Senior Security Consultant - Security Architecture, Cigital

Cigital is headquartered in Dulles, Virginia, just minutes outside of Washington, D.C., in one of the country’s leading technology corridors. In addition to our great corporate culture, Cigital offers an excellent salary and benefits package. If you are committed to excellence and want to grow your career, apply today!

Sr. Security Consultant (Security Architecture)

To apply for this position, http://www.cigital.com/careers/jobs/?job=security-architect

Position Location: Dulles, VA

Position Type: Full-time

Reports To: Managing Consultant

About Cigital

Cigital, Inc. is the leading software security and quality consulting firm. Established in 1992, Cigital plans and implements initiatives to help ensure customers have secure, reliable applications. We improve how they build and deploy software, and we have fun doing it. The daily news gives you a taste of what companies face, but if you’re in our field you get to see how serious these problems really are. Whether they’re banks, TV networks, or game designers – when businesses get serious about software security, they call Cigital.

Job Responsibilities

In this role you will participate in the sale, scoping, and delivery of application source code review, application architecture analysis, threat modeling, and vulnerability remediation services. Successful candidates will also deliver Cigital instructor-led training such as the defensive programming, threat modeling, and architecture analysis courses. Specifically, this position entails analyzing and documenting Cigital’s client’s software/system architectures, producing both structural and behavioral design documentation at levels ranging from enterprise architecture to software component/algorithm design. Such efforts may require reversing program design through source code review and exploratory testing. You will also produce security architecture views including: attack surface, asset flow, and trust-boundary views as well as misuse/abuse cases. You must be able to define, socialize, and help implement vulnerability remediation strategies. Applicants should be able to discuss remediation with our client’s enterprise architects and developers. Remediation may require application code changes through the selection, configuration, and implementation of vendor products. You must apply a working knowledge of how regulations, industry best practices, and corporate security standards shape solutions.

Requirements• Travel is expected to be in the range of 35-50%.

• Consulting Skills

o Demonstrated ability to scope and articulate assessment efforts

o Demonstrated ability to communicate with Executive Security Management, Development Managers, Enterprise Architects, and Developers.

o Experience coordinating global stakeholders in architecture initiatives with Fortune 500-sized organizations.

o Ability to translate business risk/requirements into solution definitions.

o Ability to develop reference architectures for development channels (web, B2B, mobile, embedded, or similar).

o Ability to elegantly articulate secure development activities for use with agile, waterfall, and spiral development models.

o Ability to mentor clients through simple security frameworks for use with embedded, mobile, client/server, web-based, and SOA development.

o Demonstrated ability to write publication-quality deliverables (documents, proposals, presentations, and statements of work).

o Demonstrated ability to complete above tasks independently.

o Demonstrated ability to research & learn new technologies independently.

Education & Experience

• BS in Computer Science, Engineering, or equivalent. Masters degree preferred

• 5+ years software development experience

• 3+ years programming experience

• Strong working knowledge of enterprise application platforms including Java EE platform toolkits such as Struts, Spring

• Demonstrated experience with commercial security products: AuthN/AuthZ (e.g. CA SiteMinder, IBM Tivoli, etc.), Encryption products (e.g., EMC RSA, Entrust, etc.), XML Gateways (e.g. IBM DataPower, Vordel XML Gateway, etc), Audit/Log management (Splunk, Arcsight ).

• Ability to articulate security and other non-functional aspects of Single-Sign-On (SSO), Public Key Infrastructure (PKI), Intrusion Detection/Prevention (IDS/IPS), Data-loss Prevention (DLP), XML-security, Identity/Access Management (IAM), and federation.

• Experience with enterprise architecture frameworks (TOGAF, Zachman, etc.)

• Demonstrated ability to assess or design & implement multi-factor authentication systems involving federated identity.

Compensation & Work Location

Cigital is based in Dulles, Virginia, with offices in New York, San Francisco, London, Amsterdam, and clients worldwide. We offer a competitive salary, equity compensation, and benefits.