Title: Security Engineer - Technology Consultant
Position Type: 8 Months Contract
Location: Detroit, MI, US
Security Engineer will report to the Security Engineering / Application Security Assessment Manager and will be responsible for reviewing IT application software and infrastructure design and implementation plans for assurance of operation in accordance with applicable security standards and practices. Primary responsibilities include information security risk assessment, coordination of application security assessment along with review and communication of results and remediation plans, and security review of application changes and data exchange requests.
Serve as primary information security interface to the assigned projects to collaborate with business representatives, systems development, and business users for establishing business requirements, information security functional requirements, security solution options and implementation plans.
Maintain understanding of the enterprise IT architecture including application, database, and network/infrastructure components, data flows, and system and user access.
Identify security requirements for applications, services and supporting infrastructure and effectively communicate requirements to application development teams and project teams.
Review static and dynamic application security assessment reports and consult with developers who remediate vulnerabilities.
Identify and explain the risks associated with common application and IT infrastructure vulnerabilities to application and project teams, and recommend mitigation options.
Identify threats and risks to the confidentiality, integrity and availability of all data residing on information systems platforms.
Recommend appropriate security solutions and review remediation activities for completeness.
Assure compliance to security policies, standards, and procedures, including HIPAA, HITRUST, and CMS compliance.
Top 3 skills/Experience:
Expert ability to communicate clearly and simply across broad audiences in both business and technical terms. Experience with review of security controls across a broad spectrum of information system technologies including applications, databases, network components, servers, voice, user endpoints, mobile, corporate IT infrastructure, and cloud-based technologies.
Experience determining and validating technical security requirements using software development and system lifecycle methodologies.
Advanced written and verbal communications skills
Ability to prepare clear, concise, and persuasive communications for multiple audiences, including demonstrating effective writing and presentation skills, listening actively, and projecting a credible image
Minimum 5 years experience in information security related IT functions
Experience in performing Information security risk assessments and in reviewing information system technical controls for adherence to CMS, HIPAA-HITECH, HITRUST, and other security requirements
Familiar with software development concepts and methodologies
Knowledgeable in SOA, cloud computing, and Mobile Technologies
Experience with a variety of information security processes and technologies including:
Security in operating systems, network protocols, web services and databases
Secure IP network topologies and components
Risk assessment and management
Identity management and authentication
Application security and systems development life cycle
Data and systems integrity controls
Application of encryption technologies
Business requirements development and technical architecture development
Change control and release management
Network and application security assessment and ethical hacking
System planning and integration
Ability to adjust to changing priorities while multitasking effectively
Ability to design, evaluate and document processes and lead teams in accomplishing process review and improvement
Ability to interact with technical managers and development teams to articulate requirements and processes while collaborating on design options, implementation, testing and user acceptance
Experience in project management, change management and release management
Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content
Knowledge of database applications, spreadsheet design, and report writing software
Experience with all levels of information technologies from components to complete solutions including with applications, servers, network, databases, cloud, mobile, and other technologies
Knowledge of application security technical controls and common vulnerabilities
Experience reviewing technical controls and solutions and performing security risk assessments involving application components, infrastructure components, and complete designs
Familiar with details of HITRUST and NIST
Skillful and persuasive communications abilities for multiple audiences, including demonstrating effective writing and presentation skills, listening actively, and projecting a credible image
Experience in articulating recommended remediation approaches for resolution of security vulnerabilities in information systems
Experience in interfacing with multiple information technology application and infrastructure development and support areas within an enterprise
Competent in applying secure software development methods within systems development lifecycle efforts
Competent in working within information technology service management frameworks such as ITIL
CISSP, GIAC, ISACA, or related information security certifications are preferred
Bachelors degree in Computer Science, Information Systems, Engineering or related major