App Security Architect.

Length of Contract: 24+ months.  Long-term assignment.

Location: Detroit, MI

Description:

The Application Security Architect will report to the Application Security Architect Lead and will be responsible for assuring that IT application software and infrastructure is designed, implemented, and operated in accordance with applicable security standards and practices.  Primary responsibilities include applications security, risk assessment, validation of security pen test results, problem resolution, system documentation, and system security management and support.

Position Responsibilities:

•             Serve as primary information security interface to the assigned projects to collaborate with business representatives, systems development and business users for establishing business requirements, information security functional requirements, security solution options and implementation plans

•             Good understanding of the architecture and the various web application tier and database tier components: underlying objects, schemas/products, database objects, file system structure, tables, views, packages, procedures, sequences, indexes, and constraints

•             Conduct information security threat analyses on new and changed application development initiatives towards design, review, and incident response planning.

•             Identify security requirements for applications, services and supporting infrastructure and effectively communicate requirements to application development teams and business owners

•             Review application source code for vulnerabilities, using both manual and automated code scanning techniques aka Whitebox Testing.

•             Identify and explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options.

•             Determine and clearly communicate quantitatively where possible  the information security risks to the application development teams.

•             Identify threats and risks to the confidentiality, integrity and availability of all data residing on information systems platforms.

•             Recommend appropriate security solutions and review remediation activities for completeness.

•             Assure compliance to security policies, standards, and procedures, including HIPPA, SOX, and CMS compliance.

•             Monitor and recommend changes in standards that affect application security, especially in the area of privacy and identity theft.

•             Initiate and promote activities to foster information security awareness and education among application development.

•             Work with Information security peers and manager to assure standards compliance on various platforms (e.g., OSs, databases, networks, etc.) upon which application development group relies for the operation of its applications.

•             Knowledge of operating systems (Windows, Unix) and common COTS products used to deliver web services, including IIS, Apache, Tomcat, Oracle Application Server, WebSphere, etc.

Top 3 Skills/Experience:

1.            Skilled to identify and explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options.

2.            Ability to be the primary information security interface to the assigned projects, and collaborate with business representatives, systems development and business users for establishing business requirements, information security functional requirements, security solution options and implementation plans

3.            Skilled to determine and clearly communicate quantitatively where possible  the information security risks to the application development teams.

Required Skills/Experience:

o             Advanced written and verbal communications skills

o             Experience with a variety of information security processes and technologies such as:

•             Common operating systems, network protocols, web services and databases

•             Risk assessment and management

•             Identity management and authentication

•             Directory services

•             Application security and systems development life cycle

•             Data and systems integrity controls

•             Encryption technology

•             Business requirements development and technical architecture development

•             Change control and release management

•             Network and application security assessment and ethical hacking

•             System planning and integration

o             Ability to adjust to changing priorities while multitasking effectively

o             Ability to design, evaluate and document processes and lead teams in accomplishing process review and improvement

o             Ability to interact with technical managers and development teams to articulate requirements and processes while collaborating on design options, implementation, testing and user acceptance

o             Experience in project management, change management and release management

o             Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content

o             Knowledge of database applications, spreadsheet design, and report writing software

o             Minimum 2 years experience in a security or related IT function

Preferred Skills/Experience:

•             CISSP, CCNA, CCENT, CCNP, GSEC, MCSA, CISM certifications are preferred

Educational Requirements:

•             Bachelors degree in Computer Science, Information Systems, Engineering or related major