[Owasp-portland] Open Positions

Thomas, Robert RThomas3 at go2uti.com
Wed Jun 6 17:48:43 UTC 2012


Good Morning,

I have the following positions open at UTi, a Global Freight Forwarding Company in downtown Portland Oregon.

# # # # # #

The ideal candidate will most likely be a JAVA Middleware professional with software development experience

# # # # # #

Position Description: Senior Security Engineer

Position Summary:
The successful candidate in this position will function at the experience level of a Senior Security Engineer in a matrixed work environment.

With limited supervision, maintains systems and electronic security perimeter(s) in a high state of readiness per service level agreements.

Performs system security analysis, diagnostics, patching, monitoring, design and analysis for various essential business support information technology systems within remote branch office(s) or global data center(s).  This position is expected to task organize and allocate resources to ensure timely completion of assigned tasks and high priority or triage situations.

Responsibilities:
*       Understand and be able to effectively apply Corporate information security guidance in both the legacy and new application environments, electronic security perimeters.
*       Proactively protect the integrity, confidentiality, and availability of information technology resources and data.
*       Evaluate commercial, off the shelf products to meet the requirements for technical controls
o       Document comparative analysis of products and brief the decision
o       Provide an analysis of long term support requirements
*       Participate in, periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applications
*       As necessary, recommend, document and/or develop technical controls to augment procedural controls
*       Identify, document and evaluate complex business and technology risks, internal controls which mitigate risks, and recommend opportunities for internal control improvement
*       Analyze security posture of computer systems for STIG and other Information Assurance (IA) security compliance requirements.
*       Work with Software Engineering teams to ensure secure architecture(s) and development practices meet established guidelines.
o       Document and follow up on findings.
*       Work with Network Engineering teams to ensure secure network architecture(s), meet established guidelines.
o       Document and follow up on findings.
*       Work with QA teams to ensure that compliance targets are properly tested for security features and functions.
o       Coordinate and document audit artifact generation, security and reporting.
*       Stay informed about the latest developments in the information security field, including new products and services.
*       Build and nurture positive working relationships with co-workers up and down the org chart

Required Skills and Experience:
*       Four to six years of experience directly related to information security in medium to large international enterprise environments. This experience should include active participation in security programs and processes that have contributed to the development and administration of an effective, organization wide IT security architecture.
*       Knowledge of applicable laws and practices relating to information privacy and security, such as ISO 17799 / 27001, COBIT, NIST, ENISA, OASIS, OWASP, etc.
*       Experience with HP Systinet or Software AG CentraSite, or other SOA Governance Framework tools
*       Experience with Oracle Virtual Directory and/or Oracle Identity Manager
*       Demonstrate experience and best practices knowledge with Operating System Security Baseline methodologies:  Linux, Unix, AS400, Microsoft.
*       Demonstrate experience with Microsoft AD and LDAP (non-Microsoft) integration.
*       Demonstrate experience with Web Services Security concepts.
*       Better than average understanding of Digital Certificate implementations
*       Demonstrate the ability to apply analytical and problem-solving skills to information security and privacy issues.
*       Demonstrate experience with the secure configuration of host systems (STIG Methodology Framework).
*       Must have at least one current security certification such as CISSP, CISA, MCSE-Security, Security+

 # # # # # # # # # #

Position Description: Data Security Analyst - B

Position Summary:
The successful candidate in this position will function at the experience level of a Senior Information Security Governance Specialist in a matrixed, multi-cultural, working environment.  This position will interact, daily with "C" level business leaders, various senior team leaders and individual contributors.  The successful candidate will be capable of building consensus and approaching information security challenges from a business first perspective, as well as rolling up their sleeves to get the job done.

With limited supervision, provides active leadership and senior level expertise for matters related to authentication, authorization, governance and integration on a project and global corporate basis.

This position is expected to task organize and allocate resources to ensure timely completion of assigned tasks in high priority or triage situations.

Responsibilities:
*       Lead efforts focused on implementation of a successful authorization framework in an SOA coded application environment
*       Provide oversight and coordination with Internal Audit for Oracle Financials implementation, integration and security related matters.
*       Work with vendor partners to ensure full documentation of various technical controls within their application environments
*       Play a key role in corporate security planning efforts
*       Understand and be able to effectively apply corporate information security guidance in both the legacy and new application environments, electronic security perimeters.
*       Proactively protect the integrity, confidentiality, and availability of information technology resources and data.
*       Evaluate commercial, off the shelf products to meet the requirements for technical controls
o       Document comparative analysis of products and brief the decision
o       Provide an analysis of long term support requirements
*       As necessary, recommend, document and/or develop technical controls to augment procedural controls
*       Identify, document and evaluate complex business and technology risks, internal controls which mitigate risks, and recommend opportunities for internal control improvement
*       Work with Software Engineering teams to ensure secure architecture(s) and development practices meet established guidelines.
o       Document and follow up on findings.
*       Work with Network Engineering teams to ensure secure network architecture(s), meet established guidelines.
o       Document and follow up on findings.
*       Work with QA teams to ensure that compliance targets are properly tested for security features and functions.
*       Stay informed about the latest developments in the information security field, including new products and services.
*       Build and nurture positive working relationships with co-workers up and down the org chart

Required Skills and Experience:
*       Five to six years of experience directly related to information security in medium to large international enterprise environments. This experience should include active participation in security programs and processes that have contributed to the development and administration of an effective, organization wide IT security architecture.
*       Knowledge of applicable laws and practices relating to information privacy and security, such as ISO 17799 / 27001, COBIT, NIST, ENISA, OASIS, OWASP, etc.
*       Experience with HP Systinet or Software AG CentraSite, or other SOA Governance Framework tools
*       Demonstrate experience with Microsoft AD and LDAP (non-Microsoft) integration.
*       Demonstrate experience with Web Services Security concepts.
*       Better than average understanding of Digital Certificate implementations
*       Demonstrate the ability to apply analytical and problem-solving skills to information security and privacy issues.
*       In depth understanding of OWASP web security body of work.
*       In depth understanding of OASIS and other "WS - *" security standards
*       Experience with SAML in 3rd party SaaS provider and EDI connectivity environments.
*       Must have at least one current security certification such as CISSP, CISA, CISM



________________________________________
Robert M Thomas - Security Architect - UTi Worldwide
"...the security guy..." 10th Floor, over by Gumby

UTi<http://www.go2uti.com/> Worldwide Inc. | 400 SW Sixth Ave, Suite 1100 | Portland | OR | 97204 | USA
rthomas3 at go2uti.com | T + 1 503 688-6224 |   F + 1 503 546-1646 |

"This document may contain UTi Intellectual Property and/or Trade Secrets and is protected under the Economic Espionage Act of 1996, Pub. L. No. 104-294, 110 Stat. 3488 (Oct. 11, 1996), codified in 18 U.S.C. 1831 (passed as part of the National Information Infrastructure Protection Act of 1996)."




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-portland/attachments/20120606/3ad7e7a6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 1.jpg
Type: image/jpeg
Size: 631 bytes
Desc: Picture (Device Independent Bitmap) 1.jpg
URL: <http://lists.owasp.org/pipermail/owasp-portland/attachments/20120606/3ad7e7a6/attachment-0001.jpg>


More information about the Owasp-portland mailing list