Security Architec岗位描述示例

Security Architect

68 天前发布

免费注册领英，查看“Security Architect (Morgan Stanley)”的完整职位信息。

职位简介

职务描述

This highly leveraged and visible full-time officer position within Morgan Stanley's IT Security organization has excellent growth potential. The security architecture team works with IT groups on a global basis to ensure that IT projects are executed on a secure basis. The successful candidate will join a team of security generalists in IT Security with different areas of expertise. This team reviews a wide range of projects for security and interfaces with core security infrastructure and platform teams on major projects.

Specific Responsibilities include:

Work with network, platform, engineering and development teams in architecture design and review session

Provide specific security expertise to engineering teams. Areas include secure network design, database access, security testing, authentication methods, implementing encryption, entitlement design, logging, input validation, secure storage design, secure data transfer

Identify areas of risk on projects where security requirements cannot be fully addressed in the required time frame of the project

Document and present those risks to senior business, IT and Security team members

Help identify areas of security the firm might want to invest in improve IT security

Create documentation and guidance on the secure implementation of new technologies in the firm. This involves liaising with other technology subject matter experts to build consensus, outlining areas of improvement in written form and explaining concerns early on

Conduct security training for IT groups

Qualifications

SKILLS REQUIRED:

SOFT SKILLS:

-Strong interpersonal skills are critical, since the candidate will working with developers and executives around the world, and must be able to effect change and influence decisions.

-Ability to multi-task and handle multiple projects.

-Strong organizational skills.

-Strong oral and written communication skills.

-Ability to build consensus across multiple silos.

TECHNlCAL SKILLS:

Architecture/Implementation:

-The ideal candidate will have experience in architecting and implementing enterprise projects that touch all components of the IT stack to fully appreciate level of effort and appropriate roles in IT.

Languages:

-The ideal candidate will have experience with several practical languages such as Java, Perl, C/C , C#, Python.

Security Experience:

-Knowledge of the common application and infrastructure level vulnerabilities - ability to explain these risks to developers.

-Knowledge of the common mobile security vulnerabilities and security products available on the market.

-Ability to evaluate technical and functional specifications early within the software development process, identify possible threats or areas of weakness.

-Experience in taking part and contributing to design sessions.

Platform:

-Although this role is not systems administration position, the candidate must have deep knowledge of at least one primary operating system (Unix or Windows), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.

Mobile:

-The candidate will be expected to understand thoroughly the basic architecture of mobile applications, how the Apple iOS works and the common threats that effect any mobile device.

Network Security:

-The candidate will be expected to understand the standard network model and the risks present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, VPN, and load-balancers, and to understand network architecture.

-The candidate should have expertise with security-related topics such as authentication, entitlements, identity management, data protection, data leakage prevention, validation checking, encryption, hashing, principle of least privilege, software attack methodologies, secure data transfer, secure data storage etc. Genuine expertise is required here, as the candidate will be extensively tested on security principles.

-In-depth knowledge of network technologies such as SFTP, firewall, DMZ design, IPSec, VPN, Wireless, network topologies and protocols.

-Knowledge of Single Sign On technologies such as SAML, Kerberos, and Siteminder.

-In-depth knowledge of entitlements and access control as well as the various protocols for tracking records such as LDAP

-Some experience in testing tools, at least one of Fortify, OunceLabs, AppScan, WebInspect, Burp.

-The successful candidate will be able to explain the how’s and why’s of the tools, as well as being experienced in using them.

SKILLS DESIRED:

-Technology background in the financial sector

Frameworks, protocols and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries, JMS, RMI, JMX, Hibernate, Applet.

-Ability to review code of enterprise applications (Java required, prefer candidates with C/C and .NET) and identify possible security vulnerabilities.

-N-Tier application design and implementation, particularly web-based applications that cross company boundaries.

-Knowledge of JSP /Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex / Silverlight.

-Knowledge of mobile computing

-Database design and programming experience

-Experience presenting complex security problems to senior management

-Experience of liaising with external penetration testing vendors

-Experience in conducting penetration tests, dynamic vulnerability assessments and static vulnerability assessments

-Experience in delivering a developer training for software security

-CISSP or other industry qualification

公司介绍

About Morgan Stanley

Since its founding in 1935, Morgan Stanley and its people have helped redefine the meaning of financial services. The firm has continually broken new ground in advising both institutional and individual clients on strategic transactions in pioneering the global expansion of finance and capital markets, and in providing new opportunities for investors all over the world. With 1,200 offices in 43 countries, Morgan Stanley has more than 60,000 employees.