Application Security Administrator

Westfield is a customer-focused insurance and banking group of businesses. Our winning vision embraces innovation and opportunities in a changing world. Our strength comes through relationships we have built with employees, business partners and customers. The product we offer our customer is peace of mind and our promise of protection is supported by a commitment to service excellence provided by an exceptional team of diverse people. Our success will be based upon knowledge, trust, integrity,

The Application Security Administrator position is a hands-on role that works closely with application development and support teams to define/implement application security best practices, perform software reviews, conduct security testing and identify/remediate application security vulnerabilities for the enterprise. The application security administrator provides asset ownership for the IBM suite of security tools to include, Federated Identity Manager, Tivoli Identity Manager, Tivoli Access Manager, and WebSeal. This position requires a high level of personal integrity, reflecting the appropriate level of judgment as it pertains to security with the ability to professionally handle confidential matters.

* Provides systems administrative support for the installed IBM security tools to include, but not limited to, TIM/TAM/FIM/WebSeal as part of Westfield’s Cross-Systems Authentication environment. * Investigates/troubleshoots/remediates user-to-system and system-to-system access for Westfield’s web-based application environment. * Works with application teams to design, integrate and support applications utilizing supported security technologies. * Performs routine maintenance for application security software to include quarterly patches and software upgrades following Westfield’s standardized change management best practice. * Performs system tuning, load testing, and capacity planning for ISAM/TFIM and application security configurations. * Assists with the evaluation of new product offerings and documents findings/position. * Engineers security solutions for internally built application and vendor application. * Engineers and architects ISAM/TFIM and LDAP solutions at an enterprise level. * Manages Enterprise Directory and synchronization tools. * Works with internal and external business partners to establish Identity Federations to securely exchange business data. * Travels occasionally in order to participate in special assignments, training, and/or travel between office locations.

* Experience with enterprise class application architectures that are highly scalable and reliable and ability to secure them. * Experience in the Web Application / Network Security industry (Hands on experience with compliance, auditing, testing, web application pen tests, network pen tests, server configuration reviews, firewall reviews, etc.). * Experience with Web Access Management tools such as Tivoli Access Manager, Siteminder, Oracle Access Manager, or similar experience. * Advanced experience with Enterprise LDAP systems and integration tools. * 5+ years of experience in web or mobile application security. * Advanced knowledge of Enterprise Operating Systems (Linux, Windows) and web application platforms such as WebSphere Application Server or WebLogic. * Experience in maintaining application infrastructure; software upgrades, patches, migration etc. * Ability to automate day to day tasks like log rotation, alerts, software updates etc. * Knowledge of cloud-based infrastructures and how they affect security needs (familiarity with Amazon Web Services is a plus). * Experience with HTML and JavaScript along with a solid understanding of HTTP protocol * Basic knowledge of SQL and some experience with programming in one or more server-side technologies such as Java, JSP, PHP, ASP.Net etc. * Experience using Agile software development. * Knowledge of cryptographic tools or security APIs is a plus. * Understanding of cryptographic processes (key management, seeding and PKI). * Demonstrated knowledge of information security principles and standards, web applications and a level of familiarity with malicious code and common techniques used by hackers. * Excellent oral and written communication skills and the ability to self-manage. * Excellent problem solving and analytical skills. * Self-motivation and the ability to work under minimal supervision are a must. * CISSP, GIAC, GSSP-Java preferred * Valid driver’s license and a driving record that conforms to company standards.