Identity and Access Management Architect

About The Position

Requirements

• Bachelor’s Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master’s Degree preferred.
• 8-15 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.
• Expertise with application server technologies such as Spring Framework, Spring Security, Web Services, REST, and Hibernate.
• In-depth knowledge of and experience with security technologies, single-sign-on and identity management technologies.
• Expertise with web system security concepts, including authentication, authorization (RBAC), encryption/hashing, SAML, and LDAP.
• Advanced knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
• Hands-on experience with encryption, hashing, secure random number generation, key derivation, digital signatures, etc.
• Advanced knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols.
• Experience with static code analysis tools including HP Fortify.
• Familiarity with JavaScript, NodeJS, or other scripting languages and BurpSuite or other intercepting proxy tools.
• Experience working with GIT source code management.
• Must have solid working experience and knowledge of Unix/Linux operating system.

Nice To Haves

• Experience with one or more of the following technologies: Vagrant, Chef, Rake, Gradle, Jenkins, and Cache DB.
• Understanding of Agile/Scrum methodologies is preferred.
• Experience with Axiomatics is preferred.

Responsibilities

• Develops security procedures and methods to ensure the safety of information systems and to protect the system from intentional (unauthorized) or accidental (inadvertent) access or destruction.
• Engineers, implements and monitors security measures for the protection of computer systems, networks and information. Documents and implements Standard Operating Procedures (SOPs).
• Serves as a liaison between development teams and stakeholders to understand and formulate complex security requirements for project/program.
• Defines, maintains, and enforces application security best practices. Identifies opportunities for process improvements and leads efforts implement.
• Evaluate new technologies and processes that enhance security capabilities.
• Writes comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
• Identifies additional application security related tools, conducts tool analysis, and provides recommendations on what tools will enhance security protocols.
• Performs and conducts penetration tests and manual/automated code reviews.
• Creates and delivers training developers and other relevant team members on Secure Code Development as well as other security protocols.
• Designs, develops or recommends integrated system solutions ensuring proprietary/confidential data and systems are protected.