Auto req ID 13583BR
CBS Business Unit CBS Corporate
Department / Business Unit Information Security Group
Location New York - New York
The Principal IT Security Engineer will be a major contributor to the CBS Information Security Group, responsible for helping ensure the security of CBS software applications and systems. The position requires deep knowledge of enterprise systems and architectures and expertise in implementing security best practices for major vendor software installations as well as proprietary applications. The position will require proven expertise in secure coding practices, configuration/authorization/privilege management and vulnerability management.
• Conduct application security assessments, application security architecture reviews, and risk modeling for CBS-developed software, acquired and/or hosted applications and services.
• With IT staff, ensure that application hosting environments (system and network) and applications perform together as a secure solution.
• Working closely with Governance, Risk, and Compliance stakeholders, ensure all applications meet corporate and regulatory information security standards.
• Conduct developer training and provide vulnerability remediation assistance.
• Provide direct support to the business as a subject matter expert for security defect resolution, including vulnerability remediation and/or mitigation.
• Oversee and conduct internal and external assessments of deployed software applications and systems including system and network vulnerability scanning, penetration testing, and patch management.
• Collaborate with applications developers and vendors to ensure legacy and newly deployed applications are developed securely.
• Evaluate outsourced / third-party technologies and hosting environments to ensure they provide adequate protection for the processing, transmission, and storage of CBS information.
• Research and review configurations, operating systems and applications for compliance with policy, industry standards and manufacturer recommended security baselines.
• Assist in the resolution of security incidents related to CBS assets, including root cause analysis
• 5 years of relevant experience required, with proven application security/software assurance, vulnerability management and policy/auditing expertise.
• Superior project management and communication skills.
• Deep knowledge of security policies, regulations, compliance issues, and processes.
• Deep knowledge of application security issues and configuration best practices.
• Proven skills with securing applications; comfort with Microsoft, *nix and iOS platforms.
• Proven experience securing .NET, web application, C#, C++, asp.net, RESTful interfaces, Java and objective-c a plus.
• Programming and scripting experience a plus.
• Industry accepted security certifications (CISSP, SANS, etc.) a plus.
• Bachelor’s degree in a related field.
• Masters degree a plus.
Minimum Education Level Bachelor''s Degree or Equivalent Experience
Job Status Full Time