APPLICATION SECURITY ENGINEER – Chicago, Illinois $80-$95K INSIDE SCOOP: This is a great job working with great people. I know because it reports to a candidate that I placed with the client. There is a lot of cool work to be done which will touch all lines of businesses and have a serious impact on enhancing the client's security posture. The following is a comprehensive description. Of course, the closer the match the better the fit. However all of these requirements aren't written in stone, there may be some flexibility regarding technical exposures. That said, successful candidates must have a strong development background, dedicated security experience, a consultative nature, and excellent verbal and written communication skills. RESPONSIBILITIES: Participate in research of new information security technologies (in the areas of application and application infrastructure components) and propose ideas for new security service development. Participate in all aspects of new security service development projects including the following project phases: business case development, requirements gathering, architecture development, product/service selection and procurement, functional & QA testing, detailed technical design, technology infrastructure implementation and deployment, migration from existing services, operational process and procedure documentation, operations staff training, internal marketing material development. Advise and consult internal clients on appropriate application of existing security services to solve their problems or enable new business opportunities. Deliver previously developed information security services in support of client needs including: requirements gathering, technical design, service deployment and integration, migration, operational transition, end user documentation, user training. In support of various enterprise IT initiatives sell/recommend, customize, implement, document, and transition to operations reusable technical security service components including firewall systems, intrusion detection systems, authentication systems, authorization systems, audit trail management systems, virus detection and prevention systems, cryptographic systems, and many others. Research and implement new security technologies to be used as point solutions for IT initiatives unable to take advantage of or needing greater functionality than reusable enterprise security services. Based on accumulated knowledge of project specific security implementations recommend new security service development ideas to the Security Technology R&D process. Serve as the subject matter expert on a number of production security technologies and fulfill corresponding vendor relationship and product/service acquisition, support, and maintenance contract management. Provide 4th level (technical architecture design and vendor management issues) support for a number of production security technologies. QUALIFICATIONS: In depth hands-on experience in as many of the following technologies as possible: Development languages: C, C++, Java, UML, XML, XSLT, applied in Object Oriented (OO) n-tier application development environment. Application frameworks and their built-in security services & API’s: Sun J2EE, MS COM+, MS .NET, OMG CORBA or others. General application security API’s and protocols: GSS-API, MS CryptoAPI, PAM, Kerberos, DCE Security Service, SSL/TLS, SAML, S/MIME, PKCS API’s, or others. Application Authentication & Authorization Systems: Netegrity SiteMinder, RSA ClearTrust, Entrust GetAccess, Oblix NetPoint, or others. Cryptographic tool kits for application development: RSA BSAFE, Certicom Security Builder, or others. Built-in security functions and services of application infrastructure components: Oracle, DB2/UDB, MS IIS, MS BizTalk Server, MS Integration Server, IBM WebSphere, iPlanet Directory, MS Active Directory, SAP R/3, Vitria BusinessWare, IBM MQSeries, MSMQ, MS Exchange, BEA WebLogic, or others. Application layer Intrusion Detection Systems: Sanctum AppShield, or others. PKI systems: Entrust Authority CA, RSA Keon, or others. In depth hands-on experience in complex enterprise architectures lock downs. Inner workings and security aspects of variety of Application Servers, Web Servers, Media/Content Servers, Messaging Servers, Database Servers, Integration Servers and such. Minimum of 6 years experience in information security solution engineering and security service delivery. Stellar technical writing, documentation development, process mapping, and visual communication, skills. Experience in managing several (2 to 4) concurrent large-scale enterprise wide information technology capability development projects. Excellent interpersonal and verbal communication skills. Financial services industry (Insurance, Banking, Investments) experience a plus. If you are interested and/or qualified, drop me a line. Send your resume in Word with some background information. Make sure you let me know what the best ways to contact you are. Thanks for your interest, Jeff -- Jeff Combs Alta Associates, Inc. 908-806-8442 908-806-8443 fax jeffat_private visit us at www.altaassociates.com
This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 10:25:14 PDT