Working closely with other members of the Security Services and Technology Infrastructure teams, lead network and systems security initiatives, projects, and operations. Responsibilities include the development and implementation of security infrastructure, creation of security reviews, requirements, and testing of network/systems supporting the confidentiality, integrity and availability of enterprise applications.
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily
- Participate in creation of infrastructure and application security policies and standards
- Participate in whitebox and blackbox application vulnerability assessments
- Assist in the remediation of security assurance vulnerability findings
- Advise and consult with internal clients on strategic security architecture direction
- Participate in research of new information security technologies in areas of application and application infrastructure components and propose ideas for new security service development
- Perform security reviews and risk assessments for new products and services provided by third parties
- Participate in periodic information systems assessments including those associated with the development of new or significantly enhanced business applications or infrastructure
- Assist InfoSec engineering and operations in development of detailed technical design, technology infrastructure implementation and deployment, migration from existing services, operational process and procedure documentation and internal operations staff training
- Provide 3rd level (technical architecture design and vendor management issues) support for a number of production security technologies
- Perform other duties as assigned
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
- Highly motivated individual that assumes ownership of their projects
- Must have a deeply inquisitive nature
- Ability to act as a liaison between security and the Technology Infrastructure teams.
- Strong desire and capacity to learn and support new financial applications
- Exceptional verbal communication skills that include the ability to articulate ideas clearly and concisely
- Excellent listening skills
- Ability to facilitate meetings and conversations
- Ability to write clear and concise documentation including technical specifications as well as business oriented approaches and process descriptions
- Highly collaborative – comfortable sharing ideas and asking questions with all levels of staff
- Ability to work both independently or on a team with tight timelines and minimal supervision
- Securities or financial industry experience preferred.
- Deep understanding of network and data communications technologies
- Proficiency with OS, platform, and network setup and configuration, particularly related to secure best practices of network segmentation and system hardening
- Knowledge of network vulnerabilities identification methods and vulnerability remediation
- Experience in risk and threat modeling.
- Understanding of security architecture design and principles including confidentiality, integrity and availability.
- Some understanding of security concepts and practices, including those for authentication, authorization, access control and auditing.
- Familiarity with application authentication and authorization systems (i.e., CA SiteMinder, RSA SecurID/ACE, NS Active Directory and LDAP)
- General knowledge of cryptography (symmetric and asymmetric encryption, digital signatures, message digests, certificates, PKI, SSL/TLS, etc.)
- Some understanding of application security concepts and best practices (e.g. OWASP).
- Experience with security of “cloud” systems (SaaS, PaaS, IaaS, DaaS, etc) a plus
Education and/or Experience:
- Bachelors degree in Computer Science, Management Information Systems, or related field or the equivalent combination of education and/or relevant experience
- At least 3 years of security infrastructure experience.
- Experience with SDLC and working with business users, database analysts, system architects, etc., to identify and prioritize requirements.
- Exposure to security architecture design through application development or knowledge of security concepts/best practices.
- Previous work in development, architecture or quality assurance testing may be applicable to the position requirements.
Certificates or Licenses:
- Professional network and/or security certifications a plus (i.e., GIAC, CISSP, CISA, CISM, CRISC)
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.
You will receive an email notification to confirm that we've received your application.
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.
OCC is an Equal Opportunity Employer
OCC is the world's largest equity derivatives clearing organization and the foundation for secure markets. Founded in 1973, OCC operates under the jurisdiction of both the U.S. Securities and Exchange Commission (SEC) and the U.S. Commodity Futures Trading Commission (CFTC). OCC now provides [...]