Chemical Abstracts Service
TE25P5 Lead Security Analyst
Chemical Abstracts Service, Columbus, Ohio, United States, 43224
CAS uses intuitive technology, unparalleled scientific content, and unmatched human expertise to help companies create groundbreaking innovations that benefit the world. As the scientific information solutions division of the American Chemical Society, CAS manages the largest curated reservoir of scientific knowledge, and for 117 years, has helped innovators mine, assess and apply that information to keep businesses thriving. The CAS team is global, diverse, endlessly curious and strives to make scientific insights accessible to innovators worldwide.
CAS is currently seeking a Lead Security Architect and Application Security Tester. This position will be located in our headquarters in Columbus, Ohio.
Position Summary:
This lead security architect supports both ACS and CAS as an enterprise function. The lead security architect will be expected to assess threats and vulnerabilities, analyze data and code, define measurable objectives, and drive implementations of security solutions for the security of the entire enterprise. The role is also responsible for defining/documenting security requirements, standards, patterns, reference architectures and decision trees to enable compliance with company policy and objectives. In addition to aiding in the architecture design/assessment process, this role will also be responsible for performing penetration tests when deemed necessary. Collaboration with business partners to review, assess, and collaborate to harden security controls is essential for success in this role.
Job Duties:
Proactively work with partners and suppliers to achieve objectives on time and within budget. Takes appropriate actions, when necessary, with partners/suppliers to build enterprise class solutions, respond to issues/threats, and/or communicate to stakeholders all utilizing efficient and effective tools and techniques to mature enterprise information security.Serve as key contributor to the formulation of the organization's information security strategy to safeguard against emerging threats and align with business goals.Create impactful presentations and communicate them with organizational leadership as required.Partner with others in IT to develop and implement security solutions that adhere to industry standards and best practices to strengthen the organization's security posture.Serve as role model for colleagues in adherence with established IT policies and procedures to ensure compliance of all assets within security's remit. Appropriately escalates concerns, risks and issues.Demonstrate expert level knowledge and adherence to industry standards and organizational best practices. Provide advice, coaching and guidance to less senior colleagues. Escalate any concerns or issues related to compliance promptly.Execute and oversee penetration testing activities to uncover security vulnerabilities and strengthen the organization's defenses.Lead security architecture assessments to identify potential weaknesses, ensure alignment with best practices and industry standards and recommend enhancements; this includes but is not limited to evaluating system configurations, network designs, and application security.Proactively provides expert level guidance and documentation of security requirements, standards, patterns, and decision trees to enable compliance with company policy and objectives.Lead collaboration efforts in implementation of security controls aligned to the Enterprise Information Security strategy.Proactively engage in the greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify industry advancements, new techniques, and new partners. Demonstrates a positive, proactive and thought leadership attitude to CAS and the greater security community.Apply previous experience and proactive research to problem solve complex risks, issues, and situations.Review and document critical technical processes to ensure accuracy and sustainability of job-related processes.Role model collaboration among cross-functional groups and with all levels of personnel to achieve organizational and Enterprise Information Security objectives.Architect security tooling and systems to ensure high availability, optimum performance, and security.Provide after-hours support and assist with maintenance tasks as needed.Mentor and provide guidance to less experienced team members.Job Qualifications:
Bachelor's degree in science or other Business related field and 12+ years' experience OR a Master's degree and 8+ years' experience in cyber securityIndustry certifications (CISSP, CEH, Security +, CRISC, CISM, etc.) preferredAdvanced level knowledge of industry standard security domains and expert knowledge in at least twoWorking knowledge of scripting (PowerShell, Python, etc.)Working knowledge of core network and systems administrator protocolsWorking knowledge of wireless network solutionsHands-on experience working with cloud architectures, technologies, and controls to secure themFunctional knowledge of container technologiesExperience with and ability to implement security best practicesExperience with security and governance, risk, and compliance toolsExperience with Windows, Mac and Linux operating systemsDemonstrated success working independently and leading cross-functionalteamsStrong interpersonal, written, and verbal communication skillsExpert level experience working with a team to solve complex, high risk, and high impact technical and process problemsStrong track record of achieving resultsDemonstrated reliability and follow-through on commitments and assignmentsRole model high ethics,professionalism and courtesy in all interactionsDemonstrated ability to implement advanced security best practicesWork well under pressure (i.e. a critical system is down)Ability to manage multiple tasks in a given timeframe
CAS offers a competitive salary and comprehensive benefits package, including a generous vacation plan, medical, dental, vision insurance plans, and employee savings and retirement plans. Candidates for this position must be authorized to work in the United States and not require work authorization sponsorship by our company for this position now or in the future. EEO/Minority/Female/Disabled/Veteran.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
CAS is currently seeking a Lead Security Architect and Application Security Tester. This position will be located in our headquarters in Columbus, Ohio.
Position Summary:
This lead security architect supports both ACS and CAS as an enterprise function. The lead security architect will be expected to assess threats and vulnerabilities, analyze data and code, define measurable objectives, and drive implementations of security solutions for the security of the entire enterprise. The role is also responsible for defining/documenting security requirements, standards, patterns, reference architectures and decision trees to enable compliance with company policy and objectives. In addition to aiding in the architecture design/assessment process, this role will also be responsible for performing penetration tests when deemed necessary. Collaboration with business partners to review, assess, and collaborate to harden security controls is essential for success in this role.
Job Duties:
Proactively work with partners and suppliers to achieve objectives on time and within budget. Takes appropriate actions, when necessary, with partners/suppliers to build enterprise class solutions, respond to issues/threats, and/or communicate to stakeholders all utilizing efficient and effective tools and techniques to mature enterprise information security.Serve as key contributor to the formulation of the organization's information security strategy to safeguard against emerging threats and align with business goals.Create impactful presentations and communicate them with organizational leadership as required.Partner with others in IT to develop and implement security solutions that adhere to industry standards and best practices to strengthen the organization's security posture.Serve as role model for colleagues in adherence with established IT policies and procedures to ensure compliance of all assets within security's remit. Appropriately escalates concerns, risks and issues.Demonstrate expert level knowledge and adherence to industry standards and organizational best practices. Provide advice, coaching and guidance to less senior colleagues. Escalate any concerns or issues related to compliance promptly.Execute and oversee penetration testing activities to uncover security vulnerabilities and strengthen the organization's defenses.Lead security architecture assessments to identify potential weaknesses, ensure alignment with best practices and industry standards and recommend enhancements; this includes but is not limited to evaluating system configurations, network designs, and application security.Proactively provides expert level guidance and documentation of security requirements, standards, patterns, and decision trees to enable compliance with company policy and objectives.Lead collaboration efforts in implementation of security controls aligned to the Enterprise Information Security strategy.Proactively engage in the greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify industry advancements, new techniques, and new partners. Demonstrates a positive, proactive and thought leadership attitude to CAS and the greater security community.Apply previous experience and proactive research to problem solve complex risks, issues, and situations.Review and document critical technical processes to ensure accuracy and sustainability of job-related processes.Role model collaboration among cross-functional groups and with all levels of personnel to achieve organizational and Enterprise Information Security objectives.Architect security tooling and systems to ensure high availability, optimum performance, and security.Provide after-hours support and assist with maintenance tasks as needed.Mentor and provide guidance to less experienced team members.Job Qualifications:
Bachelor's degree in science or other Business related field and 12+ years' experience OR a Master's degree and 8+ years' experience in cyber securityIndustry certifications (CISSP, CEH, Security +, CRISC, CISM, etc.) preferredAdvanced level knowledge of industry standard security domains and expert knowledge in at least twoWorking knowledge of scripting (PowerShell, Python, etc.)Working knowledge of core network and systems administrator protocolsWorking knowledge of wireless network solutionsHands-on experience working with cloud architectures, technologies, and controls to secure themFunctional knowledge of container technologiesExperience with and ability to implement security best practicesExperience with security and governance, risk, and compliance toolsExperience with Windows, Mac and Linux operating systemsDemonstrated success working independently and leading cross-functionalteamsStrong interpersonal, written, and verbal communication skillsExpert level experience working with a team to solve complex, high risk, and high impact technical and process problemsStrong track record of achieving resultsDemonstrated reliability and follow-through on commitments and assignmentsRole model high ethics,professionalism and courtesy in all interactionsDemonstrated ability to implement advanced security best practicesWork well under pressure (i.e. a critical system is down)Ability to manage multiple tasks in a given timeframe
CAS offers a competitive salary and comprehensive benefits package, including a generous vacation plan, medical, dental, vision insurance plans, and employee savings and retirement plans. Candidates for this position must be authorized to work in the United States and not require work authorization sponsorship by our company for this position now or in the future. EEO/Minority/Female/Disabled/Veteran.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)