Blog

Hello,
My name is Suraj Kumar and I’m a Sr. Recruiter at Diverse Lynx. We provide IT Consulting Services to our customers’ immediate and long-term resource needs. I am contacting you either because your resume has been posted to one of the internet job sites to which we subscribe or you had previously submitted your resume to Diverse Lynx. We now find your resume matching for a below opportunity with our client.

Role: Senior Security Engineer

Location: Connecticut State, CT

Must Have: Data Privacy, Data Security, DLP, Cyber Security – GR 

Job Description:

• Architect Data Protection and DLP Develop and apply security & privacy best practices into all projects that collect, store, and disseminate consumer data.
• Closely work along with Architects from our Data Visualization, Data Analytics, Data Storage, and our Global Privacy Teams to integrate security best practices creatively and seamlessly into our Data collecting, Data storing and Data dissemination platforms.
• Work with Application owners and Privacy Teams to develop and deploy industry best practices for management Authentication and Authorization to consumer data.
• Architect and Engineer data protection mechanisms for data at rest and data in transit.
• Deploy security best practices for interface integrations between data origin, data lake, data consumers as well as supporting middleware.
• Work with Global Security Team to Audit User permissions, monitor and mitigate risks to the data store.
• 3+ Year of DLP operational experience is required, must have implemented DLP, understanding expressions, analysis, policy drivers, and rules work, etc.
• Responsible for developing and maintaining policies, procedures, and standards for endpoint security solution build outs.
• Efficiently and thoroughly review project architecture and diagrams to formulate appropriate questions to identify security risk level and gaps in solution architectures
• Must possess the knowledge on Symantec CCS, DCS, Symantec Endpoint Security Suite, PGP, Mobility Suite
• Knowledge on Cloud security is an added advantage
• Strong interpersonal skills, with an emphasis on the ability to effectively influence others and develop productive working relationships
• Preferred Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Role: Senior Security Engineer

Location: Connecticut State, CT

Must Have: Cyber Security, Vendor Risk Management, GRC, Third Party Risk Management, Information Security

Job Description:

• Good understanding of audit requirements.
• Risk management processes and ability to foresee gaps in the processes and identify mitigation plan.
• Enterprise level understanding of Compliance requirements from various States & Federal agencies.
• Deep understanding of industry popular frameworks – Basic knowledge related to Information Security in a regulated environment (OCC, FDIC, Fed Reserve, CFPB, FFIEC, ISO 27001 standards / SIG framework etc.)
• Results-driven, analytical problem-solver with extensive experience in identifying Information Security Risks and developing cost-effective solutions to meet business requirements.
• Working experience in IT General Controls designing and evaluation of effectiveness of the controls.
• Exposed any of the GRC tools and management of controls using the tools.
• Perform vendor documentation review and analysis.
• Assess current business practices and identify opportunities to promote effective third party risk management.
• Document and report risk to Vendor Assessment management team, business partners, and vendors.
• Perform onsite assessments of vendor facilities.
• Review completed SIG questionnaires based on vendor inherent risk.
• Document risks and recommendations based on a vendors lack of controls.
• Identify and measure risk associated with vendor security controls.
• Non-Technical: Communication – Must have excellent communication skill (English).
• Managed services – experience working with customers directly and ability to understand the requirements.
• Communication – Ability to communicate Up, Down, and Across All Levels of the Organization and Technical Backgrounds.
• Detail Oriented – Good Understanding of Risk Management Framework.
• Analytical, Self-motivated – Critical thinker who can analyze and identify basic indicators of compromise on hosts and applications.
• Interpersonal skills and Professional demeanor – Respond to customer inquiries in a timely manner, guiding and advising customers on security best practices in a friendly customer facing manner.
• Problem-Solver – Processes tactical mitigations based on results of analysis and determination of threat validity

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Role: Senior Security Engineer

Location: Connecticut State, CT

Must Have: Static Application Security Testing, Cyber Security-EVM, SAST, DAST

Role Description:

• Develop policy and standards for API security.
• Experience and knowledge in Application Programming Interface (API), static application security testing (SAST) and related tools like Veracode / Checkmarx / Fortiy.
• Experience and knowledge in Burp Suite tool for dynamic testing (DAST).
• Primarily responsible for API application security but with a good working knowledge of other security domains (Cryptography, Identity and Access Management, Threat and Vulnerability Management)
• At least 4 years of working experience in application security that includes API, SAST and DAST along with Checkmarx, Veracode
• Primarily responsible for application security but with a good working knowledge of other security domains (Cryptography, Identity and Access Management, Threat and Vulnerability Management).
• Knowledge of security technologies (encryption, data protection, design, privilege access, etc.)
• Proficiency in planning, reporting, establishing goals and objectives, standards, priorities and schedules
• Excellent decision-making, analytical and problem solving skills
• Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization
• Strong knowledge of development and application security
• Knowledge of information security principles, web applications, and intermediate familiarity with malicious code and common hacking techniques used by malicious actors
• Experience conducting risk assessments and performing threat modeling of applications

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Role: Senior Security Analyst

Location: Connecticut State, CT

Must Have: Business Impact Assessment, BIA, BCP, Disaster Recovery, Business Continuity Management, Cyber Security – Information Security

Job Description:

• Conduct comprehensive assessments of maturity levels in terms of continuity and resilience (gap analysis) and define the consequent remediation plans;
• Define methodologies and conduct Business Impact Analysis (BIA) and Business Continuity Risk Assessment activities;
• Define continuity and resilience strategies;
• Design, implement and manage a Business Continuity Management System (BCMS) and the related document framework
• Drafting the Business Continuity Plan and the Crisis Management Plan;
• Define Key Performance Indicators and Key Risk Indicators, measure and monitor them;
• Support the definition and execution of tests in the BCM field;
• Support the definition and execution of BCM training initiatives.

Requirements:

• 4-6 years of experience gained on Business Continuity and/or Disaster Recovery projects for structured and complex companies;
• Knowledge of methodologies, frameworks, mandatory regulations and best practices and international standards of Business Continuity, Information Security, Data Privacy and Data Protection (e.g.: ISO 22301, DRI Professional Practices, BCI Good Practice Guidelines, ISO 27001, NIST, PCI-DSS, GDPR, etc…);
• Knowledge in the use of the MS Office suite (Excel, PPT, etc.);