User talk:Peter Sanders

Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 16:30, 4 June 2013 (UTC)

Secure Development Architect - Reading UK, Leading Financial Brand 80-100k (DOE) + Car Allowance & Bens

My global financial brand is looking for a Secure Development Architect as part of a newly created role within their IT Security Team, This important role will define the secure development lifecycle and coding templates for the organisation. This will drive the evolution of their development and coding environment through designing quality, secure applications that support the core business values of maintaining a trusted brand.

Acting as the security champion you will operate across multiple teams and work closely with the development team supporting them in the development and maintenance of secure applications.

To be considered for this role you will need the following:

- Passion for application security, always aware of current threats and techniques. - Previous experience of working in an environment where security considerations in the development of applications were essential to the delivery of the application. - Ideally, financial services experience (particularly in payments) - Familiar with industry standards and compliance requirements such as OWASP, CERT and PCI DSS. - Experience with several common programming languages and development environments such as Java, C++, .NET, Eclipse, Visual Studio and Clearcase. - Worked with industry standard processes relating to change management and governance, such as Prince and COBIT - Broad and demonstrable experience of working with a diverse set of stakeholders, applying security requirements to application design

For immediate consideration or a confidential chat please contact Peter Sanders for more information

Email: [email protected] Tel: 01908 802832

Enterprise Security Architect - Reading - Leading Financial Brand - 100-120k DOE + Car Allowance & Bens

The Enterprise Security Architect will work closely with the Head of IT Security to define the Strategic Security Architecture and technology templates for the organisation. This will drive the evolution of technology and Information environment, through defining quality, fit-for-purpose solutions for projects and inputting into the strategic security roadmap for our systems landscape.

The role will require working and influencing across multiple teams and working very closely with the VE Architecture Team. The Architecture Team is split into two functions, one focussed on delivering solution architectures for projects, the other taking a cross project, enterprise perspective, capturing the current and defining the future state of Architecture.

The three key tenets of the Enterprise Architecture function are:

• Developing the Group IT Strategy (incorporating: Systems, Technology, People, Delivery and Alignment); • Standardising how Architecture is practised; • Describing the current, future and transitional states of Architecture, and controlling our Architecture’s evolutionary path in alignment to overarching divisional and organisation goals.

Enterprise Architecture elaborates my clients strategic needs, such as improved flexibility, time-to-market, cost control and risk reduction and makes the necessary trade-offs in order to define a desired future state, and develop the principles, roadmaps, etc that guide the evolution to it.

The Enterprise Security Architect will be responsible for ensuring the security agenda is promoted and embedded into the Architecture team, act as a Security champion ensuring reusable artefacts are developed, providing security education to the team, providing input to the security strategy and technology roadmaps and ensuring that is positioned to make appropriate use of new and emergent technologies in a secure fashion.

Key Accountabilities

• Strategic Security Requirements Management. Elicitation, documentation and verification of strategic requirements for the use of IT concerning a particular business area. • Group IT (Sub) Strategy Development. Development of a IT Security Strategy in response to strategic requirements. • Secure Architecture Development Standardisation. Promoting and supporting the establishment and embedding of security best practise in architecture development processes. • Enterprise Architecture Development. Development of significant aspects of Enterprise Architecture and ensuring appropriate security of these and compliance to the Corporate Key Controls.

Key Skills & Experience

• Previous experience of working in a highly available, performance critical technology environment • Ideally, financial services experience (particularly in payments) • Extensive IT security experience across delivery and strategy disciplines • Familiar with industry standard methods, tools and processes to support an Enterprise Architecture function, such as TOGAF and the embedding of security principles within this • Experience across several architecture disciplines, such as Business, Application, Infrastructure, Data & Security • Worked with industry standard processes relating to change management and governance, such as Prince and COBIT • Broad and demonstrable experience of working with a diverse set of stakeholders, applying technology capability for business benefit • Architecture Development: Proven experience in creating cohesive enterprise scope architecture for applications, information and infrastructure; overseen the integration and migration to a target, enterprise-scope, architecture including identification and consultation regarding planning, migration and implementation issues. Has defined architectural principles and standards for an organisation. Has proven experience with service-oriented analysis, definition, and design; able to discuss concepts of discoverable services, associated discovery mechanisms, and service autonomy; identifies core SOA technologies, their interrelationships and applications.

For more information please contact Peter Sanders on 01908 803832 or [email protected]

Penetration Testing / Vulnerability Assessments/ Forensic Investigations - Basingstoke, UK -

Acting as The Lead Security Specialist you will work closely with the IT Security Assurance Manager to define and shape the delivery of assurance services. This is a key role in championing the delivery of the IT Security departments’ vision of being recognised as a leader in security across the payments card industry.

This role will be an integral part of a small team of security professionals with responsibilities for technical security assessments against key strategic initiatives for the company prior to final release and being placed into the production environment. Outputs of this reporting will also form the foundation of evidence for audit against known standards such as SAS70, PCI and other requests from the internal Risk function. This team will also conduct regular vulnerability scanning (ASV, etc), penetration testing and application testing of existing systems and platforms on an established review cycle.

Based in Basingstoke, the role requires a solid foundation in operational security management, incident response, change management, web application security assessments, vulnerability assessments, forensic investigation and ethical hacking / penetration testing.

The role will require working and influencing across multiple teams and ensuring that any potential areas of concern are addressed, as well as influencing best practice adoption into relevant teams (architecture, networks, development, etc)

This role requires a broad understanding and demonstrated practical experience which is likely to include the following: - Education in a relevant technical subject to at least masters degree level (MSc Information Technology or similar). - At least 5 years experience in IT Security and thereby able to demonstrate a high level of technical ability in implementation, design and review roles, along with at least 5 years experience in another I.T. Discipline. - Preferable prior experience in large / blue chip organisations or financial background. - High technical knowledge of security across multiple platforms and current understanding of how to exploit them and thereby ensure appropriate protection. - Ideally, financial services experience (particularly in payments). - Familiar with industry standard methods, and security practices. - Familiar with current assessment techniques and toolsets eg HP Webinspect, OWASP practices, etc - Worked with industry standard processes relating to service, change management and governance, such as ITIL incident and change management, Prince, Patch Management, Data Centre processes, PCI DSS and COBIT / COSO based controls. - Broad and demonstrable experience of working with a diverse set of stakeholders, applying technology capability for business benefit. - A good understanding of key business platforms, operating systems and file systems including those used on *nix and MS platforms.

For more information please contact Peter Sanders on 01908 802832 or [email protected]