DescriptionThe Lead, CyberSecurity Policy and Standards evaluates, tests, recommends, develops, coordinates, monitors and maintains information systems (IT) and cyber security policies, procedures and systems, including access management for hardware, firmware and software. The Lead, CyberSecurity Policy and Standards works on problems of diverse scope and complexity ranging from moderate to substantial.
The Lead, CyberSecurity Policy and Standards ensures that IT and cyber security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IT standards and overall IT and cyber security. Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents and improve security. Develops techniques and procedures for conducting IT and cyber security risk assessments and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the investigation and resolution of security incidents. Implements IT and cyber security policies and takes measures against intrusion, frauds, attacks or leaks. Advises executives to develop functional strategies (often segment specific) on matters of significance. Exercises independent judgment and decision making on complex issues regarding job duties and related tasks, and works under minimal supervision, Uses independent judgment requiring analysis of variable factors and determining the best course of action.
Mentor individuals and teams, working with resource managers on potential coaching situations.
Advance the adoption of new techniques, tools, and processes to streamline delivery capabilities.
Audit and provide feedback to team members regarding standards adherence, design principles, and expected patterns of work.
Ensure reviews and testing procedures associated with security reviews are properly documented
Establish best practices for secure code development and testing
Assist in development of an education curriculum to be utilized by the Solution Engineering teams for secure coding practices
Conduct application assessments to find and exploit vulnerabilities in applications
Bachelor’s Degree in Information Technology, Computer Science or a related field
Six+ years of experience designing, developing, and testing of software applications and/or infrastructure
Experience with unit testing and mocking
Experience in threat modeling
Experience in developing secure code and application security standards
Experience conducting application security testing and source-code reviews
Experience with risk-based testing
Applied knowledge of health solutions processing
Experience with the technologies in use in the application(s) or infrastructure
Master’s Degree in Computer Science, Information Technology or a related field
Experience performing web vulnerability assessments, application penetration testing and using penetration testing methodologies including the use of forensic tools/methods
Experience creating source code per OWASP or other secure coding guidelines
Experience exploiting OWASP vulnerabilities and executing arbitrary code to test processes
Experience with cryptographic techniques such as cryptographic algorithms, key management and rotation processes, and secure key storage
Experience with developing enterprise-wide secure code testing strategy
Certifications CISSP (Certified Information System Security Professional); ethical hacker; ISTQB (foundation, agile, test manager, test analyst, tech test analyst, etc.)
Experience with SAST and DAST technologies including IBM AppScan, CheckMarx, Secure Assist, NowSecure, Burp Suite
Scheduled Weekly Hours40