Cyber Security Consultant/Expert
Apply NowCompany: CIBER
Location: Dearborn, MI 48126
Description:
HTC Global Services wants you. Come build new things with us and advance your career. At HTC Global you'll collaborate with experts. You'll join successful teams contributing to our clients' success. You'll work side by side with our clients and have long-term opportunities to advance your career with the latest emerging technologies.
At HTC Global Services our consultants have access to a comprehensive benefits package. Benefits can include Paid-Time-Off, Paid Holidays, 401K matching, Life and Accidental Death Insurance, Short & Long Term Disability Insurance, and a variety of other perks.
Description:
The Cyber Security team is seeking a fun, energetic and organized individual. Our group is the Business Information Security team within and you can make an immediate impact within this organization. We are also expanding our scope to encompass FCSD Tech.
Skills Required:
Skills Preferred:
Experience Required:
Experience Preferred:
Education Required:
Education Preferred:
At HTC Global Services our consultants have access to a comprehensive benefits package. Benefits can include Paid-Time-Off, Paid Holidays, 401K matching, Life and Accidental Death Insurance, Short & Long Term Disability Insurance, and a variety of other perks.
Description:
The Cyber Security team is seeking a fun, energetic and organized individual. Our group is the Business Information Security team within and you can make an immediate impact within this organization. We are also expanding our scope to encompass FCSD Tech.
Skills Required:
- Act as a senior subject matter expert for secure coding, evaluating, and implementing [MR1] processes to mature application security leveraging existing tools.
- Provide consulting services to all product teams, providing advocacy, guidance and education on code security related problems by leveraging enterprise services across product lifecycles, identifying vulnerabilities and implementing secure solutions.
- Help define security standards around CI/CD pipelines, SAST/SCA/DAST testing processes, DevSecOps principles.
- Design, develop and test automation components for product and software especially security related.
- Facilitate getting all known control gaps identified and develop control improvement plans to raise operational maturity in partnership with Internal Controls team as part of GRC processes.
- Partner with Cyber Defense during incident response for teams, as required.
- Support and develop automation solutions that enable our product teams to build and deploy code quickly while giving them insights into security findings. Leverage cloud technology to promote fast provisioning and scalability with secure configuration management and monitoring.
- Implement industry best practices for container hardening and API configuration management. Cross between technology and business topics with ease and understanding being able to explain security topics to any audience. Operate independently and adapt to dynamic needs of the organization and changing teams.
Skills Preferred:
- Experience supporting cloud-based platforms in an enterprise environment such as: Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS).
- Experience using 1 or more SAST/SCA tools like CheckMarx, FOSSA, 42Crunch or BlackDuck Strong working knowledge of Info Sec policy, global purchasing policies and process, GRC component assessment, controls testing, etc.
- Strong understanding of the OWASP Top 10 security vulnerabilities and remediation techniques Working knowledge of a variety of regulations, control frameworks, and requirements, such as SOX, NIST 800-53, NIST 800-171, ISO 27001 Working knowledge of API Security Security coding experience with languages like Java, Java Script, Python, Ruby or equivalent Strong understanding of Security Engineering concepts around key management, authorization, Cloud Security etc. Security architecture experience collaborating with software product teams. Experience with Git/GitHub or equivalent source control repositories.
- Experience using a centralized logging solution such as Splunk or Datadog for monitoring and reporting. IT operations, security, and/or infrastructure experience in an enterprise environment. Experience with vulnerability management with understanding of CVEs, CWEs and how to research and manage risks.
- Comfortable communicating with different levels and audiences effectively to gain attention collaboratively while not causing panic or animosity. A strong drive to keep learning new tools, ideas, techniques and methodologies to change culture to one based on building security and privacy into solutions from inception.
Experience Required:
- 4+ years' experience in cybersecurity analysis, vulnerability management, security consulting, secure software engineering.
Experience Preferred:
- Certifications are highly valued (CISSP, CISA, CISM, etc.)
Education Required:
- Bachelor's degree in business, Cyber Security, IT management, Risk Management, Computer Science, or Computer Engineering or any related field
Education Preferred:
- Master's degree in cyber security, Computer Science, Software Engineering, or a related field.