I/T Security Analyst II-08000HWZ
terça-feira, novembro 04, 2008 at 11:07 da manhã.
OFERTA DISPONÍVEL em WWW.DELL.COM
Descrição
Descrição
This is a great opportunity for an application security practitioner or software developer (perhaps with some security experience) to join a successful, large, and international team of security experts at a fast-paced Fortune 25 company.
Security Consultants provide guidance to the entire company in every segment influencing IT, Legal, Finance, HR, Vendor Management, Procurement, Product Group, Dell Financial Services, Dell Services, Dell Managed Services, and through acquisitions. You will have the ability to enable the business to operate using integrated, global secure solutions. This is an internal role, to date, with the only exception that we support customer and executive briefings.
In this role, a Security Consultant provides guidance to over 5000 developers worldwide, protects the security and privacy of over 90,000 employees, protects millions of customer accounts, defend one of the largest online retail sites on the Internet, defend the new Dell brick and mortar retail presence, secure Dell Financial Services (DFS), ensure Product security, and assist in securing Dell Services/Dell Managed Services.
The preferred candidate would be an application security practitioner, then a software developer with security experience, then a software developer, and then a general security expert.
Responsibilities include:
· Participating in the Security Architecture Working Group defining secure architectures and roadmaps for the entire organization
· Managing risk and prioritizing activity for the information security team
· Providing security guidance for traditional network and platform-based Infrastructure security technology
· Fortifying application development activity by embedding security into the Dell Software Development Lifecycle (SDLC) through the Dell Security Development Lifecycle for IT (SDL-IT), the Security Development Lifecycle for Product Group (SDL-PG), and the Security Development Lifecycle for Services (SDL-PG) programs
· Related activities include: security reviews through security assessments, secure design/deployment reviews, Threat Modeling, conducting Facilitated Risk Assessment Process (FRAP) reviews, security source code analysis, penetration testing support, developer education and driving adherence to security controls within System Development Lifecycle (SDLC) programs.
· This role will support very large, fast-paced IT development teams, Product Development Groups, rapidly expanding managed services business, and a high-volume financial services organization.
· PCI/Regulatory Compliance Consulting
· Mergers & Acquisitions (M&A) pre- and post-acquisition integration Security Consulting which includes product security, security products, and infrastructure integration
· Contracts Security Review integrating security into the Vendor Management, SoW, and RFP/RFI processes
· Information Security Communications delivering Security, Risk, Privacy, and Compliance awareness, training, and education programs
· Participate in the Global Security Exception Review Board (GSERB) enabling the business to operate while maintaining a balance of security and business delivery
· Product Group (PG) Assurance securing Dell products
· Participate and lead Security Users Groups (SUG) and act as a security liaison with virtual security leads from every region and business unit
· Maintain and enhance existing policies, standards, procedures, and best practices and develop new security practices/processes as necessary
Qualificações
- Application security practitioner
Development experience -- VisualStudio, .Net, C#, Java, etc.
Development Security experience -- Fuzzing, reusable libraries, Microsoft anti-xss library, iosec, peer code reviews
Security experience -- firewalls, intrusion detection systems, intrusion prevention systems, and penetration testing with tools like Nessus, metasploit, eEye retina, ISS scanner, Qualys, SPI Dynamics WebInspect, and WatchFire)
Source code analysis -- Fortify, OunceLabs, Coverity, Veracode, disassembly, fuzzing, code manipulation, etc.
- Software developer with security experience
Development experience -- VisualStudio, .Net, C#, Java, etc.
Development Security experience -- Fuzzing, reusable libraries, Microsoft anti-xss library, iosec, peer code reviews
- Software developer, and
Development experience -- VisualStudio, .Net, C#, Java, etc.
- General security expert.
Security experience -- firewalls, intrusion detection systems, intrusion prevention systems, and penetration testing with tools like Nessus, metasploit, eEye retina, ISS scanner, Qualys, SPI Dynamics WebInspect, and WatchFire)
· Demonstrated thorough knowledge and experience of information security, risk, compliance, and privacy
· Strong technical leadership skills
· Adapts readily to change and ambiguity
· Strong interpersonal skills
· Self-motivated, results oriented
· Strong problem solving and analytical skills
· Strong Project Management and Time management skills
· Exhibit a professional and positive attitude
· Strong written and oral communication skills with experience in creating and reviewing technical documentation (english)
· Strong multi-tasking ability
Emprego
Tecnologia de Informação -Análise de Segurança
Local principal
América Latina-BR-Rio Grande do Sul - pt-BR-Porto Alegre - pt-BR
Horário
Período integral
Turno
Horário diurno
« Página inicial | Próximo »