Job Title: Full Stack Security Engineer
Location: Onsite in Johnston, RI or Providence, RI would be preferable but open to remote employment within the United States for an experienced candidate.
Duration: 6 months
Our client in the financial services industry is seeking a contract Full Stack Security Engineer to join their team.
The Full Stack Security Engineer is a key resource within the Corporate Security and Resilience (CS&R) Security Engineering and Architecture (SEA) team. In this role, you are the subject matter expert (SME) who, through independent project engagements and collaboration with internal and external partners, will secure next generation digital banking solutions. This includes, but is not limited to, critical technologies and capabilities like consumer banking platforms, commercial banking platforms, middleware platforms, CI/CD platforms, API driven orchestration and business-centric platforms.
- Responsible for security engineering activities and helping ensure that security is “built into” the organization’s core digital banking applications and platforms throughout the application and capability lifecycle.
- Supports critical security activities between CS&R and technology delivery teams and will participate in agile/DevOps project work streams as a security SME representing and engineering digital banking security solutions.
- Analyze, design, propose and help deliver modernized technology solutions that are appropriate for next generation banking applications.
- This Digital Security Engineer maintains current knowledge of modernized computing paradigms, automation/orchestration frameworks, virtualization platforms, security threats and recommends security enhancements and purchases that allow the bank to deliver the most secure and robust digital banking applications deployed within the organization and within the cloud.
- Gaining a comprehensive understanding of the company’s digital banking technology and information systems and capabilities.
- Participation in Agile meetings and timely delivery of project-related artifacts.
- Working on significant and unique issues where analysis of situations or data requires an evaluation of intangibles. Candidate should exercise independent judgment in methods, techniques and evaluation criteria for obtaining results.
- Deployment and configuration of complex applications throughout the project and secure software development lifecycle. Project delivery work may include delivery of AWS solutions, CI/CD tool sets, automation/orchestration platforms, micro-services, cryptographic safeguards, J2E platform software, and deployment of software artifacts, web server setup and configuration, coordination of network and database connectivity.
- Integration of internally developed components (API's, web services, broker services, MQ and Data Power artifacts).
- Remediation of vulnerabilities, close coordination with project testing teams for performance analysis, creation of documentation, and knowledge transfer to support staff.
- Providing guidance and recommendations related to digital security engineering efforts and lead proof of concept (POC) projects.
- Leading in the development and providing guidance during security architecture design activities of new and existing applications.
- Researching and evaluating proposed digital security and business solutions for adherence to documented company standards, policies and regulatory responsibilities.
- Acting as a security SME with regards to strengths and weaknesses of security capabilities and being able to recommend improvements to both software and hardware.
- Assessing emerging digital banking security technologies against security architecture standards to determine where they fill gaps, overlap with existing solutions or extend capabilities.
Required Skills & Experience
- 5 or more years in system security engineering, controls or information management experience and/or Security Engineer/Architect/Consultant
- 8 or more years of systems/platform engineering experience
- Experience with building and maintaining effective relationships with stakeholders, clients, peers, supervisors, subordinates and other internal company staff
- End to end understanding of the secure software development lifecycle (SSDLC) and DevOps/DevSecOps process integration.
- Demonstrated ability to think strategically about business, product and technical challenges.
- Demonstrated experience with cloud-based solutions. This should include administration, architecture, and security of web services. Candidate should have an understanding of APIs, methods of automated deployment, and API management in a corporate setting.
- Experience with Open Source Application stacks like Nginx and NodeJS
- Knowledge of Integration Brokers like Zuul and Rabbit MQ is a strong plus, as is understanding of JIRA, Nexus, Subversion, Rapid Deploy and shell scripting.
- Familiarity with security industry and regulatory standards (ISO 17799, ISO 27001/2, ISO 31000, NIST 800 series, PCI, SOX, GLBA. etc.)
- Experienced with industry standard technologies and database management platforms.
- Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
- Demonstrated ability leading programs
- Influencing experience at senior levels within an organization
- Excellent verbal and written communication skills
- Industry experiences in financial services, high-tech, and /or healthcare preferred
Education and Certifications
- Bachelor's degree ( Degree in Computer Science or Computer Engineering preferred)
- CISSP or other relevant industry certifications (TOGAF, ITIL).
- Knowledge of ISO and NIST security standards preferred
Hours & Work Schedule
Hours per Week: 40
Work Schedule: Monday-Friday 8am-5pm
Heitmeyer Consulting is an equal opportunity employer and we encourage all qualified candidates to apply. Qualified applicants will be considered without regard to minority status, gender, disability, veteran status or any other characteristic protected by law.