*Hi,* *Kindly let me know if you are comfortable on below position.*
*Position: Information Security Application Security Engineer* *Position: Denver, CO or Kansas City * *Duration: 6-12 month* *Position Summary:* The Lead Information Security Engineer is a member of the Application Security team within the Corporate Security Department responsible for the RSA Archer Governance, Risk and Compliance (GRC) platform and its usage within the organization. Additionally, the Lead Information Security Engineer will support and assist in the building of a static code analysis environment for use by development teams spanning business units inside and outside of the Information Security department. The Lead Information Security Engineer will partner with internal team members and third party suppliers ensuring the efficient operation, maintenance, administration, and development of the RSA Archer GRC product and its associated components. Additionally, the Lead Information Security Engineer will continuously improve and support the platform as its usage and process enhancements expand. The Lead Information Security Engineer will support the deployment, configuration, and integration of static code analysis tool sets. He/She will assist building the static code analysis capability within a private cloud environment with feedback from and coordination with development teams practicing Agile, DevOps methodologies. The static analysis environment must seamlessly integrate with and support current and evolving development practices and ingest scan results feed into Archer. The successful candidate will have strong communications skills and experience in presenting technical issues to a wide variety of audiences. In addition, the candidate must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer-facing services. The individual will coordinate activities across multiple departments and business units, and must be able to understand business requirements to help teams succeed with their projects. This candidate must be able to work independently and as a team leader to develop and execute strategies and consult with internal clients on the above security initiatives in compliance with corporate policy, standards, procedures and industry best practices. *Responsibilities:* Archer - Maintain software, including requirements gathering, solution design, rapid application development, testing, documentation, and ongoing support. - Provide analysis and recommendations for solution analysis, system design and configuration of Archer GRC software tool. - Able to develop expertise through hands-on training of software platform capabilities and conduct software configuration and testing. - Support the team through development, creation and implementation of testing scenarios and use cases within the GRC application. - Working and supporting others on estimating new work intake efforts. - Support and/or perform the on-going configuration, upgrading and support for the Archer GRC platform. - Integrate data feeds from various sources to Archer modules, applications, and on-demand applications. - Develop and enhance reports, views, and workspaces for different business and technical audiences. - May lead, with support, projects and work streams. - Provides information to claim leadership on issues and risks associated with delivery of business controls within a technology application. - Assist in the prioritization and scheduling of projects for future. *Responsibilities:* Static Analysis Environment - Operation, administration, and maintenance of code analysis tools such as HP Fortify or SonarQube. - Build, deploy, and verify containerized code analysis packages within a private cloud environment. - Understand and build the capability to support continuous code testing in current architecture as well as cloud application architecture. - Ensure the confidentiality, integrity, and availability of the code analysis environments as a prime consideration in the deployment and building of the capability. - Work with continuous integration teams to integrate the automated code analysis into the daily development process and deployment pipeline. - Support efforts to develop or acquire tools and techniques to optimize and automate all security testing. - Source scanning results into Archer using data feeds or other methods. *Minimum Qualifications:* - Undergraduate degree in Computer Science, Engineering, or related field, or equivalent experience. - 3-5 years practical experience delivering Archer solutions, Risk and Compliance consulting services or related experience. - 3-5 years practical experience supporting an agile, DevOps J2EE or DotNET development effort. - Verifiable experience supporting Governance, Risk and Compliance software application deployments. - Verifiable experience supporting Agile, DevOps software development. - Strong problem solving skills. - Ability to act independently and exercise good judgment as well as the ability to work cross-functionally with other teams is essential. - Applicable professional/technical certifications. - Experience with technologies, tools and process controls supporting shared environments. - Must possess broad technical knowledge of current and emerging technologies used both within corporate infrastructure and software development automation. - Excellent oral and written communication skills and experience in presenting technical issues to all levels of management, as well as non-technical staff. *Preferred Qualifications:* - Bachelor’s of Science degree in Computer Science, Engineering, or related field, or equivalent experience. - Professional/technical certifications, such as CISSP, or product specific certifications. - Archer 5.5 sp4 including Risk, Policy, Compliance, and Enterprise modules. - Application development tools such as CVS, Dimensions, Gitlab, Subversion, Jenkins, and SonarQube. - Static Analysis tools such as HP Fortify, Veracode, or CheckMarx. - Web technologies such as Apache, Internet Information Server, Weblogic, or JBOSS. - Databases such as SQL Server or MySQL. - Security administration of Linux, UNIX, or Windows operating systems. - Knowledge of project management practices. - Experience in large Enterprise data centers, private cloud, and/or networks. Regards *Mayank* 978-558-4666 x 103 *may...@teknavigators.com* <may...@teknavigators.com> *TekNavigators LLC* -- You received this message because you are subscribed to the Google Groups "Hot List" group. To unsubscribe from this group and stop receiving emails from it, send an email to directclienteq+unsubscr...@googlegroups.com. To post to this group, send email to directclienteq@googlegroups.com. Visit this group at https://groups.google.com/group/directclienteq. For more options, visit https://groups.google.com/d/optout.