analytics solutions. A strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors). Strong understanding of systems development life cycle to lead multifunctional projects or initiatives. Knowledge of laws, regulations, and standards relevant to the US Healthcare industry. Excellent written and verbal communication skills (including technical writing, documentation development, process mapping, and visualization). Must be able to effectively communicate technical concepts to a non-technical audience. Externally recognized information security industry thought leadership and innovation accomplishments desired but not required. Bachelor's or Master's Degree in Computer Science, Information Systems, or other related field (or equivalent work experience). A widely-recognized cyber security technical certification such as GIAC or CISSP is a plus. Certifications in IT areas is strongly recommended. Minimum 8 years of combined hands-on IT and security architecture development and implementation work experience with a broad exposure to infrastructure/network and multi-platform environments. Requires expert knowledge of security principles, issues, techniques and implications across all existing computer platforms. Minimum 2 years of experience in information security solution engineering or security service delivery. Minimum 2 years of leadership experience with planning and managing security implementations and/or leading a team of technical resources. This role will require the management of several (2 to 4) concurrent large-scale enterprise wide information technology capability development projects. Minimum of two years of systems or application monitoring and logging experience. Experience with SPLUNK is highly recommended.
03/04/2020
Full time
*This role can be remote, located anywhere in the continental US* *We are unable to sponsor for this permanent Full time role* Prestigious Enterprise Company is currently seeking a Lead Cyber Security Operations Engineer with Cloud Security experience. Candidate will be responsible for the planning, deployment and operations of enterprise information security solutions (such as cloud security, authentication and authorization, public key infrastructure, data loss prevention, network and endpoint security) to address the current and emerging security needs of the business. This role requires in depth knowledge of infrastructure and cloud technologies. The person will develop cutting edge cyber security automation capabilities for our upcoming cloud deployments. This person will also progress our analytics instrumentation and implementation. Candidate should have a breadth of technical experience in one or more of the following areas: Cloud Security, Cloud Automation, Data Analytics, Platform as a Service, and Software as a Service. Responsibilities: Design, build, and operate cyber security controls for the enterprise. Act as the subject matter expert for one of more of the following areas - cloud security, cloud automation (AWS and Azure) and data analytics (Splunk) Apply ITIL or other technology management best practices to an enterprise cyber security platform. Engages with security specialists, enterprise architects and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serve as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Serve as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices. Communicate and interact effectively and professionally with co-workers, management, internal and external customers and partners. Communicate cybersecurity risks and solutions to various technical and non-technical audiences and levels of management. Maintain communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. Develop strong working relationships with and offer continuous assistance and thought leadership to other leaders in the information technology organization. Establish and maintain relationships with suppliers and business partners in the information security industry. As needed, draft and negotiate professional services contracts, statements of work, and technology acquisition & support agreements. Continuously track and report the status of all development efforts through boardroom-quality visual communication deliverables. Educate, coach, and mentor all members of the team on technical, interpersonal, team dynamics, company policy & procedure, enterprise business model and other topics. Maintain complete confidentiality of company business. Comply with HIPAA, Diversity Principles, Corporate Integrity, Compliance Program policies and other applicable corporate and departmental policies. Qualifications: A strong, complete, and working understanding of architecture-level information security and appropriate use enforcement technology solutions. Specifically looking for cloud security experts, cloud deployments and automation, and data analytics solutions. A strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors). Strong understanding of systems development life cycle to lead multifunctional projects or initiatives. Knowledge of laws, regulations, and standards relevant to the US Healthcare industry. Excellent written and verbal communication skills (including technical writing, documentation development, process mapping, and visualization). Must be able to effectively communicate technical concepts to a non-technical audience. Externally recognized information security industry thought leadership and innovation accomplishments desired but not required. Bachelor's or Master's Degree in Computer Science, Information Systems, or other related field (or equivalent work experience). A widely-recognized cyber security technical certification such as GIAC or CISSP is a plus. Certifications in IT areas is strongly recommended. Minimum 8 years of combined hands-on IT and security architecture development and implementation work experience with a broad exposure to infrastructure/network and multi-platform environments. Requires expert knowledge of security principles, issues, techniques and implications across all existing computer platforms. Minimum 2 years of experience in information security solution engineering or security service delivery. Minimum 2 years of leadership experience with planning and managing security implementations and/or leading a team of technical resources. This role will require the management of several (2 to 4) concurrent large-scale enterprise wide information technology capability development projects. Minimum of two years of systems or application monitoring and logging experience. Experience with SPLUNK is highly recommended.
Request Technology - Craig Johnson
Oakland, California, United States
Prestigious Enterprise Company is currently seeking a Lead Cyber Security Engineer. Candidate will be responsible for the planning, development and implementation of enterprise information security solutions (such as authentication and authorization, public key infrastructure, data loss prevention, and security event information management) to address the current and emerging security needs of the business. Candidate will research, design, and develop new technologies, architectures, and security products that will support security requirements for the enterprise. Candidate will contribute to the development and execution of strategic information security architecture to enable effective business operations, manage enterprise risk, and address business or regulatory issues. Will also contribute to the development and maintenance of information security strategy and architecture by analysing business impact and exposure and working with other IT Architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. Responsibilities: Design, build, and lead a team that ensures the security of enterprise data and systems by developing enterprise information security solutions. Create and update a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Serves as a security expert in application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security strategy and architecture. Engages with security specialists, enterprise architects and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serve as a cyber security subject matter expert, assessing the business impact of cyber security risks to the enterprise and identifying options and recommendations for mitigating those risks. Work with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives. Serve as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices. Communicate cyber security risks and solutions to various technical and non-technical audiences and levels of management. Maintain communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. Develop strong working relationships with and offer continuous assistance and thought leadership to other leaders in the information technology organization. Establish and maintain relationships with suppliers and business partners in the information security industry. As needed, draft and negotiate professional services contracts, statements of work, and technology acquisition & support agreements. Continuously track and report the status of all development efforts through boardroom-quality visual communication deliverables. Comply with HIPAA, Diversity Principles, Corporate Integrity, Compliance Program policies and other applicable corporate and departmental policies. Qualifications: Strong understanding of architecture-level information security and appropriate use enforcement technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, and active adversary deception. Strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors). Strong understanding of systems development life cycle to lead multi-functional projects or initiatives. Knowledge of laws, regulations, and standards relevant to the US Healthcare industry. Bachelor's or Master's Degree in Computer Science, Information Systems, or other related field (or equivalent work experience). A widely-recognized technical certification such as GIAC or CISSP is strongly preferred. 8 years of combined hands-on IT and security architecture development and implementation work experience with a broad exposure to infrastructure/network and multi-platform environments. Requires expert knowledge of security principles, issues, techniques and implications across all existing computer platforms. 2 years of experience in information security solution engineering or security service delivery. 2 years of leadership experience with planning and managing security implementations and/or leading a team of technical resources.
02/04/2020
Full time
Prestigious Enterprise Company is currently seeking a Lead Cyber Security Engineer. Candidate will be responsible for the planning, development and implementation of enterprise information security solutions (such as authentication and authorization, public key infrastructure, data loss prevention, and security event information management) to address the current and emerging security needs of the business. Candidate will research, design, and develop new technologies, architectures, and security products that will support security requirements for the enterprise. Candidate will contribute to the development and execution of strategic information security architecture to enable effective business operations, manage enterprise risk, and address business or regulatory issues. Will also contribute to the development and maintenance of information security strategy and architecture by analysing business impact and exposure and working with other IT Architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. Responsibilities: Design, build, and lead a team that ensures the security of enterprise data and systems by developing enterprise information security solutions. Create and update a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Serves as a security expert in application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security strategy and architecture. Engages with security specialists, enterprise architects and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements. Serve as a cyber security subject matter expert, assessing the business impact of cyber security risks to the enterprise and identifying options and recommendations for mitigating those risks. Work with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives. Serve as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices. Communicate cyber security risks and solutions to various technical and non-technical audiences and levels of management. Maintain communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. Develop strong working relationships with and offer continuous assistance and thought leadership to other leaders in the information technology organization. Establish and maintain relationships with suppliers and business partners in the information security industry. As needed, draft and negotiate professional services contracts, statements of work, and technology acquisition & support agreements. Continuously track and report the status of all development efforts through boardroom-quality visual communication deliverables. Comply with HIPAA, Diversity Principles, Corporate Integrity, Compliance Program policies and other applicable corporate and departmental policies. Qualifications: Strong understanding of architecture-level information security and appropriate use enforcement technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, and active adversary deception. Strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors). Strong understanding of systems development life cycle to lead multi-functional projects or initiatives. Knowledge of laws, regulations, and standards relevant to the US Healthcare industry. Bachelor's or Master's Degree in Computer Science, Information Systems, or other related field (or equivalent work experience). A widely-recognized technical certification such as GIAC or CISSP is strongly preferred. 8 years of combined hands-on IT and security architecture development and implementation work experience with a broad exposure to infrastructure/network and multi-platform environments. Requires expert knowledge of security principles, issues, techniques and implications across all existing computer platforms. 2 years of experience in information security solution engineering or security service delivery. 2 years of leadership experience with planning and managing security implementations and/or leading a team of technical resources.
Request Technology - Kyle Honn
Oakland, California, United States
IT GRC Engineer Responsibilities Be responsible for conducting relevant in-depth research, performing assessments, and creating reports for supervisor review. Perform and own individual project tasks within a Cyber Risk Management Program. Measure and report on DDC's Cyber Risk Management to the Cyber Risk Assurance Manager. Assist with the maintenance of the Cyber Risk Assurance Program. Perform testing of Cyber Security processes and controls operating effectiveness and for regulatory compliance to applicable regulations. Assist with the creation and maintenance of core service documentation. Communicate regularly and clearly to a wide variety of technical and non-technical audiences. Qualifications Bachelor's degree in a technical field or an IT related field. 4+ years of experience in Cyber Risk Management, IT Risk Management, Information Security or related Audit function. Solid knowledge of industry standards/regulations (NIST, PCI-DSS, HIPAA, GDPR, NAIC, etc.) preferred. Proven experience of execution of projects in cyber security, risk management, compliance, IT audit or IT risk management. Certifications such as CRIS, CISSP, CISA, etc. are required for this position. Demonstrates knowledge of Cyber Security, Data Protection, IT Risk or IT Audit/Compliance. Experience of conducting independent risk assessments, business process or IT control auditing. Experience of testing cyber, IT or Information Security controls. Excellent communication and organization skills. Aptitude and capability for conducting quantitative and qualitative analyses of large, complex IT systems and Business Processes. Thorough proficiency of MS Office Word, Excel & PowerPoint and generally highly IT proficient. If this is an opportunity that you're interested in please email your resume to: (see below)
01/04/2020
Full time
IT GRC Engineer Responsibilities Be responsible for conducting relevant in-depth research, performing assessments, and creating reports for supervisor review. Perform and own individual project tasks within a Cyber Risk Management Program. Measure and report on DDC's Cyber Risk Management to the Cyber Risk Assurance Manager. Assist with the maintenance of the Cyber Risk Assurance Program. Perform testing of Cyber Security processes and controls operating effectiveness and for regulatory compliance to applicable regulations. Assist with the creation and maintenance of core service documentation. Communicate regularly and clearly to a wide variety of technical and non-technical audiences. Qualifications Bachelor's degree in a technical field or an IT related field. 4+ years of experience in Cyber Risk Management, IT Risk Management, Information Security or related Audit function. Solid knowledge of industry standards/regulations (NIST, PCI-DSS, HIPAA, GDPR, NAIC, etc.) preferred. Proven experience of execution of projects in cyber security, risk management, compliance, IT audit or IT risk management. Certifications such as CRIS, CISSP, CISA, etc. are required for this position. Demonstrates knowledge of Cyber Security, Data Protection, IT Risk or IT Audit/Compliance. Experience of conducting independent risk assessments, business process or IT control auditing. Experience of testing cyber, IT or Information Security controls. Excellent communication and organization skills. Aptitude and capability for conducting quantitative and qualitative analyses of large, complex IT systems and Business Processes. Thorough proficiency of MS Office Word, Excel & PowerPoint and generally highly IT proficient. If this is an opportunity that you're interested in please email your resume to: (see below)
Request Technology
Oakland, California, United States
*THIS ROLE CAN BE WORKED REMOTE* A prestigious company is on the search for a Security Engineer. This role is revolved around GRC and the ability to help perform risk assessments and will be responsible for assisting senior analyst and manager with maintaining the client's cyber control framework as well as the client's multiyear cyber assurance program. They will work with cyber security processes and controls, operating effectiveness, regulatory compliance to applicable regulations, and cyber risk management. The want someone who has security certifications like CISSP, CISA, or CRIS. Responsibilities: Be responsible for conducting relevant in-depth research, performing assessments, and creating reports for supervisor review. Assist with the maintenance of the Cyber Risk Assurance Program. Perform testing of Cyber Security processes and controls operating effectiveness and for regulatory compliance to applicable regulations. Assist with the creation and maintenance of core service documentation. Perform and own individual project tasks within a Cyber Risk Management Program. Measure and report on DDC's Cyber Risk Management to the Cyber Risk Assurance Manager. Communicate regularly and clearly to a wide variety of technical and non-technical audiences. Qualifications: Minimum 4-5 years of experience in Cyber Risk Management, IT Risk Management, Information Security or related Audit function. Bachelor's degree in Computer Science, Information Systems, Business Administration, Mathematics, Science, Technology, Engineering or other professional field of study. Must have or currently in the process of obtaining an industry recognized Information Security certification such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRIS), Certified Information Systems Auditor (CISA) certifications, or other related certifications. Demonstrates knowledge of Cyber Security, Data Protection, IT Risk or IT Audit/Compliance. Knowledge of industry standards/regulations (NIST, PCI-DSS, HIPAA, GDPR, NAIC, etc.) preferred. Experience of conducting independent risk assessments, business process or IT control auditing. Experience of testing cyber, IT or Information Security controls. Proven experience of execution of projects in cyber security, risk management, compliance, IT audit or IT risk management.
01/04/2020
Full time
*THIS ROLE CAN BE WORKED REMOTE* A prestigious company is on the search for a Security Engineer. This role is revolved around GRC and the ability to help perform risk assessments and will be responsible for assisting senior analyst and manager with maintaining the client's cyber control framework as well as the client's multiyear cyber assurance program. They will work with cyber security processes and controls, operating effectiveness, regulatory compliance to applicable regulations, and cyber risk management. The want someone who has security certifications like CISSP, CISA, or CRIS. Responsibilities: Be responsible for conducting relevant in-depth research, performing assessments, and creating reports for supervisor review. Assist with the maintenance of the Cyber Risk Assurance Program. Perform testing of Cyber Security processes and controls operating effectiveness and for regulatory compliance to applicable regulations. Assist with the creation and maintenance of core service documentation. Perform and own individual project tasks within a Cyber Risk Management Program. Measure and report on DDC's Cyber Risk Management to the Cyber Risk Assurance Manager. Communicate regularly and clearly to a wide variety of technical and non-technical audiences. Qualifications: Minimum 4-5 years of experience in Cyber Risk Management, IT Risk Management, Information Security or related Audit function. Bachelor's degree in Computer Science, Information Systems, Business Administration, Mathematics, Science, Technology, Engineering or other professional field of study. Must have or currently in the process of obtaining an industry recognized Information Security certification such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRIS), Certified Information Systems Auditor (CISA) certifications, or other related certifications. Demonstrates knowledge of Cyber Security, Data Protection, IT Risk or IT Audit/Compliance. Knowledge of industry standards/regulations (NIST, PCI-DSS, HIPAA, GDPR, NAIC, etc.) preferred. Experience of conducting independent risk assessments, business process or IT control auditing. Experience of testing cyber, IT or Information Security controls. Proven experience of execution of projects in cyber security, risk management, compliance, IT audit or IT risk management.
Request Technology
Oakland, California, United States
A prestigious company is on the search for a Lead Cybersecurity Solutions Engineer. This role will focus on Application Security and they want someone who came up as a Java Developer then got into applications security. They are looking for some who is proficient with C, C++, Python, PowerShell Scripting languages. How you will make an impact: Possession of a holistic view of threat, vulnerability, and risk as well as their relationship Deep understanding of internals and constructs of at least two main modern operation systems Acumen with application and business logic Embedded in business systems Knowledge of open security testing standards and projects, including OWASP Proficiency in one or more of the following: C, C++, Java, Python, PowerShell Experience employing phishing and other social engineering tactics Experience using multiple command and control channels, including DNS and HTTPS Proven ability to effectively communicate findings and mitigation strategies to stakeholders and develop comprehensive and accurate reports and presentations for both technical and executive audiences Qualifications Bachelor Degree with 8 years IT security experience OR 10 years' experience 7 years' experience in a related technical security role Relevant security certifications (OSCP, OSCE, GPEN,GXPN, CEH) Possession of a holistic view of threat, vulnerability, and risk as well as their relationship Deep understanding of internals and constructs of at least two main modern operation systems Acumen with application and business logic Embedded in business systems Knowledge of open security testing standards and projects, including OWASP Proficiency in one or more of the following: C, C++,Java, Python, PowerShell Experience employing phishing and other social engineering tactics Experience using multiple command and control channels, including DNS and HTTPS
31/03/2020
Full time
A prestigious company is on the search for a Lead Cybersecurity Solutions Engineer. This role will focus on Application Security and they want someone who came up as a Java Developer then got into applications security. They are looking for some who is proficient with C, C++, Python, PowerShell Scripting languages. How you will make an impact: Possession of a holistic view of threat, vulnerability, and risk as well as their relationship Deep understanding of internals and constructs of at least two main modern operation systems Acumen with application and business logic Embedded in business systems Knowledge of open security testing standards and projects, including OWASP Proficiency in one or more of the following: C, C++, Java, Python, PowerShell Experience employing phishing and other social engineering tactics Experience using multiple command and control channels, including DNS and HTTPS Proven ability to effectively communicate findings and mitigation strategies to stakeholders and develop comprehensive and accurate reports and presentations for both technical and executive audiences Qualifications Bachelor Degree with 8 years IT security experience OR 10 years' experience 7 years' experience in a related technical security role Relevant security certifications (OSCP, OSCE, GPEN,GXPN, CEH) Possession of a holistic view of threat, vulnerability, and risk as well as their relationship Deep understanding of internals and constructs of at least two main modern operation systems Acumen with application and business logic Embedded in business systems Knowledge of open security testing standards and projects, including OWASP Proficiency in one or more of the following: C, C++,Java, Python, PowerShell Experience employing phishing and other social engineering tactics Experience using multiple command and control channels, including DNS and HTTPS
Request Technology
Oakland, California, United States
This role can be worked remote. A prestigious company is on the search for a Lead Cybersecurity Architect. This role is based around designing, implementing, and continuously updating the technical security control requirements model supporting enterprise information security policies and standards, strategy, and architecture. This role is based around Cloud architecture, infrastructure security applications design, web applications, and container security. For this role they are looking for someone with Python and Java skills. This person needs two years of planning and managing security engagements or leading a team. RESPONSIBILITIES Designs, builds, and provides guidance to a team that ensures the security of enterprise data and systems by specifying requirements for technical security controls for all enterprise information technology development initiatives. Develops a capability to design, implement, and continuously update a technical security control requirements model supporting enterprise information security policies and standards, enterprise technology strategy, enterprise technology architecture and patterns, information security industry best practices, emerging information security technologies, and relevant laws and regulations (eg HIPAA, Sarbanes-Oxley, GLB, and others.) Develops a capability to evaluate the architecture and design of existing and proposed information technology systems against the enterprise technical security control requirements model. Enables the organization to identify any gaps between specific technical security requirements and the architecture of a given system and provide detailed technical recommendations on appropriate design or architecture improvements. Develops a capability to assist the organizations responsible for the architecture, design, implementation, and deployment of technical security controls by providing virtual team resources and knowledge sharing to enterprise information technology development initiatives. Develops a capability to verify that the requirements for technical security controls were addressed correctly and that all recommendations were implemented effectively (this includes collecting necessary information, verifying the accuracy of the information, testing the solution, and building an assurance argument). Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Identifies security control requirements for technology initiatives and deliver effective and practical solutions to meet those requirements in alignment with the overall objectives of the project and the business. Works with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives. Serves as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices. Exercises thought leadership in the creation and maintenance of security architectures/design patterns. Develops technical designs for a project to meet information security requirements based on approved security architectures/design patterns. Provides resource planning and engagement management. Provides service development and improvement. Communicates cybersecurity risks and solutions to various technical and non-technical audiences and levels of management. Develops strong working relationships with and offers continuous assistance and thought leadership to other leaders in the information technology organization. Continuously tracks and reports the status of all capability development and service delivery efforts through boardroom-quality visual communication deliverables. KNOWLEDGE & SKILL REQUIREMENTS A strong working understanding of enterprise technologies, operations, and architectural principles and models. Knowledge of virtualized data center architectures and operations, SOA-type deployments, web services and multi-tier web applications, and technologies supporting Intranet, Extranet, and remote access services. Ability to evaluate disparate IT system architectures and designs in Real Time and recommend appropriate security control and countermeasure solutions. A strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors). Knowledge of laws, regulations, and standards relevant to the US Healthcare industry. Knowledge of HIPAA, Diversity Principles, Corporate Integrity, Compliance Program policies and other applicable corporate and departmental policies. EDUCATION, EXPERIENCE & TRAINING REQUIRED A Bachelors or Masters Degree in Computer Science, Information Systems, or other related field (or equivalent work experience). A widely-recognized technical certification such as GIAC or CISSP is strongly preferred. A minimum 8 years of hands-on experience in the information security field with expert knowledge of platform, application, storage, data, network, virtualization, cloud and mobile security. A minimum 2 years of experience in information security solution engineering or security service delivery. A minimum 2 years of leadership experience with planning and managing security engagements and/or leading a team of technical resources. This role will require the management of several (2 to 4) concurrent large-scale enterprise wide information technology capability development projects.
31/03/2020
Full time
This role can be worked remote. A prestigious company is on the search for a Lead Cybersecurity Architect. This role is based around designing, implementing, and continuously updating the technical security control requirements model supporting enterprise information security policies and standards, strategy, and architecture. This role is based around Cloud architecture, infrastructure security applications design, web applications, and container security. For this role they are looking for someone with Python and Java skills. This person needs two years of planning and managing security engagements or leading a team. RESPONSIBILITIES Designs, builds, and provides guidance to a team that ensures the security of enterprise data and systems by specifying requirements for technical security controls for all enterprise information technology development initiatives. Develops a capability to design, implement, and continuously update a technical security control requirements model supporting enterprise information security policies and standards, enterprise technology strategy, enterprise technology architecture and patterns, information security industry best practices, emerging information security technologies, and relevant laws and regulations (eg HIPAA, Sarbanes-Oxley, GLB, and others.) Develops a capability to evaluate the architecture and design of existing and proposed information technology systems against the enterprise technical security control requirements model. Enables the organization to identify any gaps between specific technical security requirements and the architecture of a given system and provide detailed technical recommendations on appropriate design or architecture improvements. Develops a capability to assist the organizations responsible for the architecture, design, implementation, and deployment of technical security controls by providing virtual team resources and knowledge sharing to enterprise information technology development initiatives. Develops a capability to verify that the requirements for technical security controls were addressed correctly and that all recommendations were implemented effectively (this includes collecting necessary information, verifying the accuracy of the information, testing the solution, and building an assurance argument). Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Identifies security control requirements for technology initiatives and deliver effective and practical solutions to meet those requirements in alignment with the overall objectives of the project and the business. Works with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives. Serves as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices. Exercises thought leadership in the creation and maintenance of security architectures/design patterns. Develops technical designs for a project to meet information security requirements based on approved security architectures/design patterns. Provides resource planning and engagement management. Provides service development and improvement. Communicates cybersecurity risks and solutions to various technical and non-technical audiences and levels of management. Develops strong working relationships with and offers continuous assistance and thought leadership to other leaders in the information technology organization. Continuously tracks and reports the status of all capability development and service delivery efforts through boardroom-quality visual communication deliverables. KNOWLEDGE & SKILL REQUIREMENTS A strong working understanding of enterprise technologies, operations, and architectural principles and models. Knowledge of virtualized data center architectures and operations, SOA-type deployments, web services and multi-tier web applications, and technologies supporting Intranet, Extranet, and remote access services. Ability to evaluate disparate IT system architectures and designs in Real Time and recommend appropriate security control and countermeasure solutions. A strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors). Knowledge of laws, regulations, and standards relevant to the US Healthcare industry. Knowledge of HIPAA, Diversity Principles, Corporate Integrity, Compliance Program policies and other applicable corporate and departmental policies. EDUCATION, EXPERIENCE & TRAINING REQUIRED A Bachelors or Masters Degree in Computer Science, Information Systems, or other related field (or equivalent work experience). A widely-recognized technical certification such as GIAC or CISSP is strongly preferred. A minimum 8 years of hands-on experience in the information security field with expert knowledge of platform, application, storage, data, network, virtualization, cloud and mobile security. A minimum 2 years of experience in information security solution engineering or security service delivery. A minimum 2 years of leadership experience with planning and managing security engagements and/or leading a team of technical resources. This role will require the management of several (2 to 4) concurrent large-scale enterprise wide information technology capability development projects.
Request Technology - Craig Johnson
Oakland, California, United States
*This role can be a possible remote role for the right candidate* Prestigious Enterprise Company is currently seeking a Cyber Security Architecture Lead with strong Cloud, Infrastructure, and Application Security experience. Candidate will be responsible for engaging IT projects to prescribe protection measures for new and redesigned IT solutions, identifying pre-production technical security control deficiencies, subscribing IT solutions to enterprise technical security platforms, developing and maintaining a technical controls framework, and designing technical hardening standards. Candidate will work with the project team to define the scope, work effort, and deliverables for the security engineering engagement and will oversee multiple engagements executing in parallel. In addition to being an individual contributor, the lead cyber security Architect has overall responsibility for delivering multiple technical design engagements on-time and on-budget, and is expected to effectively exercise leadership and guidance to enable the team's success. Responsibilities: Design, build, and lead a team that ensures the security of enterprise data and systems by specifying requirements for technical security controls for all enterprise information technology development initiatives. Develop a capability to design, implement, and continuously update a technical security control requirements model supporting enterprise information security policies and standards, enterprise technology strategy, enterprise technology architecture and patterns, information security industry best practices, emerging information security technologies, and relevant laws and regulations (eg HIPAA, Sarbanes-Oxley, GLB, and others.) Develop a capability to evaluate the architecture and design of existing and proposed information technology systems against the enterprise technical security control requirements model. Enable the organization to identify any gaps between specific technical security requirements and the architecture of a given system and provide detailed technical recommendations on appropriate design or architecture improvements. Develop a capability to assist the organizations responsible for the architecture, design, implementation, and deployment of technical security controls by providing virtual team resources and knowledge sharing to enterprise information technology development initiatives. Develop a capability to verify that the requirements for technical security controls were addressed correctly and that all recommendations were implemented effectively (this includes collecting necessary information, verifying the accuracy of the information, testing the solution, and building an assurance argument). Serve as a cyber security subject matter expert, assessing the business impact of cyber security risks to the enterprise and identifying options and recommendations for mitigating those risks. Identify security control requirements for technology initiatives and deliver effective and practical solutions to meet those requirements in alignment with the overall objectives of the project and the business. Work with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives. Serve as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices. Exercise thought leadership in the creation and maintenance of security architectures/design patterns. Develop technical designs for a project to meet information security requirements based on approved security architectures/design patterns. Resource planning and engagement management. Service development and improvement. Communicate and interact effectively and professionally with co-workers, management, internal and external customers and partners. Communicate cyber security risks and solutions to various technical and non-technical audiences and levels of management. Maintain communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. Develop strong working relationships with and offer continuous assistance and thought leadership to other leaders in the information technology organization. Continuously track and report the status of all capability development and service delivery efforts through boardroom-quality visual communication deliverables. Comply with HIPAA, Diversity Principles, Corporate Integrity, Compliance Program policies and other applicable corporate and departmental policies. Qualifications: Strong working understanding of enterprise technologies, operations, and architectural principles and models. Knowledge of virtualized data center architectures and operations, SOA-type deployments, web services and multi-tier web applications, and technologies supporting Intranet, Extranet, and remote access services. Must be able to evaluate disparate IT system architectures and designs in Real Time and recommend appropriate security control and countermeasure solutions. Strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors). Knowledge of laws, regulations, and standards relevant to the US Healthcare industry. Externally recognized information security industry thought leadership and innovation accomplishments desired but not required. Bachelor's or Master's Degree in Computer Science, Information Systems, or other related field (or equivalent work experience). Technical certification such as GIAC or CISSP is strongly preferred. 8 years of hands-on experience in the information security field with expert knowledge of platform, application, storage, data, network, virtualization, cloud and mobile security. 2 years of experience in information security solution engineering or security service delivery. 2 years of leadership experience with planning and managing security engagements and/or leading a team of technical resources.
31/03/2020
Full time
*This role can be a possible remote role for the right candidate* Prestigious Enterprise Company is currently seeking a Cyber Security Architecture Lead with strong Cloud, Infrastructure, and Application Security experience. Candidate will be responsible for engaging IT projects to prescribe protection measures for new and redesigned IT solutions, identifying pre-production technical security control deficiencies, subscribing IT solutions to enterprise technical security platforms, developing and maintaining a technical controls framework, and designing technical hardening standards. Candidate will work with the project team to define the scope, work effort, and deliverables for the security engineering engagement and will oversee multiple engagements executing in parallel. In addition to being an individual contributor, the lead cyber security Architect has overall responsibility for delivering multiple technical design engagements on-time and on-budget, and is expected to effectively exercise leadership and guidance to enable the team's success. Responsibilities: Design, build, and lead a team that ensures the security of enterprise data and systems by specifying requirements for technical security controls for all enterprise information technology development initiatives. Develop a capability to design, implement, and continuously update a technical security control requirements model supporting enterprise information security policies and standards, enterprise technology strategy, enterprise technology architecture and patterns, information security industry best practices, emerging information security technologies, and relevant laws and regulations (eg HIPAA, Sarbanes-Oxley, GLB, and others.) Develop a capability to evaluate the architecture and design of existing and proposed information technology systems against the enterprise technical security control requirements model. Enable the organization to identify any gaps between specific technical security requirements and the architecture of a given system and provide detailed technical recommendations on appropriate design or architecture improvements. Develop a capability to assist the organizations responsible for the architecture, design, implementation, and deployment of technical security controls by providing virtual team resources and knowledge sharing to enterprise information technology development initiatives. Develop a capability to verify that the requirements for technical security controls were addressed correctly and that all recommendations were implemented effectively (this includes collecting necessary information, verifying the accuracy of the information, testing the solution, and building an assurance argument). Serve as a cyber security subject matter expert, assessing the business impact of cyber security risks to the enterprise and identifying options and recommendations for mitigating those risks. Identify security control requirements for technology initiatives and deliver effective and practical solutions to meet those requirements in alignment with the overall objectives of the project and the business. Work with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives. Serve as an expert in platform, application, storage, network, virtualization, cloud and mobile security best practices. Exercise thought leadership in the creation and maintenance of security architectures/design patterns. Develop technical designs for a project to meet information security requirements based on approved security architectures/design patterns. Resource planning and engagement management. Service development and improvement. Communicate and interact effectively and professionally with co-workers, management, internal and external customers and partners. Communicate cyber security risks and solutions to various technical and non-technical audiences and levels of management. Maintain communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. Develop strong working relationships with and offer continuous assistance and thought leadership to other leaders in the information technology organization. Continuously track and report the status of all capability development and service delivery efforts through boardroom-quality visual communication deliverables. Comply with HIPAA, Diversity Principles, Corporate Integrity, Compliance Program policies and other applicable corporate and departmental policies. Qualifications: Strong working understanding of enterprise technologies, operations, and architectural principles and models. Knowledge of virtualized data center architectures and operations, SOA-type deployments, web services and multi-tier web applications, and technologies supporting Intranet, Extranet, and remote access services. Must be able to evaluate disparate IT system architectures and designs in Real Time and recommend appropriate security control and countermeasure solutions. Strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors). Knowledge of laws, regulations, and standards relevant to the US Healthcare industry. Externally recognized information security industry thought leadership and innovation accomplishments desired but not required. Bachelor's or Master's Degree in Computer Science, Information Systems, or other related field (or equivalent work experience). Technical certification such as GIAC or CISSP is strongly preferred. 8 years of hands-on experience in the information security field with expert knowledge of platform, application, storage, data, network, virtualization, cloud and mobile security. 2 years of experience in information security solution engineering or security service delivery. 2 years of leadership experience with planning and managing security engagements and/or leading a team of technical resources.
Request Technology - Craig Johnson
Oakland, California, United States
*Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Cyber Risk Security Engineer with strong GRC experience. Candidate will be responsible for conducting relevant in-depth research, performing assessments, and creating reports for supervisor review. Responsibilities: Assist with the maintenance of the Cyber Risk Assurance Program. Perform testing of Cyber Security processes and controls operating effectiveness and for regulatory compliance to applicable regulations. Assist with the creation and maintenance of core service documentation. Perform and own individual project tasks within a Cyber Risk Management Program. Measure and report on Cyber Risk Management to the Cyber Risk Assurance Manager. Communicate regularly and clearly to a wide variety of technical and non-technical audiences. Take feedback and apply lessons learned. Work within a teaming environment to resolve disputes. Set professional goals and meet performance requirements. Qualifications: 4+ years of experience in Cyber Risk Management, IT Risk Management, Information Security or related Audit function. Bachelor's degree in Computer Science, Information Systems, Business Administration, Mathematics, Science, Technology, Engineering or other professional field of study. Must have or currently in the process of obtaining an industry recognized Information Security certification such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRIS), Certified Information Systems Auditor (CISA) certifications, or other related certifications. Demonstrates knowledge of Cyber Security, Data Protection, IT Risk or IT Audit/Compliance. Knowledge of industry standards/regulations (NIST, PCI-DSS, HIPAA, GDPR, NAIC, etc.) preferred. Experience of conducting independent risk assessments, business process or IT control auditing. Experience of testing cyber, IT or Information Security controls. Proven experience of execution of projects in cyber security, risk management, compliance, IT audit or IT risk management. Excellent communication and organization skills. Aptitude and capability for conducting quantitative and qualitative analyses of large, complex IT systems and Business Processes. Thorough proficiency of MS Office Word, Excel & PowerPoint and generally highly IT proficient.
31/03/2020
Full time
*Position is bonus eligible* Prestigious Enterprise Company is currently seeking a Cyber Risk Security Engineer with strong GRC experience. Candidate will be responsible for conducting relevant in-depth research, performing assessments, and creating reports for supervisor review. Responsibilities: Assist with the maintenance of the Cyber Risk Assurance Program. Perform testing of Cyber Security processes and controls operating effectiveness and for regulatory compliance to applicable regulations. Assist with the creation and maintenance of core service documentation. Perform and own individual project tasks within a Cyber Risk Management Program. Measure and report on Cyber Risk Management to the Cyber Risk Assurance Manager. Communicate regularly and clearly to a wide variety of technical and non-technical audiences. Take feedback and apply lessons learned. Work within a teaming environment to resolve disputes. Set professional goals and meet performance requirements. Qualifications: 4+ years of experience in Cyber Risk Management, IT Risk Management, Information Security or related Audit function. Bachelor's degree in Computer Science, Information Systems, Business Administration, Mathematics, Science, Technology, Engineering or other professional field of study. Must have or currently in the process of obtaining an industry recognized Information Security certification such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRIS), Certified Information Systems Auditor (CISA) certifications, or other related certifications. Demonstrates knowledge of Cyber Security, Data Protection, IT Risk or IT Audit/Compliance. Knowledge of industry standards/regulations (NIST, PCI-DSS, HIPAA, GDPR, NAIC, etc.) preferred. Experience of conducting independent risk assessments, business process or IT control auditing. Experience of testing cyber, IT or Information Security controls. Proven experience of execution of projects in cyber security, risk management, compliance, IT audit or IT risk management. Excellent communication and organization skills. Aptitude and capability for conducting quantitative and qualitative analyses of large, complex IT systems and Business Processes. Thorough proficiency of MS Office Word, Excel & PowerPoint and generally highly IT proficient.
