Information Protection Security Specialist

portland, oregon

Architecture Manager

  • Works with application delivery team to ensure security best practices are incorporated into both model of delivery (process/tools) and developed assets
  • Proactively identifies potential security impacts to existing/planned applications and supporting platforms (middleware, database, network assets) and implements remediation.
  • Works with extended security/application stakeholders to influence, coordinate and support the following activities:
  • Planning and implementation of corporate security initiatives
  • Enhance existing tools/process/patterns for improved security posture on ASG applications
  • Support the prioritization and discovery of new applications
  • Review and security impact assessment from new tools/libraries
  • Supports triage and resolution for security incidents
  • Ongoing application risk evaluations for existing/pending applications
  • Creation and support of design documentation around physical/logical security for applications
  • Support for vendor security reviews, including coordination with vendor on documentation/discovery, and remediatio
  • Implementation of relevant monitoring/support patterns and tools to implement ongoing evaluation of application security posture
  • Works with testing stakeholders (functional, performance, integration) to ensure test cases and strategy that support vulnerability testing
  • Works with delivery team to ensure periodic, proactive validation of software/capability releases to ensure security readiness
  • Coordination with product requirements leads to ensure planned capabilities account for functional/non-functional security needs

Technical Skills:

  • Familiar with application development processes, tools and conventions. Prior experience in software development preferred
  • Can work with complex, modern distributed application and system architectures
  • Ability to understand mid-level application/infrastructure diagrams and associated business process flows and descriptions
  • Working knowledge of HIPAA, PCI and common security frameworks and standards (ex: OWASP)
  • Understands hosting and development facility security concerns and requirements, and is able to review those from paper based questionnaires and surveys.
  • High level understanding of basic network and network security fundamentals.
  • Proficient in security analysis and common industry controls and mitigation tactics.
  • Health Insurance or Health Care Industry experience desired
  • Ability to grasp and understand complicated relationships
  • Proven Communication skills, with the ability to write and verbally communicate effectively

Experience:

  • 3 to 5 years active and proven Information Protection Security experience in various capacities covering software development
  • 5 to 8 years active/proven Information Protection Security with leadership experience in various capacities
  • Hand-on experience with multiple technologies including operating systems, network, databases, identity management tools, web security practices, etc.
  • 5+ years of Information security audit experience
  • Working experience with industry best practices related to Information Protection Risk Assessments for outsourced business processes
  • Experience with various compliance standards (ex: HIPAA, GLBA, Sarbanes-Oxley (SOX), ISO Security Standards, )
  • BS degree or proven equivalent industry experience
  • Excellent written and verbal communication skills
  • Ability to work effectively with other teams and maintain positive relationships
  • Experience with Black/White-hat vulnerability assessments on modern web/mobile applications
  • Experience with modern software development practices (Continuous development, Container/configuration-driven infrastructure, etc.) and languages (Javascript, Node.js, Java, Scala, etc.)
  • BS degree or equivalent experience
  • CISSP, CISA, CISM, CRISC or similar certifications

Job category:

Job keywords:

Address
Files must be less than 2 MB.
Allowed file types: doc docx pdf.

Vertical Tabs