IT Security

EIRE Systems is looking for an IT Security Generalist to provide security assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices. You will be working on multiple security architecture and design assessments.  You’ll work with team members (IT, Business, Suppliers, Stakeholders and Partners) globally to perform security architecture assessments. To be successful the candidate must have broad technology experience coupled with strong communication, influencing and time management skills.

Responsibilities:

• Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
• AAA – Authentication, Authorization, Auditing
• Application Security – Session Security, Vulnerability/Pen Testing items, Input Validation
• Secure data transport and storage
• Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
• Participate in various Operational and Technology Risk governance processes
• Assist in identifying new areas and opportunities of technology investment for the firm

Skills and Experience

• Excellent communication skills: written, oral, presentation, listening
• Ability to influence through factual reasoning
• Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
• Strong focus on delivery when presented with short timelines and increased involvement from senior management
• Ability to adjust communication of technology risks vs business risks based on the audience

Security Architecture Skills – Required:

• In depth knowledge of application, network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
• Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.
• Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
• The candidate must have working experience in the following application/network security domains:
• Authentication: SAML, SiteMinder, Kerberos, OpenId
• Entitlements and identity management
• Data protection, data leakage prevention and secure data transfer and storage
• App Security - validation checking, software attack methodologies
• Cryptography – encryption and hashing

Desired skills

• Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, vpn, and load-balancers, and to understand network architecture.
• The candidate must have working knowledge of the primary operating systems (Unix, Windows, z/OS, Mac OS), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.
• Experience in testing tools, at least one of Veracode, Fortify, OunceLabs, AppScan, WebInspect, Burp

Development Experience

• Though role is not a development role, the candidate must have previous background in programming, design and application architecture.
• In order to be a practical the candidate must have experience implementing complex applications in an enterprise environment.
• Working knowledge of programming and scripting languages: Java, JavaScript, C#, C/C++, Perl, Python, Ruby
• Desired – In-depth knowledge of web technologies such as Web Browsers, Web Servers, Web Services

Other Areas of Expertise

• Frameworks, protocols and subsystems:  J2EE, .NET, Spring, RPC, SOAP,  MQSeries, JMS, RMI, JMX, Hibernate.
• Knowledge of JSP /Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex / Silverlight.
• Database design and programming experience
• Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)
• Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
• Understanding of geographic regulations and their impact on Security assessments
• Previous experience in Financial Services is preferred
• CISSP or other industry qualification
• Desired – experience working with global organizations

Educational Requirements

Bachelor’s Degree with minimum 5 years relevant work experience in high-paced, enterprise environment

EIRE Systems is a leading independent provider of professional IT services to the financial, insurance and multinational sectors in Hong Kong and throughout the Asia Pacific region. EIRE Systems has expertise across a wide spectrum of Information Technologies, with a track record for successfully completing hundreds of assignments since its establishment in 1996.

We provide professional IT services, both project-based and ongoing operational support, in three main areas:

• IT Managed Services
• Project Management
• IT Consulting 
  

With offices in Tokyo, Hong Kong, Singapore,  and Shanghai, EIRE Systems is in a position to provide local, regional, and global IT strategy and technology solutions at all levels to our clients.