The MTS III - Apps Development Security (internal title) is responsible for conducting information security evaluations and risk analysis of business initiatives through participation in the SDLC (Software Development Lifecycle) process and other project lifecycles.
Identifying security and privacy risks through evaluations and analysis of functional requirements and technical design.
Providing information security requirements and/or recommendations to reduce risk using guidance from policy, standards, best practices and knowledge of the threat environment.
Clearly articulating the information security and privacy risk to the business and IT leaders.
Reviewing and understanding project requirements, approach and design documents and how they apply to the IT infrastructure and systems.
Participating when necessary in requirement, design and approach sessions with the project team.
Researching and staying current on security best practices and technologies, threats and vulnerabilities, and information security related regulations.
Engaging and consulting with the appropriate technical and privacy subject matter experts (SME’s) when necessary.
Completing Risk Analysis documents and presenting the analysis to business sponsors and IT leaders.
Keeping the security management team and security subject matter experts informed of identified security risk and potential threats and vulnerabilities within a project or work initiative.
At least 4+ years professional experience in an IT security, IT support, application development role; or equivalent work experience.
At least 3+ years of experience in IT.
Knowledge of information security fundamentals, technologies, regulations and best practices.
Knowledge of best practices in the area of access control, authentication/authorization, encryption/key management, secure protocols, and general security controls.
Familiar with PCI-DSS Payment Card Industry - Data Security Standards and CPNI Customer Proprietary Network Information regulations.
Familiarity with SDLC principals including multiple methodologies such as waterfall and agile.
An understanding of the SDLC phases and deliverables within each phase.
Demonstrated experience with guiding and leading technical projects and resources through requirements and delivery. Must have a broad view of the IT landscape including networking, infrastructure and application layers.
Excellent written and verbal communication skills with ability to effectively articulate requirements and security risk.
Demonstrated experience with writing and/or consuming business and technical requirements.
Demonstrated experience leading productive meetings and conference calls with both technical and business leaders.
Ability to analyze security risk using a balanced approached and exercising excellent judgment skills. Familiar with risk analysis methodologies and threat assessments; including threat, vulnerability and impact equations.
A driven, self-starter requiring minimal supervision and able to prioritize a heavy workload.
Bachelors Degree in IT or related field strongly desired.
GSEC - Security Essentials Certification by GIAC: Global Information Assurance Certification
CISSP – Certified Information Systems Security Professional by (ISC)2: Information Systems Security Certification Consortium
CRISC – Certified in Risk and Information Systems Controls – ISACA: Information Systems Audit and Control Association.
CISA - Certified Information Systems Auditor - ISACA: Information Systems Audit and Control Association.
Equal Employment Opportunity
We are an equal opportunity employer m/f/d/v.
Verizon Wireless - 18 months ago
At Verizon, our people are busy changing the world-tackling the toughest challenges in areas like Healthcare, Energy, Public Safety, and...