Saturday, August 02, 2008

Security Analyst - in New York, NY

Saturday, August 02, 2008
The primary responsibilities of a Security Analyst are to provide expertise in operational guidance and support in application security and identity management solution, perform design, research and planning, mentor and coach developers on application security, SSO, and identity management advice to development teams.Candidates for this position will join a premier team of focused subject matter experts providing best practices on application security and identity management solution for IT application development.The responsibilities of a Security Architect in Standard and Poors include: Provide expertise in operational guidance and support in application security and identity management solution. Perform design, research and planning, mentor and coach developers on application security, SSO, and identity management advice to development teams. Creating and delivering presentations, communicating technical and highly complex application security information to management and public groups. Perform hardware/software, security, interoperability, re usability, scalability and performance analysis.Technical skills: Expertise in application security including Web based, Web Service based and Messaging based application security, Identity Management and SSO area. Working knowledge of WS-Security, SAML, Liberty Alliance, Certificate Authority (CA), PKI, Kerberos, SSL, HTTPS, LDAP, Active Directory, etc Experienced in Service Oriented Architecture (SOA), with strong understanding of Web Service security and Messaging (such as JMS) security. Will provide expertise and operational guidance and support in application security, SSO, and identity management to developers. Be a conduit for application security related questions and concerns. Participate in the design, creation and operations of Enterprise wide Identity Management and SSO solution. Understanding of Java and .Net security standards such as JAAS, or other relevant standards in J2EE and .Net platforms. Good understanding in object-oriented analysis and design. Broad understanding of design patterns. Understands the application development lifecycle well (from requirements through production) and understands different development processes (XP, waterfall, spiral, etc.). Good understanding of Service Oriented Architectures. Experience with J2EE application development, including servlets and JSPs, JDBC, and EJBs. Proficiency in the development environment, including IDE, web server, application server, programming frameworks, source control system, unit-testing tool and defect management tool. Understands how to create scalable and highly available applications at the database, application server and messaging layers. Good knowledge of and hands-on experience with XML/XSL and Web Services (UDDI, SOAP, ebXML, WSDL). Knowledge of legacy connectivity, tier-to-tier communication methods and distributed object frameworks. Knowledge of how messaging fits into a distributed architecture and experience with designing and implementing Enterprise Application Integration (EAI) solutions using Messaging technologies. Experience with Sonic ESB is a significant plus.
A minimum of 8 years of experience in software development, out of which a minimum of 5 - 6 years of experience in application security and identity management, and a minimum of 3 - 4 years in distributed technologies including J2EE, Web Services, and Messaging.Desirable skills and experience:
Experience: call for details

To Apply to this job go to http://www.GadBall.com or click here