IT Security Architect (penetration testing / encryption) – London – £80
Key words associated with this role: Security / compliance / SaaS / software as a service / penetration testing / web vulnerabilities / encryption, key management, PKI, SAML 1.1 and SAML 2.0 / risk analysis / risk management / CISSP, CISA / SOAP API integration / international data privacy law / software as a service / global / consultancy / sales support / analysis / design / requirements gathering / architecture
- Architect and provide design specifications for security enhancements to our application
- Assist in developing security solutions within the company’s application framework
- Perform comprehensive threat modelling of the company’s SaaS-based solution
- Sales support to include: completing security RFP questionnaires and 3rd party vendor security questionnaires, engaging directly with customers and prospects to answer security related questions, and facilitating customer on-site security audits and assessments as needed
- Engagement management for customer sponsored application penetration tests
- Assist in the management and testing of disaster recovery plans and business continuity plans
- Documentation requirements to include exceptions reports, audit/review reports, technical/process recommendations, reporting of security statistics/metrics, technical standards, procedures and guidelines etc)
- Assist in developing integrated solutions through developed API interfaces
- Provide security training on a regular basis to regional employees
- Up to 15% travel, to include 3rd party vendor assessments, data centre tours, and occasional meetings with customers
Experience required for the position of IT Security Engineer / Security Architect / Security Manager / Subject Matter expert / Information Security Consultant / Chief Security Architect / Global Compliance Architect
- Proven programming and development experience in Java and JavaScript
- Experience with application penetration testing and OWASP top 10 web vulnerabilities. Proven experience with manual penetration testing (i.e. parameter manipulation using Burp Suite Pro)
- Experience in developing internet-facing web-based applications
- Experience with security programming to include: encryption, key management, PKI, SAML 1.1 and SAML 2.0 a plus
- Proven experience of code review methodologies
- Experience with coordinating application penetration tests and remediation efforts
- Familiarity with risk analysis and risk management methodologies
- Solid understanding of network and system security processes
- Excellent communication skills, both oral and written
- Proven ability to work effectively in a fast-paced, high volume, deadline-driven environment
- Professional maturity in dealing with all levels of management and staff including customers, prospects, and vendors
- Reliable, resourceful individual with a can-do attitude
- A degree or equivalent in Computer Science or related field
Desired skills for the position of IT Security Engineer / Security Architect / Security Manager / Subject Matter expert / Information Security Consultant / Chief Security Architect / Global Compliance Architect
- familiarity with international data privacy law
- Professional security certifications: CISSP, CISA
- Direct hands on experience with SOAP API integration a plus
- Experience of working in a security role for a SaaS-based company
Security / compliance / SaaS / software as a service / penetration testing / web vulnerabilities / encryption, key management, PKI, SAML 1.1 and SAML 2.0 / risk analysis / risk management / CISSP, CISA / SOAP API integration / international data privacy law / software as a service / global / consultancy / sales support / analysis / design / requirements gathering / architecture / IT Security Engineer / Security Architect / Security Manager / Subject Matter expert / Information Security Consultant / Chief Security Architect / Global Compliance Architect