* Experience as an application developer with an emphasis in secure coding, programming languages to include JAVA, .NET, Python, C and C++.
* Extensive experience supporting global information security in a complex, decentralized IT organization, focusing on protection of intellectual property and sensitive information.
* Hands on experience with secure coding practices: input/output validation (using constrain, reject or sanitize), auditing (NIST 800-53), memory segmentation, error handling, separation of duties, securing source code, data classification, account authentication and authorization.
* Proven experience with static code review tools (AppScan, Veracode, etc.).
* Strong knowledge of encryption selection and management, for data in motion or at rest.
* Strong knowledge of vulnerabilities including: XXS, SQLi, clickjacking, Cross-site scripting, cross-site forgery attacks
* Extensive experience supporting Global information security in a complex, decentralized IT organization, which focuses on protection of intellectual property and sensitive information.
* A degree in an IT or auditing discipline or other equivalent combination of education and experience that provides the required knowledge and skills.
* Five to ten years work experience supporting information technology and security,
* A positive "can do" attitude.
* Team player that takes the initiative to make an impact.
* Effective and strong communication and writing skills.
* Security Certification - CISSP, CISM, CEH, Security+, Linux+, MCSE, CCNA, SSCP or equivalent,
* Operational knowledge of:
* Security Incident and Event management (SIEM)
* Intrusion detection system (IDS) monitoring
* Computer security standard best practices
* Vulnerability assessment, scanning and tools
* Techniques for analyzing TCP/IP network traffic and event logs
* In-depth knowledge and working experience with operating systems such as Microsoft (e.g. Windows 8/7/2012/2008), Linux (e.g. RedHat)
* Ability to analyse and interpret windows and network device logs
* Computer / application access controls
* Penetration Testing activities (including network security and black-box testing)
* Risk assessment experience
* Working knowledge of ISO27001, ISO27002, ISO9001, Sarbanes Oxley, HIPAA, FDA Quality System Regulation, 21 CFR Part 11, 21 CFR Part 820
* Strong knowledge of network and Web application exploitation, ethical hacking, penetration testing, computer forensics, and tool development