**Qualifications/Education/Certifications:**
* Bachelor's degree from four-year college or university (in information technology, business administration or a related field preferred); or equivalent combination of education and experience.
* 4+ years of experience working in an enterprise architecture, information security, information technology or information risk management related field.
* 3+ years of experience designing technical security controls (e.g. AAA, multi-factor authentication, network or host based firewalls, network or host based intrusion detection/prevention systems, anti-virus, encryption, VPNs, web application firewalls, configuration management, host hardening, continuous monitoring, incident response, or data loss prevention administration within an organization or in a consulting capacity.
* 3+ years of experience conducting security and IT control audits assessments.
* 2+ years of experience working with vulnerability scanners (Retina, Tenable Nessus, and Rapid7 Nexpose)
* 2+ years of experience working with penetration testing tools (Metasploit, Nmap, and Burp Suite)
* Currently hold one or more of the following certifications: CISSP, CISM, CISA, CEH, CompTia Security+, GCIA, GPEN or GSEC.
**Knowledge, Skills and Abilities:**
* Understanding of infrastructure and application security requirements and architecture.
* Demonstrated experience in defining security architecture solutions for large, mission critical systems comprised of multi-tier web applications, rich-client applications and batch processing.
* Solid understanding of Information Security standards, frameworks/methodologies and best practice (NIST, ISO 2700x, CIS, ITIL, CoBIT, OCTAVE).
* Knowledge of industry regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act of 1996 (HIPAA)
* Applications Security Architecture experience with a good understanding of Threat Modeling, Security Patterns and Security Methodologies (e.g., OWASP).
* Demonstrated experience of participating in the SDLC process with detailed knowledge of typical security requirements and solutions for mission critical applications and infrastructure.
* Understanding of host security architecture best practices.
* Understanding of network security architecture best practices.
* Ability to work well under pressure and to meet tight deadlines. Demonstrate a high level of motivation, confidence, integrity and responsibility.
* Possess excellent written and verbal communication skills, presentation, and problem solving skills and be able to interact well with peers and internal customers.
**Job Competencies:**
* Action Orientation
* Customer Engagement
* Flexibility
* Interpersonal Effectiveness
* Character
* Results Focus
* Collaboration
**Physical Demands/Working Conditions:**
Duties are performed primarily in an office setting. Travel to attend meetings and visit locations throughout the country may be required. Operates computer and standard office equipment, such as telephone and copier/printer.