Senior Security Engineer - Software Security Assurance
Job ID #: 81736
Functional Area: Information Technology
Company: 10042 - AIG Global Services, Inc.
Employment Type: Full Time - Permanent
Education Required: Bachelors Degree (or equivalent)
Experience Required: 3-5 years
Relocation Provided: Yes
Travel Percentage: 0
- Assist in the execution of AIG's Software Security Assurance program supporting all Corporate Functions and Business Units.
- Perform Software Security Assurance Assessments on the applications defined above using the following mechanisms:
- AIG’s Software Security Assessment (SSA) methodology.
- Dynamic Testing Tools (IBM Appscan Enterprise & Standard Editions).
- Static Testing Tools (HP/Fortify SCA 360).
- Work with Business application development team members to remediate risk issues identified in the software security assurance assessments;
- Act as subject matter expert providing assessments of application risk as appropriate when required.
- Maintain AppScan Enterprise and HP Fortify SCA environments.
- Responsible for contributing information regarding software assurance in assessing and evaluating potential risks involved in granting exceptions and ensuring alignment with the defined information security policies and standards.
- Coordinate with IT and the business stakeholders to ensure effective communication, updating, and maintenance of the Software Assurance Program at the global level supporting all Corporate Functions and Business Units.
- Have a thorough understanding of the IT policies and standards and IT policy lifecycle management process.
- Have a thorough understanding of the common and uncommon threats and vulnerabilities related to applications, architectures and databases.
- Have a thorough understanding of the common and uncommon threats and vulnerabilities related to thin client, thick client, mobile and virtualized applications.
- Monitor and track all Software Assurance Processes in a centralized repository.
- Work with corporate and business unit IT security and compliance representatives to improve process, technology and communications.
- Support corporate and business units in developing action plans to remediate their identified exceptions/issues/findings.
- Support periodic reports/KPIs/metrics regarding risk management processes and action plan closure status, schedule, and trends identified during ongoing examinations, audits, and assessments.
- Establishes and maintains strong working relationships with the Divisional CISOs and other groups involved with application security matters (Legal, Internal Audit, Physical Security, Information Security Management Committee, etc.).
- Brings pressing information security Risks to management's attention so that remedial action can be taken.
- Examines information security risks from a cross-organizational viewpoint including internal and external risks, from a security and compliance perspective and makes appropriate recommendations to protect the company from applicable risks and vulnerabilities.
- Participates as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developments.
- Professional Information Security Certification(s) (CISSP, CISM, GIAC etc.);
- Minimum of 5 years experience in Information Security and IT in general;
- Experience with Software Security Assurance Testing Tools:
- IBM Appscan or equivalent
- HP/Fortify SCA 360 or equivalent
- Expert knowledge of common application vulnerabilities and their exploitation
- Clear understanding of various application architectures and their impact on application security
- Ability to identify mitigating controls
- Ability to effectively communicate risks of application vulnerabilities
- Knowledge of Electronic Data Interchange (EDI)
- Knowledge of XML based Web Services
- Excellent written and oral skills in English
- Software development experience preferred
- Experience within the financial services industry helpful
- Bachelor's or master's degree in computer science, information systems, engineering, or a related discipline or equivalent experience.
- Experience with technical aspects of IT including networks, servers, application architecture and related information security, regulatory and associated risk issues.
- Experience performing audits, security, vulnerability, penetration tests, assessments and evaluations.
- Ability to clearly interpret and communicate the threats, risks and impacts to all levels of the organization
- Experience with risk and compliance tools such as Archer and Open Pages is a plus
- Extensive experience with Word, PowerPoint, Excel
- High level critical thinking and strategic planning skills
- Excellent written and verbal communications, effective interpersonal skills, strong formal presentation abilities
- Project Management Skills is a plus
American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries and jurisdictions. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States.
AIG Property Casualty is a global market leader, one of the few truly global property casualty franchises.
AIG Life and Retirement is one of the largest life insurance organizations in the U.S., and provides protection, investment and income solutions needed for financial and retirement security.
United Guaranty Corporation is the marketplace leader in mortgage insurance in the U.S.
Additional information about AIG can be found at www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIG_LatestNews | LinkedIn: http://www.linkedin.com/company/aig
Valic - 22 months ago