Security Analyst

This is Srikanth from Reliable Software. We have a position with one of our clients. Below are a few details pertaining to the job. Please take a look at it and let me know if you would like to be considered for the opportunity. Please share with me your updated resume.

• Perform security analysis of business solutions and develop security requirements across security domains with the goal of balanced protection of information systems assets, corporate data, and intellectual property based on enterprise security standards and enterprise risk appetite• Conduct threat modeling and technical security assessment of business solution related components and services• Lead the design and implementation of authorization matrix and privileged access management for a given business solution• Develop new security requirements for business use-cases that are not covered by existing security standards based on:o corresponding threat modelo enterprise risk appetiteo NIST CSF frameworko NIST security guidelineso industry best practices and guidelines• Apply, validate, extend existing, and develop new security design patterns based on business and infrastructure use-cases to support standardization and reusability• Collaborate with domain security architects and engineering in development of security design and coordinate integration with enterprise security tools• Document formal project artifacts – business requirements, high-level architecture/design documentation, low-level architecture/design documentation• Provide consulting to the business for vulnerability or penetration test assessment findings• Conduct security readiness assessment of the business solution upon build to ensure all identified security requirements were properly met (e.g. technical, administrative, physical)• Provide general security support and consulting throughout the engagementSecurity Governance Responsibilities• Develop, document, and socialize security patterns to drive simplification, standardization, and operational consistency• Participate in reviews and development of security standards based on security frameworks (e.g. NIST CSF, NIST 800-53, CIS, ISO 27000)• Stay up to speed with latest developments in security frameworks and industry best practices, and maintain up-to-date knowledge of available enterprise solutions and security capabilities
  General Responsibilities:• Provide technical and project leadership for IT security solutionso Full cycle engagement and leadership - analysis, requirements development, solution request-for-proposal (RFP) support, design, documentation, implementation, operationalization, and maintenanceo Definition of control effectiveness metrics and establishment of on-going visibility and reportingo Integration into product-related lifecycle activitieso Development of operational plan for transition of the security solution to run• Evangelize agile culture and DevSecOps shift-left mentality within and outside of information security department• Actively participate in team scrum activities in a hybrid productized and projectized environment• Properly document and manage scrum stories from sprint to sprint, ensuring timely updates• Provide input for development of domain/product-related roadmaps, tactical execution plans with SMART OKRs (objectives and key results), and assist in related activities (e.g. current state documentation, gap analysis, resource estimations)• Focus on self-service, automation opportunities and quality of supporting documentation
  COMPETENCIES

• Required - Bachelor’s degree in Computer Science, Information Technology, Computer Engineering or closely related or equivalent.
• Preferred - Master’s degree in Management Information Systems (MIS), Computer Science, Big Data or Analytics or equivalent.

• Open to travel based up on the nature of the engagement.