Kalles Group is a Seattle Security, Business, and Technology consulting firm on a mission to redefine professional services with the human workplace. Our subject-matter expert engagement teams are built to succeed. We align diverse career paths to bear on pressing business and technology challenges.
Kalles Group Business and Technology Consulting is a platform for you to become someone better through your work.
Role Overview
The Software Architect — Enterprise Security and Compliance Group will be joining a committed, talented team of Kalles Group engineers to systematize collection of Governance, Risk, and Compliance attestation evidence through customized data extraction solutions built on top of OOB tools. (Security Experience is not required for this role.) Evidence may be in the form of ACL, network monitoring or change management data, group policy creation history, application performance characteristics including data leakage or other risk areas, and others.
This team will be supporting the Information Security Compliance Group (ISC) collecting evidence for PCI attestation from network, endpoint, and IAM security tools in the enterprise environment. A secondary goal will be designing solutions to enable automation of the collection of that data from the cardholder data environment (CDE).
Key Outcomes, Year 1:
In Year 1, the Software Architect — Enterprise Security and Compliance Group will:
- Design and implement data extraction solutions from enterprise security tools with the support of Security and Compliance Subject Matter Experts. Data extraction may be accomplished via public API where available, or may need to be developed using other languages (Python, Ruby)
- Perform API-level work within Network Security, Endpoint Security, and IAM Security tool environments leveraging tool-specific capabilities to support evidence collection automation, as directed and defined by Governance, Risk and Compliance project lead.
- Design data extraction method and processing logic to given unique tool stack (Windows and Unix applications).
- Where applicable or required, leverage security auditing and evidence collection tools such as Chef Inspec (Ruby) for gathering data for PCI pre-audit. Build automation solutions using Chef Inspec (Ruby), and other scripting solutions (PowerShell, Python, Ruby) to support repeatable evidence collection processes.
Qualifications
- 5+ years of experience in full-stack engineering.
- Prior experience designing tool interfaces with enterprise-level Java required, and scripting in Python, PowerShell, or Ruby.
- Possess technical writing and communication skills.
- Show discretion when interacting with customers and vendors, as our planning and decision-making is ongoing.
- Be adept and dealing with ambiguity, thinking on one’s feet.
- Schedule and deliver on tasks in a timely manner.
- Thrive in a fast-paced, small-team atmosphere.
Tools in-scope for data collection within the cardholder data environment (CDE) include:
- IAM
- CA IDM
- CA SiteMinder
- PKI
- Avatiar
- Oracle Identity OID
- Oracle Virtual Directory OVD
- AD Domain Controller
- Endpoint
- ELK
- McAffee AV
- Gemalto
- Secure File Storage
- Splunk SEC
- FireEye
- FTU (file tokenization utility) / Liaison-Protect
- Symantec MSS
- Network
- Vormetric
- FTU (File Tokenization Utility)
- Tripwire (File Integrity Monitoring)
- McAfee AV
- ELK
- Tokenization (NETS Service)
- Other – Service Now
Location
Seattle
Compensation
Fly-in 1 week per month, otherwise remote:
140-180k + multiple subsidized options for comprehensive health/dental/vision insurance, paid holidays and paid vacation, and 401(k)
What's Next?
Apply Today! 1 step application process, no hoops to jump through.
Kalles Group is an equal opportunity employer.
by via developer jobs - Stack Overflow
No comments:
Post a Comment