You will be a member of the Enterprise architecture team responsible for ensuring that applications developed or procured has security built into the application. The end result of your effort will be applications that are secure-by-design and have preventive and detective security controls that are built from the ground up. Despite best efforts at security engineering, when breaches or security incidents are reported, you will be called upon to provide guidance and expertise to isolate, stop, mitigate and refine policies to prevent future attacks. In order to be part of this challenging team, the potential consultant shall have the following skills
Develop, improve application security policies and guidelines in complex multi-protocol environments.
Help to guide application architects on how best to secure container and cloud-native applications from development to production.
Provide best practices on key management, certificate management, multi-factor authentication and identification of all activities that were performed by a person.
Provide guidance on how to implement a consistent role based access control regardless of whether the user uses an on-prem, SaaS or a managed services application.
Knowledge of implementing role based access controls when the same user does various parts of a business transaction from On-Prem system to user moves from on-prem to SaaS to managed-services infrastructures and vice-versa.
Knowledge of various authentication and authorization mechanisms available out of the box as well as using custom solutions implemented in conjunction with Microsoft AD.
Plan and carry out security measures in accordance with the organizations information security strategy in order to monitor and protect sensitive data and container based solutions from infiltration and cyber-attacks.
Implement security standards and best practices, and recommend security enhancements for cloud computing
Perform critical code review on application team security sensitive source code for authentication, access control and cryptography functionality.
Degree with minimum 15 years of working experience in IT with at least 10 years of relevant information security working experience, especially in the enterprise application security space.
Professional security certifications (CISSP, CSSLP, GPEN, CREST etc) preferred.
Nice to Have
Knowledge of Intrusion prevention systems such as Palo Alto, FireEye, etc.
Information Tokenization providers Protegrity, Gemalto, etc.
Use of container Security solutions Tiwstlock, Qualys, Aqua to ensure rapid prototyping and continuous deployment pipelines that is secure from ideation to implementation.
Knowledge of how AI based bots and threat vectors in the areas of ransom ware, malware and targeted cyber phishing.
Identify and assess cyber risks in the application, advice and review application security design to detect potential security issues and for each issue, propose and drive remediation tasks.
Understanding of how to implement data loss prevention policies using technologies such as Symantec CASB or Microsoft Office 365, etc.
Experience in security technologies, practices, application/network/systems architecture and design, tests tools and processes.
Prior experience in deployment of security patterns on one or more private cloud platforms (Open Shift/IBM/Cloud Foundry) and public clouds (AWS/Azure/Google).
Strong in-depth working knowledge in secure application development techniques (design and coding).
Strong understanding of Agile, DevSecOps and securing cloud technologies.
Knowledge of cyber security threats, vulnerabilities, hacking and exploit methods etc.
Expertise of remote mobility solutions including Z Scaler, Citrix, Fortinet
Knowledge of privileged Account security solutions such as CyberArk, LogRythm, Venafi, etc.
Knowledge of Threat intelligence platforms for integrated security operations centers using Net Witness, Anomali, etc.
EA License No: 18S9405 Reg No: R1330864
Skills & Competencies
CISSP, CSSLP, GPEN, CREST
Number of Vacancies:2
Minimum Years of Experience:15