Connecting linkedin

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9oyw1sew4td2lsbglhbxmvanbnl2jhbm5lci1kzwzhdwx0lwpvyi5qcgcixv0

Job

Senior Security Engineer - Threat Modeling

  • Location

    Remote United States

  • Sector:

    Technology

  • Job type:

    Permanent

  • Salary:

    170k - 190k on the base

  • Contact:

    Gerald Mitter

  • Contact email:

    g.mitter@hamlynwilliams.com

  • Salary high:

    0

  • Salary low:

    0

  • Published:

    13 days ago

  • Expiry date:

    2022-07-10

  • Startdate:

    ASAP

Role:

Provides information security consulting services to companies and organizations. By understanding the business vision, objectives, and KPIs, the team can communicate with stakeholders and better understand their challenges and opportunities. Leading the development of an information security strategy by analyzing business processes, policies, information, and information systems. Building effective working relationships with both internal and external stakeholders. A priori requirements and solutions must be aligned with real business needs and meet essential data security standards. All stakeholders must approve these requirements and solutions. As a thought leader, promotes new technologies, processes, and methodologies, while adapting to the unique requirements of the business/group and the delivery items.

  • Assures the success of assigned business or group.
  • Helps develop strategic plans.
  • Acquires a thorough understanding of the core processes, risks, and mitigation techniques for designated areas, and is able to explain them to others.
  • Collaborates with internal and external stakeholders to advance strategic initiatives.
  • Establishes business priorities and determines the most effective order for executing business or group strategies.
  • Achieves insights and recommendations by breaking down strategic problems, and by analyzing data and information.
  • Serves as the primary point of contact for vendors; oversees the implementation, maintenance, and support of vendor solutions.
  • Provides solutions and recommendations based on the strategy, plans, activities, and needs of the various stakeholders.
  • Advises, counsels, and supports assigned business/group leaders on security matters. Recommends solutions based on principles, frameworks, programs, approaches, trends, legislation, and regulatory requirements, including interpretation of policy, identification, management, and mitigation of risk.
  • Delivers information security solutions that enhance credibility, influence, and negotiation capability to drive business performance.
  • Makes recommendations for resolving issues based on metrics and milestones, and escalates issues as necessary.
  • Provides a variety of elicitation techniques to probe, challenge, and understand the related risks in order to facilitate discussions and follow a disciplined approach in planning, eliciting, analyzing, documenting, communicating, and managing initiatives and issues with stakeholders.
  • Enhances processes and methodologies; takes note of emerging information security challenges and trends; and ensures standards are followed.
  • Produces professional presentations and conveys them in a concise, effective manner.
  • Evaluates the impact of information security on a project's benefits and risks when the scope of the project is changed.
  • Establishes and promotes information security best practices by benchmarking and participating in professional associations, as well as staying informed of industry security and business trends.
  • Analyzing and interpreting data will enable us to extract meaningful insights, answer business questions, and provide actionable recommendations.
  • Participates in continuous improvement activities and root cause analysis in order to enhance information security capabilities.
  • Maintains consistent and high-quality practices/work and ensures the achievement of business results in alignment with business/group strategies and with productivity goals.
  • A primary focus is on business/groups; however, a broader, enterprise-wide perspective is also possible.
  • Consultations, analysis, and support are provided.
  • Ability to identify, diagnose, and resolve problems within a given framework.
  • Able to handle unusual situations and work independently.

Qualifications:

  • Must have a minimum of two years' experience in software development (e.g. Java, JS, Python).
  • Must have at least two years' experience implementing secure development practices or conducting secure design reviews
  • At least one year of experience deploying and/or securing applications in the Cloud (such as AWS and/or Microsoft Azure is required)
  • Typically, candidates should have between four and seven years of relevant experience and a post-secondary degree in Information Security, Computer Science, Engineering, or Information Systems or a related field of study or a combination of those two.
  • Candidates with at least one certification in a related field are preferred, with a strong preference for certifications in information security from a well-known source (e.g. (ISC)2, ISACA, SANS).
  • Knowledge of industry standards and frameworks, such as the NIST Cyber Security Framework (CSF), ISO 27001 and 27002, Payment Card Industry (PCI) Data Security Standard (DSS), etc. - In-depth.
  • Knowledge of information security concepts and methodologies.
  • In-depth understanding of business analysis, project delivery practices and standards across the project lifecycle.
  • In-depth understanding of information security processes, procedures and controls.
  • Understands and can solve problems related to information security within their business group - Working.
  • Knowledge of information security risks and regulatory requirements - Working.
  • Expertise and technical proficiency gained through extensive education and work experience.
  • Expertise in written and oral communication.
  • Ability to collaborate and work with others.
  • Ability to analyze and solve problems in depth.
  • Demonstrated ability to influence others.
  • Data-driven decisions made in-depth.