Principal Information Security Engineer - The Ashlar Group
American Fork, UT 84003
About the Job
Company - Major HealthCare Software Firm
Position - Principal Information Security Engineer
Compensation - DOE
Position Type - Full Time
Location - American Fork, Utah
SKILLS AND CERTIFICATIONS [note: bold skills and certification are required]
Require 2 or more: CISSP, CISM, CompTia Security +, GSEC, CCSP CSSLP, HCISSP, GSE
Requires 1 or more: GWAPT, GPEN, GCIH, CEH
Requires 1 or more: GCED, GCIA, GCWN, GCFE, GCFA, GMON, GPPA, CCFP, CAP
CANDIDATE DETAILS
10+ to 15 years experience
Seniority Level - Mid-Senior
Management Experience Required - No
Minimum Education - Bachelor's Degree
Willingness to Travel - Occasionally
DESCRIPTION
This position is responsible for leading department-wide focus on the strategy, development, implementation, and maintenance of the application security program across research, development, quality assurance, support, and IT systems. This is a high level, conceptual, as well as hands-on position that requires a great deal of general security experience, as well as application development experience and secure coding knowledge.
Mentor more junior engineers by leading and influencing technical decisions, processes, and best practices with an expert ability to explain technical concepts in written and verbal forms
Seasoned, experienced technical expert level professional possessing and applying comprehensive knowledge of a particular field of specialization to complete work assignments. Assignments are broad in nature and need ingenuity and originality to solve. Require daily decision making capabilities and actions that are not reviewed by supervisor. Operate with substantial latitude for un-reviewed action or decision. Often play a role in high-level projects that have an impact on the company's future direction. Barriers to entry can exist at this level.
Job Complexity:
Work on significant issues where analysis of situations or data requires an evaluation of intangibles. Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results. Create formal networks involving coordination among groups.
Supervision:
Work on significant issues where analysis of situations or data requires an evaluation of intangibles. Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results. Create formal networks involving coordination among groups.
Work Experience:
Work on significant issues where analysis of situations or data requires an evaluation of intangibles. Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results. Create formal networks involving coordination among groups.
Preferred Experience:
Bachelor's Degree or global equivalent in related discipline. Master's degree or global equivalent a plus. Typically holds 2 or more industry certifications.
General Skills & Competencies:
Actively engage using unique wide-range of professional skills with an expert understanding of industry practices and company policies and procedures
Excellent knowledge of secure application programming, coding life cycles and designs
Position - Principal Information Security Engineer
Compensation - DOE
Position Type - Full Time
Location - American Fork, Utah
SKILLS AND CERTIFICATIONS [note: bold skills and certification are required]
Require 2 or more: CISSP, CISM, CompTia Security +, GSEC, CCSP CSSLP, HCISSP, GSE
Requires 1 or more: GWAPT, GPEN, GCIH, CEH
Requires 1 or more: GCED, GCIA, GCWN, GCFE, GCFA, GMON, GPPA, CCFP, CAP
CANDIDATE DETAILS
10+ to 15 years experience
Seniority Level - Mid-Senior
Management Experience Required - No
Minimum Education - Bachelor's Degree
Willingness to Travel - Occasionally
DESCRIPTION
This position is responsible for leading department-wide focus on the strategy, development, implementation, and maintenance of the application security program across research, development, quality assurance, support, and IT systems. This is a high level, conceptual, as well as hands-on position that requires a great deal of general security experience, as well as application development experience and secure coding knowledge.
Mentor more junior engineers by leading and influencing technical decisions, processes, and best practices with an expert ability to explain technical concepts in written and verbal forms
- Advise in, and participate in, the design of secure products and architectures
- Perform architecture security reviews, security focused code reviews, and security testing
- Create or approve documentation that codifies the application security program: this will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary security checkpoints, product deployment, and code review methodologies
- Evaluate potential security related issues and make recommendations on third party tools and components
- Work closely with engineering and product teams to design and implement security-related systems and functionality, including writing secure code as necessary, and verification of threat models, risk and security posture
- Monitor software usage and perform forensics to verify that the software and infrastructure is performing to the required security standards
- Perform constant monitoring and awareness of key developments in the area of systems, web application, and client application security in order to provide direction of security trends, and anticipate emerging standards and best practices
- Provide leadership, guidance and direction to security resources and be an influencer of development, systems, support, and quality assurance teams
- Participate in public security projects and or volunteer time and knowledge to improve the broader security community, representing the company's mission and goals, as well as promoting cooperation and knowledge sharing
- Communicate to senior management by demonstrating an expert skill in presenting technical concepts
- Attend all meetings necessary for the seamless delivery of the product as part of the Software Development Life Cycle
Seasoned, experienced technical expert level professional possessing and applying comprehensive knowledge of a particular field of specialization to complete work assignments. Assignments are broad in nature and need ingenuity and originality to solve. Require daily decision making capabilities and actions that are not reviewed by supervisor. Operate with substantial latitude for un-reviewed action or decision. Often play a role in high-level projects that have an impact on the company's future direction. Barriers to entry can exist at this level.
Job Complexity:
Work on significant issues where analysis of situations or data requires an evaluation of intangibles. Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results. Create formal networks involving coordination among groups.
Supervision:
Work on significant issues where analysis of situations or data requires an evaluation of intangibles. Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results. Create formal networks involving coordination among groups.
Work Experience:
Work on significant issues where analysis of situations or data requires an evaluation of intangibles. Exercise independent judgment in methods, techniques and evaluation criteria for obtaining results. Create formal networks involving coordination among groups.
Preferred Experience:
Bachelor's Degree or global equivalent in related discipline. Master's degree or global equivalent a plus. Typically holds 2 or more industry certifications.
General Skills & Competencies:
Actively engage using unique wide-range of professional skills with an expert understanding of industry practices and company policies and procedures
- Excellent planning/ organizational skills and techniques
- Excellent analysis and problem solving skills
- Excellent writing, presentation and communication skills
- Excellent conflict resolution skills
- Excellent independent decision making skills
- Excellent Interpersonal skills
- Professional maturity in delivering difficult messages in a professional and empathetic manner
- Excellent negotiating skills
- Act as a resource and/or mentor for colleagues with less experience; may direct the work of other staff members
- Ability to manage a budget
- Project management/ consultative skills
- Expert in multiple technical and business skills
- Ability to cultivate and develop lasting customer relations (either internal or external)
Excellent knowledge of secure application programming, coding life cycles and designs
- Excellent understanding of security principles, best practices architectures, tools and processes
- Advanced knowledge of multiple current operating systems and hosting environments
- Advanced understanding of networking protocols
- Excellent knowledge of software and network architecture and standards
- Excellent knowledge of authentication protocol building blocks and methods
- Advanced ability to understand business drivers and priorities, and integrate these requirements into overall security design
- Excellent ability to conduct threat assessments and assess risk
- Excellent ability to create and maintain risk-based measures and build security processes that work within various development methodologies
- Excellent ability to communicate security objectives orally and in writing to a variety of audiences
- Advanced knowledge of the technological security issues and challenges faced by corporations and governments around the world
- Advanced ability to project and predict outcomes based on security trends and industry requirements
- Excellent knowledge of reverse engineering techniques and tools
- Excellent ability to implement code derived from technical specifications
- Excellent ability to problem solve/diagnose in a technical space
- Advanced knowledge of all programming languages leverage in the products being secured
- Advanced knowledge of data storage formats, tools and languages
- Travel/Physical Demands:
- Travel typically 5% to 20%.
- Office environment. No special physical demands required
Source : The Ashlar Group