*Please send resumes to **shirley @datagrp.com <shirley.datagr...@gmail.com> ***
** *Job Title: Network Security Architect (CISSP)* *Location: Detroit, MI* *Duration: 6+ Months* * * *Need only EAD/GC/US Citizens!!!!!!!!!!!!!!!!!!!!!!!* *Details From Manager**: * 1) Application Development Background. 2) Must understand how Application Security plays a part in the application. 3) Must have knowledge of where applications are going, how they are developed, how they are managed, and how they are maintained. 4) Needs to have a CISSP. 5) Excellent communication skills (both verbal and written). 6) Must know the differences between the different databases. 7) A good understanding of how the Oracle database functions is very helpful (but not a must). *Summary**:* Application Security Architect is responsible for assuring that IT application software and infrastructure is designed, implemented, and operated in accordance with applicable security standards and practices. Primary responsibilities include applications security, risk assessment, validation of security pen test results, problem resolution, system documentation, and system security management and support. *Essential Duties and Responsibilities**:* Good understanding of the architecture and the various web application tier and database tier components: underlying objects, schemas/products, database objects, file system structure, tables, views, packages, procedures, sequences, indexes, and constraints. Conduct information security threat analyses on new and changed application development initiatives towards design, review, and incident response planning. Provide in-depth assistance with the integration of information security within the application development life cycle. Review security requirements at relevant phases for both technical and operational perspective. Reviews remediation activities for completeness. Identifying security requirements and recommending appropriate solutions to IT and business problems. Review application source code for vulnerabilities, using both manual and automated code scanning techniques aka White box Testing. Perform vulnerability scanning and penetration testing at all application tiers using appropriate tools (network scanners, web scanners, database scanners, etc.) aka Blackbox Testing. Knowledge of operating systems (Windows, UNIX) and common COTS products used to deliver web services, including IIS, Apache, Tomcat, Oracle Application Server, WebSphere, etc. Identify and convincingly explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options. Discern, document, and setup standard practices for application security audits. Partner with operations, audit, legal, and compliance and administration teams to support the information security needs of their projects and ensure that risks are accurately identified and appropriately managed to the enterprise's accepted level of risk. Participate in developing standards for information technology security practices. Identify and evaluate tools and techniques to be used for capture, modeling and analysis of information security architecture. Analyze, review, customize and recommend security architectures for internal projects and initiatives. Identifies, implements, and monitors best practices for information security architecture. Determine and clearly communicate - quantitatively where possible - the information security risks to the application development teams. Assure compliance to security policies, standards, and procedures, including HIPPA, SOX, and CMS compliance. Monitor and recommend changes in standards that affect application security, especially in the area of privacy and identity theft. Initiate and promote activities to foster information security awareness and education among application development. Work with Information security peers and manager to assure standards compliance on various platforms (e.g., OS’s, databases, networks, etc.) upon which application development group relies for the operation of its applications. Identify threats and risks to the confidentiality, integrity and availability of all data residing on information systems platforms. *Education And/Or Experience**:* Bachelors Degree in Computer Science, Management Information Systems or related discipline required. Master's Degree in related field preferred. A minimum of 5-7 years experience working with core Oracle and SQL databases, and 5+ years experience in Unix/Linux. ** *Qualifications**:* To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. In-depth understanding of common operating systems (UNIX/Windows), networking protocols, databases, and Internet applications development. Must have thorough knowledge in IS security components, principles, standards, procedures and practices. Must have a thorough knowledge with web application and Internet security. Must have a broad knowledge in information technology trends. Strong knowledge in application security and limited network and server security. Advanced knowledge of the application development, credit card data storage and encryption technologies required for transferal of data in and out of the organization. Advanced knowledge and understanding of a range of computer and networking software related technologies. Ability to navigate within the applications with respect to the security environment, configure, and maintain the application security roles. Ability to analyze and assess application security requirements and determine optimum, cost-effective solutions. Ability to communicate technical information to non-technical personnel. Strong interpersonal and communication skills and the ability to work effectively with a wide range of constituencies in a diverse community. Ability to analyze complex problems and recommend/negotiate solutions. Ability to communicate security objectives orally and in writing to a variety of audiences. Ability to work independently in a self-directed manner and collaboratively as a member of security team. Ability to create and implement detailed action plans for security solutions. Ability to understand legal and regulatory requirements and business drivers and priorities, and integrate these requirements into overall security design. Familiarity with project management lifecycle and providing security consulting to project teams. Ability to write security requirements and design documents. *Other Skills and Abilities**:* Excellent analytical, organizational, verbal and written communication skills. A high proficiency level in specific job related skills is required. Other related skills and/or abilities may be required to perform this job. ** *Thanks & Regards, Shirley Technical Recruiter Data Group, Inc.* -- You received this message because you are subscribed to the Google Groups "SAP ABAP" group. To post to this group, send email to sap-abap@googlegroups.com. To unsubscribe from this group, send email to sap-abap+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sap-abap?hl=en.
