• Bachelor'ss degree in Computer Science, Engineering, Sciences, Mathematics (or related disciplines).
• 8+ years of security architecture experience.
• Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment.
• Strong understanding of information system security vulnerability assessment/testing on a wide variety of technologies and implementations utilizing both automated tools and manual techniques such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.
• Significant hands on experience with manual web application assessment and penetration testing methods related to web application mapping, reviewing client-side controls, testing user-input fields, and attacking session management, authentication, access controls, encryption, and backend databases/data stores
• Knowledge of securing cloud based systems (AWS, Azure, private clouds etc)
• In-depth knowledge of mapping business requirements to technology and ability to identify security gaps at the architecture level.
• Proven ability to clearly document and communicate security findings, risk description, risk level, and recommended solutions to stakeholders.
• Industry information security certifications: OSCP/OSCE/OSWE, GPEN, GWAPT, CEH, CISSP.
• Experience in performing static code analysis tools such as HP Fortify, Veracode, or IBM AppScan Source
• Good understanding of the components of a secure SDLC
• Understanding of networking, operating systems such as Linux and Windows..
• Demonstrated knowledge of security industry standards and best practices such as OWASP and NIST.
• Excellent interpersonal, analytical and problem-solving skills.
• Proven ability to manage multiple tasks/projects.
• GCIH, GCTI, CISSP, CEH, or other relevant certification preferred
• Experience with and knowledge of packet flow, TCP/UDP traffic, firewall technologies, IDS technologies (e.g., Snort rules), proxy technologies, and antivirus, spam and spyware solutions
• Experience conducting analysis of electronic media, packet capture, log data and network devices in support of intrusion analysis or enterprise level information security operations
• Experience with Nessus, Metasploit, Burp Suite Pro, Kali Linux tools, programming / scripting exposure (Python, Perl, C, Bash, PHP, Node)