This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Complete Posting, Information Security Design Specialist

From OWASP
Jump to: navigation, search

INTEQNA’s Calgary, Alberta client is currently seeking an Information Security Design Specialist to join their team.

The Information Security Design Specialist role is part of Information Security and will addresses the analytic and design framework for addressing information security risk and controls throughout their business systems and applications. The Information Security Design Specialist will be responsible for ensuring that the client systems are designed and implemented securely. The primary focus will be building and reviewing information security design documents. Additional responsibilities include supporting various Information Technology teams, identifying and resolving security issues, performing infrastructure, O/S and application security reviews to ensure secure practices are followed, and participation in project teams. Application security design experience with Service Oriented Architecture (SOA) solutions is desirable.

Responsibilities:

• Provide value added advice and guidance (as measured via regular feedback from Business Units and major programs).

• Development and communication of technical security architectures across business units and groups.

• Design security controls and countermeasures that meet the requirements of the business as well as the information security policies.

• Develop a plan of engagement for projects, project timelines & security design practices.

• Develop conceptual, logical and physical security models as appropriate.

• Develop tactical and strategic security design approaches for the organization.

• Work with other IT disciplines to facilitate their deliverables.

• Co-ordinate activities between Information Security and the various technology teams on an ongoing basis.


Mandatory skills/Certifications

• Knowledge of information security issues when dealing with web based applications.

• Thorough knowledge of the security controls required to address the OWASP top 10 vulnerabilities.

• Experience in defining security design documents for enterprise solutions including technical design and methodology definition.

• Good breadth of technical experience in applications including: Messaging Middleware, Service Oriented Architectures, Web Services, Service communication frameworks, XML, Java and Databases.

• Experience with application and infrastructure hardening techniques.

• A deep understanding of threat risk analysis concepts.

• Experience performing information security risk assessments.

• Excellent planning, organization and leadership skills.

• Excellent communication skills (written and oral). The role demands strong presentational skills, and experience of presenting proposals, issues and findings in a clear, structured manner with an ability to communicate technical matters to a non-technical audience.

• Minimum 10+ years of Information Security experience with a minimum of 5 years dedicated to security design work (preferably at the Enterprise Level).

• Degree in Computer Science, Information Security, or diploma in Information Technology/Security.

• CISSP Designation

Desired Skills

• Experience with mission critical applications, ideally gained in financial services or ecommerce organizations, is an asset

• Experience with security in .Net and JAVA platforms

• Experience working with secure application libraries

• Experience with cross site scripting and mitigation techniques

• Session security, secure error handling techniques and best practices

• Network and operating system penetration and mitigation experience

• Experience with ISO 27001, FISMA, DIACAP/CITSCAP or other recognized security regulations.

• TOGAF Certification

To receive immediate consideration for this role, please forward your resume in Word or .RTF format to Marlo Nielsen, Senior Recruitment Consultant. Please note that only qualified candidates will be contacted for interview.