Enterprise Security Architect/Specialist
Posted on Jan 23, 2020 by Salt
Enterprise Security Architect (PKI, Risk, OWASP, IDAAS, Cloud IAAS/PAAS, IAM) - Banking - Brussels
Duration: 1-2 year contract
We are working with a client based in Brussels who are looking to expand their Security Consulting teams with Freelance/Day rate contractors.
The client is embarking on a number of exciting greenfield projects and thus are looking to hire 7 consultants. They have great plans to hire x 7 consultants who are technically outstanding with very good communications skills. The Enterprise Security Architects will range in level of experiences
This is a new initiative and thus remote working will NOT be given until a period of after 6months in the project.
My client is a global critical financial infrastructure business. Security is at the core of the company's services, firmly Embedded in their management systems and processes. This Department provides impact analysis, security risk assessment, security requirements, architecture design or design validation for all IT projects in and stands ready to support the projects for any IT security related question.
The Enterprise Security Architect will join the Security Consulting team which is part of the Group Security division.
- Define and advise on the design, implementation and processes necessary to protect information system assets.
- Perform risk assessments and translate the security architecture and high-level policies and controls towards security requirements (secure by design) for business and IT projects.
- Contribute to the architectural design and validate it against the security requirements
- Define security testing requirements and penetration test scope, actively support the testing teams to perform these tests and approve the test reports.
- Define, implement and ensure the proper functioning of security trust services in line with IT security policies.
- Recommend and advise on new or improved security services towards the division management.
- Produce documented security services, technical standards or principles.
- Act as a security subject matter expert within a certain domain (for example Mainframe security, PKI and Cryptography, Network security, platform security, IAM, application security or secure coding), being the point of contact for both business and project teams. Your stakeholders are mainly the business owners/analysts, project leader, risk management, internal/external auditors and off course the engineers, developers and architects.
You have experience in one of more of the following areas:
- Proven experience in security risk assessments, development of functional security requirements, process design and management reporting. Experience in security design and architecture is a strong plus.
- Familiarity with industry best practices in key domains: risk assessment, identity and access management, PKI and secure application development.
- Application security knowledge with a good understanding of software development and OWASP (Open Web Application Security Project) guidelines.
- Knowledge of and experience with security technologies including IDAAS (Identity as a service) and identity management platforms, Secure access management and federation services, PKI and cryptographic solutions, web application Firewalls, automated code review tools, Cloud SAAS solutions.
- Knowledge of and experience with security technologies covering domains Virtualisation, Software Defined Networks, Cloud IAAS/PAAS, Network and DMZ infrastructure, VOIP, Wifi, 802.1x, Anti-malware, System protection, Middleware, Collaboration and end-user workspace solutions, Storage (SAN, NAS), Databases, .
- Preferred professional certifications are CISSP, GIAC, SABSA, ISO 27001 LA/LI. Specific Product certifications in the IAM (Identity & Access Management) or PKI domain are considered an asset.
- University degree in Computer Science, Engineering or similar degree.
- IT-security professional with solid experience in the infrastructure security domain or in the IT application security domain.
- Experience from +3 years' in cyber security in one domain to years' cyber security experience covering multiple domains & exposure working in multiple companies/cross industries.
- Good working knowledge of documentation and presentation applications including PowerPoint, Visio, Excel, and Word
- Experience translating business requirements into technical solutions
- Fluent in English
Please do send across me to the most up to date copy to (see below)