Information Security Architect

International SOS - Trevose, PA

International SOS is looking for a talented Information Security Architect for our Trevose, PA office!

This role will be responsible for the overall management of all aspects of Information Security Architecture and best practices of secure application development and penetration testing. Lead IT Security Architecture discussions with application development and infrastructure team, drive secure software development practices, and support vulnerability management across the group. Analyze software designs and implementations from a security perspective, and identify and help resolve security issues. This will include the appropriate security analysis, defences and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.

Key Responsibilities

Information Security Compliance AND Security Compliance Management, Vendor Risk Management and Assessments.

  • Plan, present and follow-up on application security architecture for the group and ensure consensus in all application development forums with close integration with application development and quality assurance.
  • Manage the Vulnerability Assessment and Penetration Test of applications and work closely with application and infrastructure teams to execute the external Vulnerability Assessment and Penetration Test Program.
  • Collect and maintain the in-scope IP and URL register and verify the vendor-initiated scope scans for completeness. Perform the scans as per the methodology defined in International SOS Vulnerability Management Standard.
  • Coordinate with internal stakeholders for in-scope IPs and URLs. Also perform application security scans on-demand for all internal web-applications as and when requested by application owners.
  • Coordinate and establish DevSecOps methodology in various group functions. Perform cost assessments for new application and infrastructure projects based on internal costing sheet and best in breed solutions.
  • Perform application security scans for all new internal web-applications as part of application development process in accordance with High Risk Application Security Management Standard and DevSecOps methodology.
  • Perform ad-hoc penetration tests using the International SOS pen test, free tools and custom scripts and perform application and network penetration tests, application vulnerability assessment scans.
  • Offer expert opinion on web application penetration tests and remediation so that application team can ensure that remediation is performed in accordance with pen testers recommendations.
  • Track the remediation status based on the external vendor assessment and ensure that high quality penetration tests are performed by external service providers.
  • Manage and run the internal and external VAPT program with external partners and provide monthly status report on penetration tests and remediation status.
  • Perform monthly security scans using Nessus tool to verify the configuration, patch and vulnerabilities on systems in scope. Follow-up with internal and external stakeholders and keep the track of vulnerabilities and remediation status.
  • Advise IT management on emerging technical security issues and lead architecture discussions.
  • Own and support technical security assessments and ensure that all technical staff member within business units and regions are made aware on architecture requirements.
  • Prepare IT security architecture compliance dashboard for the organisation, report and follow-up on all open audit action items and ensure successful closure of open findings.
  • Implement, test and operate advanced software security techniques in compliance with technical reference architecture
Required Skills and Experience

  • Proven work experience as a software security engineer
  • Minimum 7 years of information security architecture and penetration testing work experience with a broad range of exposure to web application, mobile application and API penetration testing.
  • Expert in estimation of security cost, time and efforts of various application development project.
  • Proven track record in managing and implementing vulnerability assessment and penetration testing practice.
  • Good exposure and knowledge on IT security technologies and best practices
  • Excellent business communication skills
  • Ability to work in multicultural and multi-geographical environment
  • Ability to work autonomously or as part of a team, within targets and deadlines
  • Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
  • Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols
  • Interest in all aspects of security research and development
Required Qualifications

  • Bachelors/ Masters Degree in information security, information technology or related discipline.
  • CEH, SANS Pen Testing Certification, OSCP etc.
International SOS is an equal opportunity employer and does not discriminate against employees or job applicants on the basis of race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws.