State Street Security Architecture Cnslt in Quincy, Massachusetts

GQS SVC SecDevOps Architects provide “hands-on” technological focused research, evaluation and support regarding the choice of tools, their deployment and operating patterns. SVC SecDevOps Architects maintain a “Micro” perspective on the DevSecOps platform. They routinely focus on the creation of capability excellence, risk management and integration along with comprehensive management reporting.

Define and implement an operating model that provides industrial strength Quality Assurance validation services for the Company’s information security technologies. Adapt the organization to meet shifting demands.

  • Research complimentary commercially available technologies under the direction of the SVC Senior Architect
  • Effect Proof of Concept exercises where useful
  • Collaborate with fellow GQS services (e.g. Tools/Automation & Performance) to create an optimally effective and efficient platform
  • Participate in Pilot programs
  • Contribute to the definition of an adaptable SecDevOps program management model guided by the Global Quality Solutions Playbook that implements GQS’ service delivery strategy and applies the Security Verification Center’s approaches

Create a positive work environment by maintaining solid, productive and involved relationships with SVC SecDevOps Sr. Managers, Engineers and cross-functional virtual team members

Establish a SECDEVOPS platform

  • Work under the direction of the SVC Senior Architect in the Design, Deployment and Support activities of a cohesive platform for the execution of Application Security Testing
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Interactive Application Security Testing (IAST)
  • Vulnerability Assessment for PROD Readiness
  • Consolidation of Vulnerabilities, De-Dup’ing, Presentation & management
  • Integration with the Defect Tracking system (HP Quality Center) and Source Code Management components (RTC and Jenkins)
  • Triaging by Subject Matter Experts
  • Guidance for Application Developers
  • Management Reporting
Incorporate Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST) and Vulnerability Assessment technologies into software development life cycle and deployment processes
  • Participate in planning sessions with leaders of the Software Development Life Cycle and Source Code Management systems to oversee integration with development, build and deployment operations.
  • Enable service delivery for a mix of for Waterfall, Iterative and Agile based processes development activities
  • Ensure Projects are Audit compliant at all times – including sign off by stakeholders for Test plans and providing sign off for each Project that includes test results.
  • Meet with SVC SecDevOps Engineers on a regular basis to resolve issues and review the testing status for each project

Resolve complex issues and enable self-reliance within key members of the organization

  • Encourage self-sufficiency among SecDevOps Engineers through mentoring and feedback
  • Addresses issues as they arise
  • Leverage creative thinking and problem solving skills as necessary
  • Conduct, attend and when necessary guide focused project status/review meetings
Demonstrate proficiencies
  • Integration of systems, retention of data, reporting and facilitation of data mining
  • Conducting focused program and project status/review meetings
  • Oversight of
  • Maintenance of Artifacts in a manner acceptable to Internal Audit
  • Design and creation of test conditions and scripts to address business and technical use cases
  • Experience with managing and performing Software QA functions using principles of Continuous Integration and Continuous Deployment (a plus)
  • Application Security concepts: (a plus)
  • Identity Management
  • Account Directories / Stores
  • Authentication
  • Course Grained Authorization
  • Fine Grained Authorization (Entitlements)
  • Single Sign-On
Qualifications & Skills
  • 8+ years’ experience as an IT professional
  • 3+ years’ experience in an IT Architectural Role,
  • 1+ must have been focused on information security
  • Experience in Information Security domain-specific architecture concepts with legacy and emerging technologies. (Design patterns, frameworks, current Java based solutions, C#, cloud, mobile, micro-services)
  • US Resident, able to be based in Eastern Massachusetts
  • Excellent written and verbal communication skills
  • Collaborative, contemplative, decisive and strong willed demeanor
  • Experience creating, promoting, guiding development principles in adoption of technical solutions.
  • Experience working with matrix teams including teams in different time zones
  • Ability to travel up to 10% of the time domestically and internationally
  • In-fundamental knowledge of:
  • Identity Management
  • Authentication
  • Authorization mechanisms
  • Separation of duties
  • Privacy controls (cryptography)
  • network/system administration
  • OWASP Vulnerabilities / Remediation
  • A plus…
  • Bachelor’s Degree in Science, Engineering or Technology discipline
  • 1+ year in IT Risk Management or Information Security organization
  • Another plus…Certification
  • CompTIA Advanced Security Practitioner (CASP) or

Mature, Highly Developed Leadership Style

* Strong organization and technology team management skills*

* Highly developed written and oral communication skills*

Ability to work well individually and among teams

Knowledge of Microsoft Office tools

Proficient with Visio, PowerPoint and Project

Experience operating in a highly regulated industry and under continuous

scrutiny from internal/external auditing organizations

Must be willing and able to be located in Eastern Massachusetts, be a work-authorized individual as defined by the US Department of Justice, encompassing U.S. citizens, lawful permanent residents and lawful temporary residents

  • Posted 13 Days Ago
  • Full time
  • R-574291