User talk:Peter Sanders

Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 16:30, 4 June 2013 (UTC)

Secure Development Architect - Reading UK, Leading Financial Brand 80-100k (DOE) + Car Allowance & Bens

My global financial brand is looking for a Secure Development Architect as part of a newly created role within their IT Security Team, This important role will define the secure development lifecycle and coding templates for the organisation. This will drive the evolution of their development and coding environment through designing quality, secure applications that support the core business values of maintaining a trusted brand.

Acting as the security champion you will operate across multiple teams and work closely with the development team supporting them in the development and maintenance of secure applications.

To be considered for this role you will need the following:

- Passion for application security, always aware of current threats and techniques. - Previous experience of working in an environment where security considerations in the development of applications were essential to the delivery of the application. - Ideally, financial services experience (particularly in payments) - Familiar with industry standards and compliance requirements such as OWASP, CERT and PCI DSS. - Experience with several common programming languages and development environments such as Java, C++, .NET, Eclipse, Visual Studio and Clearcase. - Worked with industry standard processes relating to change management and governance, such as Prince and COBIT - Broad and demonstrable experience of working with a diverse set of stakeholders, applying security requirements to application design

For immediate consideration or a confidential chat please contact Peter Sanders for more information

Email: [email protected] Tel: 01908 802832

Enterprise Security Architect - Reading - Leading Financial Brand - 100-120k DOE + Car Allowance & Bens

The Enterprise Security Architect will work closely with the Head of IT Security to define the Strategic Security Architecture and technology templates for the organisation. This will drive the evolution of technology and Information environment, through defining quality, fit-for-purpose solutions for projects and inputting into the strategic security roadmap for our systems landscape.

The role will require working and influencing across multiple teams and working very closely with the VE Architecture Team. The Architecture Team is split into two functions, one focussed on delivering solution architectures for projects, the other taking a cross project, enterprise perspective, capturing the current and defining the future state of Architecture.

The three key tenets of the Enterprise Architecture function are:

• Developing the Group IT Strategy (incorporating: Systems, Technology, People, Delivery and Alignment); • Standardising how Architecture is practised; • Describing the current, future and transitional states of Architecture, and controlling our Architecture’s evolutionary path in alignment to overarching divisional and organisation goals.

Enterprise Architecture elaborates my clients strategic needs, such as improved flexibility, time-to-market, cost control and risk reduction and makes the necessary trade-offs in order to define a desired future state, and develop the principles, roadmaps, etc that guide the evolution to it.

The Enterprise Security Architect will be responsible for ensuring the security agenda is promoted and embedded into the Architecture team, act as a Security champion ensuring reusable artefacts are developed, providing security education to the team, providing input to the security strategy and technology roadmaps and ensuring that is positioned to make appropriate use of new and emergent technologies in a secure fashion.

Key Accountabilities

• Strategic Security Requirements Management. Elicitation, documentation and verification of strategic requirements for the use of IT concerning a particular business area. • Group IT (Sub) Strategy Development. Development of a IT Security Strategy in response to strategic requirements. • Secure Architecture Development Standardisation. Promoting and supporting the establishment and embedding of security best practise in architecture development processes. • Enterprise Architecture Development. Development of significant aspects of Enterprise Architecture and ensuring appropriate security of these and compliance to the Corporate Key Controls.

Key Skills & Experience

• Previous experience of working in a highly available, performance critical technology environment • Ideally, financial services experience (particularly in payments) • Extensive IT security experience across delivery and strategy disciplines • Familiar with industry standard methods, tools and processes to support an Enterprise Architecture function, such as TOGAF and the embedding of security principles within this • Experience across several architecture disciplines, such as Business, Application, Infrastructure, Data & Security • Worked with industry standard processes relating to change management and governance, such as Prince and COBIT • Broad and demonstrable experience of working with a diverse set of stakeholders, applying technology capability for business benefit • Architecture Development: Proven experience in creating cohesive enterprise scope architecture for applications, information and infrastructure; overseen the integration and migration to a target, enterprise-scope, architecture including identification and consultation regarding planning, migration and implementation issues. Has defined architectural principles and standards for an organisation. Has proven experience with service-oriented analysis, definition, and design; able to discuss concepts of discoverable services, associated discovery mechanisms, and service autonomy; identifies core SOA technologies, their interrelationships and applications.

For more information please contact Peter Sanders on 01908 803832 or [email protected]

Penetration Testing / Vulnerability Assessments/ Forensic Investigations - Basingstoke, UK - £60-80k + Car Allow & Bens

Acting as The Lead Security Specialist you will work closely with the IT Security Assurance Manager to define and shape the delivery of assurance services. This is a key role in championing the delivery of the IT Security departments’ vision of being recognised as a leader in security across the payments card industry.

This role will be an integral part of a small team of security professionals with responsibilities for technical security assessments against key strategic initiatives for the company prior to final release and being placed into the production environment. Outputs of this reporting will also form the foundation of evidence for audit against known standards such as SAS70, PCI and other requests from the internal Risk function. This team will also conduct regular vulnerability scanning (ASV, etc), penetration testing and application testing of existing systems and platforms on an established review cycle.

Based in Basingstoke, the role requires a solid foundation in operational security management, incident response, change management, web application security assessments, vulnerability assessments, forensic investigation and ethical hacking / penetration testing.

The role will require working and influencing across multiple teams and ensuring that any potential areas of concern are addressed, as well as influencing best practice adoption into relevant teams (architecture, networks, development, etc)

This role requires a broad understanding and demonstrated practical experience which is likely to include the following: - Education in a relevant technical subject to at least masters degree level (MSc Information Technology or similar). - At least 5 years experience in IT Security and thereby able to demonstrate a high level of technical ability in implementation, design and review roles, along with at least 5 years experience in another I.T. Discipline. - Preferable prior experience in large / blue chip organisations or financial background. - High technical knowledge of security across multiple platforms and current understanding of how to exploit them and thereby ensure appropriate protection. - Ideally, financial services experience (particularly in payments). - Familiar with industry standard methods, and security practices. - Familiar with current assessment techniques and toolsets eg HP Webinspect, OWASP practices, etc - Worked with industry standard processes relating to service, change management and governance, such as ITIL incident and change management, Prince, Patch Management, Data Centre processes, PCI DSS and COBIT / COSO based controls. - Broad and demonstrable experience of working with a diverse set of stakeholders, applying technology capability for business benefit. - A good understanding of key business platforms, operating systems and file systems including those used on *nix and MS platforms.

For more information please contact Peter Sanders on 01908 802832 or [email protected]

IT Security Java Developer - Digital& Mobile Breakthrough Project - Northampton OR London 55k + Bens (10k)

The Digital and Mobile platform will house the developments in customer insights, products, and delivery processes across different customer segments, geographies and markets. The breakthrough digital and mobile propositions created will ensure they attract and retain new customers and increase there product penetration with existing customers and clients.

As an IT Security Java Developer, your responsibilities will include:

- To be an acknowledged expert in their technical field with proven experience of the techniques and tools being used across the development lifecycle. To act as a point of contact and Subject Matter Expert on IT Security development

- To work across multiple phases of software development within a project as a team member or dealing with the most technically challenging assignments. This includes: - Designing, coding and unit testing the most complex software components for new or enhanced IT systems to a high level of quality, producing appropriate documentation. - To translate business requirements into technical requirements, identifying any gaps. - To write Java/ HTML(5) and CSS code to specification for one or more applications / products during the build phase of the software development lifecycle. - To test the code thoroughly through using Junit, code reviews and liaise with - Testing teams, tech and business users to ensure delivery is fit for purpose. - To own the technical integrity and quality of the applications / products is maintained across their lifetime, contributing to the development of any technical changes being proposed. - Ensure that the application is developed according to our code quality principles and procedures as well as high code security standards.

We expect you to bring the following:

Technical Knowledge - Deep knowledge and understanding about how to code ecomm web applications for a Financial Institution/Bank - Able to interpret and apply policies and standards - Contributes to the development and implementation of standards and procedures

Functional Analysis (Business) - Experienced with standard methods, tools and techniques for requirements definition: - Can describe deliverables associated with the requirements analysis and definition - Familiar with policies, practices and standards for defining functional requirements - Able to produce detail-level functional requirement documentation - Has participated in the design of a graphic user interface - Can identify key factors and information needed for effective interface design

Development/Configuration - Has a deep understanding of the overall development process and an advanced knowledge in one or more of the main phases: - Can identify and use advanced prototyping functions and features for application requirements - Can use effectively automated modelling tools and associated techniques - Facilitates modelling sessions with complex models - Experienced with multiple programming languages including their standard tools and libraries - Conducts walk-through and monitors quality of the development activities - Can discuss similarities, differences, advantages and drawbacks of different languages - Knowledge of the major tools in a toolkit for a specific platform - Has developed and executed a full spectrum of tests on multiple applications and environments - Experienced with testing complex, multi-platform, distributed applications - Can discuss considerations for selecting optimal testing environment for specific applications - Coordinates deployment tasks with end-user, operations and quality management - Has experience with alternative implementation plans

For more information please contact Peter Sanders on 01908 802832 or [email protected]