Hi,
This is Kamran Ahmed from Exarca Inc.
We have a contract position with my client. Kindly check the following position and let us know if you
are interested in this role
Senior Consultant, Information Security Engineering Lead- 2 openings
Location: O’Fallon, MO
Years of Experience 7+
*This person will need to lead and mentor the other consultants on the team
Consultant, Information Security Lead – 3 openings
Location: O’Fallon, MO
Years of Experience 5 +
Visa: All visa ( except H1B)
Interview: Phone and Skype
Need LinkedIn profile
The Role – Security Engineer for Digital, Marketing, and Loyalty Programs
• As a Security Engineer for Mastercard’s Digital, Marketing, and Loyalty business (DML) reporting to the Business Security Officer, you will be relied upon to serve as technical security expert supporting the development and sustainability of secure products and practices. You will be the subject matter expert in application security delivering tactical mentorship and strategic consulting in terms of building a security-focused culture, secure development best-practices and application security awareness as well as contextualizing the threat landscape and associated risks for DML and its programs.
• You will be an active and critical participant in the design and implementation of internal and external payment services and mentor others in these efforts (including creating user stories, secure code review, providing up-front and ongoing security consultation, reviewing and enabling testing efforts, etc.)
• You will proactively work to find solutions that align with business needs while operating within Mastercard’s risk tolerance that are scalable and can be applied across multiple programs and platforms. This requires the ability to collaborate with cross-functional teams and regularly articulate and communicate to diverse audiences and properly translates security and risk management terminology into business terms, and recommends alternative solutions to these stakeholders.
• As a Security Engineer, you will also assist the Business Security Office in assessing the current threat landscape and business needs of DML to identity and prioritize and solution risks. This includes examining systems and applications to understand the current security posture and advocating for security best-practices to engineering teams.
All About You
• 7+ years of security engineering experience
• Adaptive communication skills to influence cross functionally without direct authority, comfort speaking with customers and business partners at all levels
• Motivated self-starter with an agility and ability to manage ambiguity, deal with and anticipate change while still meeting business objectives
• Passion for great product design, security and usability
• Experience with application threat modeling or other risk identification techniques
• Current knowledge of security best practices, common exploits, and threat landscape
• Understanding of Agile methodologies
• Ability to build secure DevOps architecture patterns and provide guidance on how to develop secure applications and infrastructures
• Strong understanding of Information Security, Authentication and Data Privacy within the domain of Digital Commerce including relevant practical experience
• Demonstrated experience designing Secure multi-domain Internet facing applications
• Knowledge of the security architecture of web based network environments and secure communication between environments
• Knowledge and technical security experience in Cryptography, including several of the following: PKI, Digital Certificates, SSL, Hashing, Encryption techniques, etc.
• Good understanding of Software Development especially related to secure coding best practices. Prior experience programming in Java is a plus.
• Experienced in mobile security architecture concepts, design, implementation along with Android and IOS is a plus
• What will a typical work day look like for this contractor?
• Dedicated to 1 or 2 programs within DML. They will be the single POC security resource to help the development team work through models, do secure code reviews, give security architecting counsel and advice on how they are building and designing things, understand the threat model on the products we develop. They will be embedded within the engineering teams. Reviewing diagrams, looking at Code, negotiating and explaining security threats and best practices
• What are your top 3 required technical skills?
1. Threat Modeling
2. Cryptography
3. Mobile application security
4. Payment security
5. Secure code review experience
6. Understanding of Agile methodologies
