Location: Chicago, IL
Duration: 6 months
Analyze user needs and requirements to plan system architecture supporting cybersecurity operations. Collaborate with system developers and users to select appropriate design solutions or ensure the compatibility of system components. Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. Design system architecture or system components required to meet user needs. Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition lifecycle. Employ secure configuration management processes. Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines. Evaluate current or emerging technologies to consider factors such as cost, security, compatibility, or usability. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Plan system implementation to ensure that all systems components can be integrated and aligned (e.g., procedures, databases, policies, software, and hardware). Provide input to the Risk Management Framework process activities and related documentation. Translate proposed technical solutions into technical specifications. Propose new technologies or procedures that could be used to advance the ability to detect and mitigate malicious activity. BS in Computer Science or Computer Engineering and 7+ years’ experience in the network security or information security fields.
Responsibilities include but are not limited to:
• Participate in development and implementation of security architecture principles and standards. Drive adoption and compliance of these standards across development and infrastructure teams both inside of and under contract with.
• Serve as a core team member of the security architecture function developing functional and technical security requirements and seeing them through the project lifecycle.
• Provide security consulting including design, reviews and recommendations for various IT projects and initiatives.
• Provide hands-on engineering support for technologies owned and operated by the security organization.
• Design build and deploy security solutions supporting enablement of cloud application deployments.
• Research and monitor emerging security technologies, understand current industry and technology trends and opportunities, and assess their impact to the business.
• Conduct research to identify new attack vectors facing computing environment.
• Work with and influence business contacts in regards to technology controls, risk mitigation techniques related to application layer security.
• Provide engineering support in maturing and automating existing security processes.
• Develop and maintain applicable security architecture program metrics for continual measurement and improvement.
• Collaborate with Enterprise Architecture to define and promote architecture processes, standards and patterns.
• Demonstrate a commitment to core values of safety, integrity, process improvement, and customer satisfaction.
• Ability to develop and maintain basic code in order to automate security processes.
Required Basic Qualifications:
• Bachelor degree in Computer Science, Information Technology or equivalent experience required
• 7+ years of experience in various security domains including security engineering.
• Technology Experience Preferred: Java and the J2EE Environment, strong UNIX administration skills, scripting and automation experience, strong understanding of cryptographic algorithms and principles, strong understanding of networking fundamentals, addressing, TCP/IP, protocol and network analysis.
• Subject matter expertise in web application security.
• Expert in application security and development processes.
• Possess an understanding of systens programming, graphical user interfaces and control languages.
• Technical domain knowledge in three or more areas of concentrated technical expertise.
Preferred Basic Qualifications:
• MBA or MS degree
• Ability to present to top management, corporate committees, and workgroups and to communicate information security and risk management concepts
• Demonstrated ability making operational decisions, monitoring progress and reporting results
• Certified Information Systems Security Professional (CISSP)