• Design and develop typical GRC solutions like risk management (enterprise and information technology risk), compliance management, issue and corrective action plan management, exception management, policy life cycle management, third-party risk management, audit management, threat and vulnerability management, enterprise asset management, and security operations management • Define, enhance, and implement enterprise risk management frameworks based on industry standards and frameworks (e.g., ISO 27001, COSO, COBIT, PCI, NIST, HIPAA, etc.) on GRC technologies, such as RSA Archer. • Assist in gathering and documenting business requirements and identifying gaps within existing systems and processes • Define the architecture and design elements for implementation of GRC solution (including design data/object models, technical workflows diagrams, access control models, etc.) • Lead build/configuration of GRC solutions on RSA Archer as per defined business requirements and design • Lead software development life cycle (SDLC) efforts for successful build, test, and roll-out of GRC solution into production use • Assist in developing GRC governance and operating model for the setup and sustainment of the GRC program
The Security Software Development Engineer will work closely with the product development team to design and develop the security event ingestions and analytics modules. Ingestion includes reading and writing a huge number of events at wire speed is essential. Developing Threat Analysts, Solution Architects, other Security Engineers, and clients to complete high profile, critical services to existing Managed Security Service clients. Qualifications Qualifications for success: • Preferably a full stack developer using Angular 2+ and Node or PHP. • Experience managing and maintaining SIEM systems or developing or integrating APIs. • Experience working with networks and network architecture. • Experience working in the Security field • Experience writing SIEM content, Splunk preferred. • Experience working in a Security Operations Center, Managed Security, or client network environment. • Advanced information security knowledge in one or more areas such as Enterprise end-point security products (i.e. McAfee e-Policy Orchestrator, Virus Scan, Anti-Spyware, Host Data Loss Protection, Endpoint Encryption, etc.) Security Information and Event Manager (SIEM), to include: NitroSecurity ArcSight Q1 Labs RSA Envision Network Firewall, Web Proxy, E-Mail and Web Gateway etc. to include: Palo Alto / Checkpoint / Juniper / McAfee / Cisco / Blue Coat / Imperva. • Understanding of network architecture and implementation. • Candidates having network security analysis preferred. • Experience with content SIEM content creation and reporting. • Excellent time management, reporting, and communication skills. • Superior problem-solving skills.