M+E Technology Job Board

Sr. Security Specialist

Marvel Entertainment

Job Summary:
We are looking for seasoned Information Security Professional with 7+ years of experience in security operations, application development security, infrastructure security, security risk assessments, audits, compliance, governance, high-level risk management.

Responsibilities:

Security architecture design, administration, and support for ongoing IT and Web initiatives
Provide security protection to company’s information technology systems and data
Security risk assessment and remediation for business processes, enterprise infrastructure and applications
Conduct periodically risk assessments, vulnerability assessments and threat analyses to be able identifying and managing associated risks
Develop and facilitate deployment of information security governance documents: policies, frameworks, programs, procedures, and audits
Define, develop, and implement security models for Intellectual Rights Management, data confidentiality classification
Proactively monitor security threats and vulnerabilities; event management and logging, identify and prevent potential intrusions using SIEM, DLP, IPS/IDS, other tools; advanced malware/Threat analysis and protection
Plan and execute security related projects, e.g., deploying new security solutions and best practices, providing guidance to company’s engineering and QA teams
Establish, monitor, evaluate and report key security performance and risk assessment indicators to provide management with accurate evaluation of the enterprise security state and the information security program effectiveness
Compliance assessment and reviews; alignment of security controls for business processes and applications with applicable regulatory governing documents like SOX, PCI, COPA, Safe Harbor, ISO 27001, OWASP
Develop and maintain User Security Awareness program,; organize and provide security training to employees, contractors, interns
Monitor and study relevant media and specialized vendor resources, provide assessment and recommendations to address emerging threats, vulnerabilities
Site Security Assessment of corporate premises, third parties, cloud services

Basic Qualifications:

A Bachelor or Master’s degree preferred, Computer Engineering or Computer Science; required at least 7 years of progressive information security experience
One of Major InfoSec Certifications (CISSP, CISM, SANS) is a must
Information Security Architecture

Integration with Business, Information, Technology architectures
Securing business processes, applications, and infrastructure
Security aspects for N-tiered application architecture and web based applications
Authentication, authorization, data confidentiality, non-repudiation, integrity, audit logging

Linux and Windows scripting, command line utilities (like Shell, Visual Basic, Perl, Python, awk)
Security policies and best practices; developing governance documents, certificate management
Identity management and role based user access control, end point security
Password management and SSO implementation
Network security, TCP/IP, DNS, DMZ, Firewalls, Application Firewalls (Web, XML, Database), best practice design and deployment; hardening hardware/software, secure VPN and FTP, Forward and reverse proxies
Virtualized, cloud, mobile environments, MDM
Security specifics in applications development and custom codes – PHP, ASP, Java, C# platforms
Hardening J2EE, Tomcat, Web servers (IIS, Apache)
Windows and Linux security models, basic administration and audit
Databases (Oracle, MS SQL) – audits, data encryption at rest and in transit
Browser security concepts (e.g. Tokens), risks (e.g. XSS); configuring SSL/TLS, PKI servers
LDAP (Oracle Sun One preferred), Active Directory, including administration and design of custom LDAP schemas
Vulnerability assessments and IT auditing
Incident response and digital forensics experience
Experience in organizing and leading projects with managed security service providers
Assess and manage Third parties Security