Sr. Security Specialist
Marvel Entertainment
New York, NYThis was removed by the employer on 8/30/2017 12:49:00 PM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Sr. Security Specialist jobs in New York-NY
Search all Sr. Security Specialist postings
Full Time Job
• Security architecture design, administration, and support for ongoing IT and Web initiatives
• Provide security protection to company's information technology systems and data
• Security risk assessment and remediation for business processes, enterprise infrastructure and applications
• Conduct periodically risk assessments, vulnerability assessments and threat analyses to be able identifying and managing associated risks
• Develop and facilitate deployment of information security governance documents: policies, frameworks, programs, procedures, and audits
• Define, develop, and implement security models for Intellectual Rights Management, data confidentiality classification
• Proactively monitor security threats and vulnerabilities; event management and logging, identify and prevent potential intrusions using SIEM, DLP, IPS/IDS, other tools; advanced malware/Threat analysis and protection
• Plan and execute security related projects, e.g., deploying new security solutions and best practices, providing guidance to company's engineering and QA teams
• Establish, monitor, evaluate and report key security performance and risk assessment indicators to provide management with accurate evaluation of the enterprise security state and the information security program effectiveness
• Compliance assessment and reviews; alignment of security controls for business processes and applications with applicable regulatory governing documents like SOX, PCI, COPA, Safe Harbor, ISO 27001, OWASP
• Develop and maintain User Security Awareness program,; organize and provide security training to employees, contractors, interns
• Monitor and study relevant media and specialized vendor resources, provide assessment and recommendations to address emerging threats, vulnerabilities
• Site Security Assessment of corporate premises, third parties, cloud services
Basic Qualifications
• One of Major InfoSec Certifications (CISSP, CISM, SANS) is a must
• Information Security Architecture
• Integration with Business, Information, Technology architectures
• Securing business processes, applications, and infrastructure
• Security aspects for N-tiered application architecture and web based applications
• Authentication, authorization, data confidentiality, non-repudiation, integrity, audit logging
• Linux and Windows scripting, command line utilities (like Shell, Visual Basic, Perl, Python, awk)
• Security policies and best practices; developing governance documents, certificate management
• Identity management and role based user access control, end point security
• Password management and SSO implementation
• Network security, TCP/IP, DNS, DMZ, Firewalls, Application Firewalls (Web, XML, Database), best practice design and deployment; hardening hardware/software, secure VPN and FTP, Forward and reverse proxies
• Virtualized, cloud, mobile environments, MDM
• Security specifics in applications development and custom codes - PHP, ASP, Java, C# platforms
• Hardening J2EE, Tomcat, Web servers (IIS, Apache)
• Windows and Linux security models, basic administration and audit
• Databases (Oracle, MS SQL) – audits, data encryption at rest and in transit
• Browser security concepts (e.g. Tokens), risks (e.g. XSS); configuring SSL/TLS, PKI servers
• LDAP (Oracle Sun One preferred), Active Directory, including administration and design of custom LDAP schemas
• Vulnerability assessments and IT auditing
• Incident response and digital forensics experience
• Experience in organizing and leading projects with managed security service providers
• Assess and manage Third parties Security
Required Education
A Bachelor or Master's degree preferred, Computer Engineering or Computer Science; required at least 7 years of progressive information security experience.