Friday, July 19, 2013

Security Jobs: Director, Cyber Security, Application Security, Las Vegas, NV




Director, Cyber Security, Application Security
Las Vegas, NV


SecurityRecruiter.com has been engaged by a CISO whom we know very well to assist in building an information security department that includes cyber security, disaster recovery, business continuity, quality assurance, security awareness and security training.

This newly created position will report to the CISO and will provide a mix of leadership, management and technical expertise to a global Fortune 300 organization. This is an opportunity to assist in building a global cyber security program from the ground up. Relocation is paid and candidates from the US or Canada will be considered. 

The Director, Cyber Security:

  • Is responsible for assessing the vulnerabilities, inherent weaknesses and potential insecurities of the organization’s Cyber presence. The candidate will come from a strong software engineering and development background as well as have a firm understanding of common trends and inherent threats in Cyber space in order to advise on the use of the web to conduct business securely on-line.
  • Will continuously monitor security threats, with a specific focus on web, mobile, and social media sites, for market trends and industry best practices and advise business units and senior management of any potential risk or impact on the organization’s Cyber operations as well as how to mitigate or compensate in order to remain agile in the digital market.
  • Will have the abilities to perform automated and manual penetration and vulnerability assessments, automated and manual code review, threat modeling, Social Media usability reviews and database security assessments. The Director will collaborate with technology and development teams both internally and with authorized 3rd parties that are, or will be, depending on the guidance and support from the IT Security department.
  • Will work closely with the Legal and Privacy organization on Cyber related policies and procedures. This role is to analyze and understand business needs and conduct risk based assessments using both the organization’s security policies and industry best practices to continuously enhance and secure services currently available to lines of business.

 Responsibilities:

Will include, but are not limited to:

  • Perform Threat Modeling, Architecture Risk Analysis and design reviews for complex multi-tier web 2.0 and cloud systems.
  • Perform application vulnerability and risk based security assessments against custom-built environments.
  • Advise on Social Media trends and approaches to using social media sites to securely enhance the organization's market and promotional Cyber presence
  • Validate vulnerability assessment results where appropriate, prioritize the remediation requirements and work with product architects, development teams and marketing groups to mitigate security problems.
  • Work closely with the other members of the IT Security team, and where appropriate, other technology teams to identify and remediate security issues as part of Incident Response.
  • Participate in multiple organizational areas such as security architecture and design, service delivery, training and employee communication.
  • Create and maintain Cyber security usage documentation by consulting with employees, Legal, Privacy, information technology, and business units.
  • Create, maintain and report metrics that measure effectiveness of various security controls, processes and procedures.
  • Communicate Cyber trends, metrics and threat landscape to senior management and business units as required.

Qualifications:

  • Proven Leader
  • Ability to work well in a collaborative, team oriented environment.
  • Minimum of 5 years of Application Security experience including vulnerability and penetration testing on Web 2.0, CMS, CRM and enterprise level cloud-based application development, security assessments, source code analysis and/or application security vulnerability research, analysis and consulting.
  • Bachelor’s degree, preferably in Computer Science or related course of study
  • Must have at least two of the following qualifications: CISSP, SANS-GIAC, CEH
  • Active OWASP membership preferred and expert knowledge of industry standards and regulatory requirements (i.e. PCI, SIG, SOX 404, COBIT, ISO, MICS).
  • Expert level understanding of TCP/IP, SSL, SSO, Tokenization and other Cyber-based technologies.
  • Multiple years of experience focusing on Application Security in web development platforms and content management systems and frameworks (.NET, PHP, JavaScript, AJAX, Drupal, Ruby, Wordpress)
  • Expert knowledge and the ability to read programming code including multiple languages ( .NET, Java and JavaScript, PERL, PHP)
  • Expert level understanding of data encryption methods (hashing, salting, AES).
  • Good knowledge of RSA Archer eGRC Platform service tools.
  • Demonstrated ability to work with automated security analysis tools (i.e., NTO, Qualys, AppScan, Web Inspect, Burp, W3AF, WebSecurify, Fortify).
  • Experience working with software development teams in the improvement and continued maintenance of a secure system development.
  • Expert level knowledge of threat modeling or other risk identification techniques, system security vulnerabilities and remediation techniques.
  • Ability to understand computer and data center technologies within a cloud based environment.
  • Proven training and presentation skills
  • Strong initiative and sound lateral thinking capability
  • Strong analytical skills
  • Adept at learning new technologies
  • Ability to handle simultaneous projects, prioritize tasks and meet deadlines.
  • Strong written and verbal communication skills and the ability to interact well at different levels within the organization.
  • Excellent organizational skills and attention to detail.

Director, Cyber Security
Location: NV-Las Vegas
Compensation: Mid $100s, Bonus, Stock
Relocation: Yes
Education: BA/BS, Masters Preferred

Certification: At least 2 including CISSP, SANS-GIAC, CEH



SecurityRecruiter.com's Security Recruiter Blog