Veros Software
Director, IT Security
Veros Software, Santa Ana, California, United States, 92725
About the Company:
Headquartered in Santa Ana California, Veros (www.veros.com) is a growing technology company that develops, operates and maintains custom software and business analytic solutions for the financial services industry. We are looking for a self-motivated, independent person to play a critical role, supporting the company's end user technology needs.
Veros offers a unique opportunity that encourages creativity and professional growth along with a competitive salary and benefits package including medical, dental, vision, life, 401(k), paid vacation, holidays, and more.
Position Summary:
Reporting to the Senior Vice President of Information Technology, the primary objective of this position is to maintain a secure, high-performance, and robust computing environment. The responsibilities of the role specifically include IBM's Identity and Access Management (IAM) stack and managing all aspects of cybersecurity of the public-facing production technology infrastructure, including both primary and backup data centers, as well as internal production and development systems. The Director of IT Security is also responsible for forward-looking Cloud security architecture, security operations and maintenance of an effective systems and resource monitoring program.
Principal Responsibilities:Lead IT Security team and provide hands-on support for all IBM Tivoli Security Identity and Access manager, and IT security tasks and initiativesLead and review the design, development, and automation of Cloud security architecture on internal/external systems with various cloud providers (such as Azure and AWS)10+ years of progressive "hands-on" security experience in security tools and programs and successfully executing security initiatives across the organizationProactively monitor Veros' infrastructure for security breaches, take appropriate action to mitigate risks, implement cybersecurity measures to protect data, and provide root cause analysis for security incidentsDesign, maintain and practice disaster recovery and business continuity strategiesLead the team to meet security, contractual, and compliance/audit requirementsLead the application vulnerability assessment, third party risk assessments, audits, and due diligenceImplement security controls and frameworks including CIS, DISA/STIG, NIST SP 800-53, FISMA compliance, and FEDRAMP certificationCybersecurity:
Develop and execute IT Security plan with focus to secure systems, performance management, and software update/upgradesDesign and lead the development and implementation of enterprise cloud and hybrid cloud architectureWork with data analytics and product teams to choose appropriate technology solutions and complete integration into company's on-prem environmentEvaluate and report on cloud product and service provider security and compliance during vendor selection and solution architectureDemonstrate strong understanding of concepts including monitoring, encryption, data security, IAM and auditing with industry standard best practices of operational security controlSME and technical lead for Internal Certificate Authority and PKI implementationWork closely with the development team to review existing applications and system enhancements to ensure protection against the OWASP Top 10 and other common security vulnerabilitiesProvide recommendations for security enhancements to IT executive managementIdentity and Access Management (IAM):
Install, configure, update, upgrade, administer, and support IBM Tivoli suite of products i.e., SIM, SAM, SFIM, SAM E-SSO, SDS, and/or SDI and other IAM solutionsSuccessfully troubleshoot integrations, configure policies, workflows, and access controlsUnderstand high availability concepts, load balancers, clustering, and firewallsInterpret requirements and assist in producing solution designs in the areas of administration process and user provisioning, identification and authentication, authorization, identity centralization/directory services, federation, single sign on, and compliance reportingWork closely with software architects to design and develop product enhancements related to the integration with the IAM platformDevelop custom monitoring solutions for specific components as requiredDevelop and maintain effective systems automation procedures using shell scriptingLead disaster recovery event with switchover, validation, and switchbackQualifications and Requirements:
Bachelor's degree or higher in Computer Science or related discipline (or equivalent career experience)5+ years' experience in Information Security, and 2+ years' experience with Cloud Security responsibilities in Azure or AWS - RequiredExperience with service-oriented architecture and architecting solutions for cloud-based services such as Azure, AWS. - RequiredWorking knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.)Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes: secure software development (Application Security), data protection, cryptography, key management, identity, and access management (IAM), and network security within SaaS and other cloud environmentsSubject Matter Expertise and 5+ years hands-on implementation/development experience in one or more of the following areas:
IBM Security Identity Manager (SIM)IBM Security Access Manager (SAM)IBM Security Directory Integrator (SDI)IBM Security Federation Identity manager (SFIM)IBM Security Access Manager Enterprise Single Sign On (SAM E-SSO)
Proficiency in the following skills is required with skill level as noted: (Basic, Intermediate, Advanced, Expert)
IAM Administration, support, and troubleshooting - ExpertWindows server technologies - AdvancedOracle Database technologies - IntermediateLoad balancer technologies - Intermediate
Prior practical experience in the following areas is considered relevant to the position as indicated: (Mandatory, Preferred, Desirable, Useful)
CISSP, ITIL, and IBM Tivoli / Security certifications - At least one certification is preferredDemonstrated excellence with troubleshooting and problem solving - MandatoryManaging multiple-server installations to production-quality standards, including production control, disaster planning and security administration - MandatoryGood written and verbal communication skills, ability to convey information on technical subjects to a wide variety of audiences - MandatoryProject management and planning background - PreferredConfiguring, compiling, and installing GNU-based open-source software - PreferredCreating, configuring, maintaining, and tuning a consolidated server environment based on VMware technology - UsefulConfiguring and maintaining Microsoft technologies, such as web servers, application servers, relational databases, and LDAP repositories - Useful
Veros is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Privacy Policy - https://www.veros.com/privacy-policy/california-employee-privacy-policy
Headquartered in Santa Ana California, Veros (www.veros.com) is a growing technology company that develops, operates and maintains custom software and business analytic solutions for the financial services industry. We are looking for a self-motivated, independent person to play a critical role, supporting the company's end user technology needs.
Veros offers a unique opportunity that encourages creativity and professional growth along with a competitive salary and benefits package including medical, dental, vision, life, 401(k), paid vacation, holidays, and more.
Position Summary:
Reporting to the Senior Vice President of Information Technology, the primary objective of this position is to maintain a secure, high-performance, and robust computing environment. The responsibilities of the role specifically include IBM's Identity and Access Management (IAM) stack and managing all aspects of cybersecurity of the public-facing production technology infrastructure, including both primary and backup data centers, as well as internal production and development systems. The Director of IT Security is also responsible for forward-looking Cloud security architecture, security operations and maintenance of an effective systems and resource monitoring program.
Principal Responsibilities:Lead IT Security team and provide hands-on support for all IBM Tivoli Security Identity and Access manager, and IT security tasks and initiativesLead and review the design, development, and automation of Cloud security architecture on internal/external systems with various cloud providers (such as Azure and AWS)10+ years of progressive "hands-on" security experience in security tools and programs and successfully executing security initiatives across the organizationProactively monitor Veros' infrastructure for security breaches, take appropriate action to mitigate risks, implement cybersecurity measures to protect data, and provide root cause analysis for security incidentsDesign, maintain and practice disaster recovery and business continuity strategiesLead the team to meet security, contractual, and compliance/audit requirementsLead the application vulnerability assessment, third party risk assessments, audits, and due diligenceImplement security controls and frameworks including CIS, DISA/STIG, NIST SP 800-53, FISMA compliance, and FEDRAMP certificationCybersecurity:
Develop and execute IT Security plan with focus to secure systems, performance management, and software update/upgradesDesign and lead the development and implementation of enterprise cloud and hybrid cloud architectureWork with data analytics and product teams to choose appropriate technology solutions and complete integration into company's on-prem environmentEvaluate and report on cloud product and service provider security and compliance during vendor selection and solution architectureDemonstrate strong understanding of concepts including monitoring, encryption, data security, IAM and auditing with industry standard best practices of operational security controlSME and technical lead for Internal Certificate Authority and PKI implementationWork closely with the development team to review existing applications and system enhancements to ensure protection against the OWASP Top 10 and other common security vulnerabilitiesProvide recommendations for security enhancements to IT executive managementIdentity and Access Management (IAM):
Install, configure, update, upgrade, administer, and support IBM Tivoli suite of products i.e., SIM, SAM, SFIM, SAM E-SSO, SDS, and/or SDI and other IAM solutionsSuccessfully troubleshoot integrations, configure policies, workflows, and access controlsUnderstand high availability concepts, load balancers, clustering, and firewallsInterpret requirements and assist in producing solution designs in the areas of administration process and user provisioning, identification and authentication, authorization, identity centralization/directory services, federation, single sign on, and compliance reportingWork closely with software architects to design and develop product enhancements related to the integration with the IAM platformDevelop custom monitoring solutions for specific components as requiredDevelop and maintain effective systems automation procedures using shell scriptingLead disaster recovery event with switchover, validation, and switchbackQualifications and Requirements:
Bachelor's degree or higher in Computer Science or related discipline (or equivalent career experience)5+ years' experience in Information Security, and 2+ years' experience with Cloud Security responsibilities in Azure or AWS - RequiredExperience with service-oriented architecture and architecting solutions for cloud-based services such as Azure, AWS. - RequiredWorking knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.)Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes: secure software development (Application Security), data protection, cryptography, key management, identity, and access management (IAM), and network security within SaaS and other cloud environmentsSubject Matter Expertise and 5+ years hands-on implementation/development experience in one or more of the following areas:
IBM Security Identity Manager (SIM)IBM Security Access Manager (SAM)IBM Security Directory Integrator (SDI)IBM Security Federation Identity manager (SFIM)IBM Security Access Manager Enterprise Single Sign On (SAM E-SSO)
Proficiency in the following skills is required with skill level as noted: (Basic, Intermediate, Advanced, Expert)
IAM Administration, support, and troubleshooting - ExpertWindows server technologies - AdvancedOracle Database technologies - IntermediateLoad balancer technologies - Intermediate
Prior practical experience in the following areas is considered relevant to the position as indicated: (Mandatory, Preferred, Desirable, Useful)
CISSP, ITIL, and IBM Tivoli / Security certifications - At least one certification is preferredDemonstrated excellence with troubleshooting and problem solving - MandatoryManaging multiple-server installations to production-quality standards, including production control, disaster planning and security administration - MandatoryGood written and verbal communication skills, ability to convey information on technical subjects to a wide variety of audiences - MandatoryProject management and planning background - PreferredConfiguring, compiling, and installing GNU-based open-source software - PreferredCreating, configuring, maintaining, and tuning a consolidated server environment based on VMware technology - UsefulConfiguring and maintaining Microsoft technologies, such as web servers, application servers, relational databases, and LDAP repositories - Useful
Veros is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Privacy Policy - https://www.veros.com/privacy-policy/california-employee-privacy-policy