IT Security Architect
- Job Title
- IT Security Architect
- Job ID
- Portland, OR 97204
- Other Location
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 150+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies, to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project based work
Works with application delivery team to ensure security best practices are incorporated into both model of delivery (process/tools) and developed assets Proactively identifies potential security impacts to existing/planned applications and supporting platforms (middleware, database, network assets) and implements remediation.
Works with extended security/application stakeholders to influence, coordinate and support the following activities:
Planning and implementation of corporate security initiatives Enhance existing tools/process/patterns for improved security posture on ASG applications Support the prioritization and discovery of new applications Review and security impact assessment from new tools/libraries Supports triage and resolution for security incidents Ongoing application risk evaluations for existing/pending applications
Creation and support of design documentation around physical/logical security for applications Support for vendor security reviews, including coordination with vendor on documentation/discovery, and remediation Implementation of relevant monitoring/support patterns and tools to implement ongoing evaluation of application security posture Works with testing stakeholders (functional, performance, integration) to ensure test cases and strategy that support vulnerability testing Works with delivery team to ensure periodic, proactive validation of software/capability releases to ensure security readiness Coordination with product requirements leads to ensure planned capabilities account for functional/non-functional security needs
- Familiar with application development processes, tools and conventions.
- Prior experience in software development preferred Can work with complex, modern distributed application and system architectures
- Ability to understand mid-level application/infrastructure diagrams and associated business process flows and descriptions
- Working knowledge of HIPAA, PCI and common security frameworks and standards (ex: OWASP) Understands hosting and development facility security concerns and requirements, and is able to review those from paper based questionnaires and surveys.
- High level understanding of basic network and network security fundamentals.
- Proficient in security analysis and common industry controls and mitigation tactics.
- Health Insurance or Health Care Industry experience desired Ability to grasp and understand complicated relationships Proven Communication skills, with the ability to write and verbally communicate effectively
- 3 to 5 years active and proven Information Protection Security experience in various capacities covering software development
- 5 to 8 years active/proven Information Protection Security with leadership experience in various capacities Hand-on experience with multiple technologies including operating systems, network, databases, identity management tools, web security practices, etc.
- 5+ years of Information security audit experience
- Working experience with industry best practices related to Information Protection Risk Assessments for outsourced business processes Experience with various compliance standards (ex: HIPAA, GLBA, Sarbanes-Oxley (SOX), ISO Security Standards, )
- Experience with Black/White-hat vulnerability assessments on modern web/mobile applications
- BS degree or equivalent experience CISSP, CISA, CISM, CRISC or similar certifications