Lead Security Engineer - Web Security

'Want to know what it's like to work in IT at The Home Depot?'
https://vimeo.com/70037824


POSITION PURPOSE -
Job Overview: Performs the necessary leadership, facilitation, analysis and design tasks related to the development of an enterprise Web security engineering.
Scope of Activities:

• Understand, advocate and augment the principles of business and IT - and more specifically Web security engineering.
• Design and lead the Web security domain by aligning business requirements and IT strategies, detecting critical deficiencies, and recommending solutions for continuous improvement.
• Document, recommend and review Web security projects (for example, business requirements, architectural design and build/operate artifacts).
• Oversee and facilitate the evaluation, selection and design of Web security technology complying with standards.
• Work with information security leadership and cross-functional teams to develop strategies and plans to enforce security requirements and address identified risks.
• Involved in planning the delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
• Provides second- and third-level support and analysis during and after security incidents.
• Research and assess new threats and security alerts and recommend remedial actions.

MAJOR TASKS, RESPONSIBILITIES AND KEY ACCOUNTABILITIES -
Lead investigation of high level complex violations of Information Security Policies and direct activity to analyze forensic data from Sr. Analysts. Develop recommendations and take appropriate action.

Present to Information Technology management development/implementation plan for secure solutions.

Present findings to manager on compliance reporting for Information Securities Policies.

Drive the Disaster Recovery and Business Continuity strategy.

Provide technical direction to analysts, associates and contractors.

Develop Information Security Policies, Standards and Guidelines.

Automate access provisioning across supported systems and applications with documentation. Direct, define and provide audit reporting.

NATURE AND SCOPE -
Typically reports to Manager, Information Technology

No associates report to this role on a permanent basis, but requires the leadership of a work group: assign and review work, train and contribute to performance appraisal (but not hiring, firing or disciplinary action).

ENVIRONMENTAL JOB REQUIREMENTS -
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.

Typically requires overnight travel less than 10% of the time.MINIMUM QUALIFICATIONS -
Must be eighteen years of age or older.
Must pass the Drug Test.
Must successfully complete any required training or orientation courses.

EDUCATION REQUIRED -
The knowledge, skills and abilities typically acquired through the completion of a high school diplomas and/or GED.

YEARS OF RELEVANT WORK EXPERIENCE - 5

PHYSICAL JOB REQUIREMENTS -
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.

ADDITIONAL QUALIFICATIONS -
Direct hands-on experience with one or more of the following InfoSec solutions: Anti-Virus, intrusion detection, firewalls, content filtering, rick assessment.

PREFERRED QUALIFICATIONS -

• Bachelor's degree in computer science, systems analysis or a related study, or equivalent experience.
• Knowledge of enterprise solutions Open Source and cloud architectures, e.g. Cloud (AWS/Azure), SSO and Federated Identity Management
• Minimum 5 years experience related to Web security, including architecture, design, monitoring, management tools, and operations:
• Securing Java applications (i, Jboss, Jetty) and encryption
  • DNS, Perimeter Firewalls, IDS/IPS and Proxy servers
• Web Application Firewalls and Content Delivery networks, particularly Akamai
• Proficient in securing containerized application technology, such as Docker
• Knowledge on securing private IaaS and PaaS platforms, VMWare, Openstack, Cloudfoundry, etc…
• Expert Level in multiple scripting languages (Shell scripting, Perl, Python, PHP). Should be able to connect database, message based middleware, relational databases and manipulate basic data-structures with regular expressions, basic modularity and error handling
• Expert Level in programming languages such as .Net, Visual Basic, HTML, XML, Java, and/or ASP.
• Extensive knowledge on best practice for securing web applications (hardening client-side scripting and server-side application code)
• Exceptional interpersonal skills in areas such as teamwork, facilitation and negotiation.
• Designing large scale web infrastructures resilient to DDOS and penetration attacks
• Strong leadership skills.
• Excellent analytical and technical skills.
• Excellent written and verbal communication skills.
• Excellent planning and organizational skills.
• Knowledge of business process re-engineering principles and processes.
• Basic knowledge of financial models and budgeting.
• Understanding of SOA and object-oriented analysis and design.
• Understanding of the political climate of the enterprise, and how to navigate the political waters.
• Ability to understand the long-term ('big picture') and short-term perspectives of situations.
• Ability to estimate the financial impact of technical architecture alternatives.
• Ability to apply multiple technical solutions to business problems.
• Ability to quickly comprehend the functions and capabilities of new technologies.
• Thorough understanding of Information Security frameworks and best practices (e.g. ISO, NIST),

Characteristics:

• Works well with others.
• Is a respected leader.
• Is charismatic.
• Remains unbiased toward any specific vendor or technology choice; is more interested in results than personal preferences.
• Displays intellectual integrity.
• Is motivated by long-term results.

KNOWLEDGE, SKILLS, ABILITIES AND COMPETENCIES -
Assessment tools, technologies and methods.

Designing secure network, systems and application architectures.

Disaster recovery, computer forensic tools, technologies and methods.

Planning, researching and developing security policies, standards and procedures.

System administration role with experience in supporting multiple platforms/applications.