IT Compliance Software Security Assurance Specialist

IT Compliance Software Security Assurance Specialist

Job ID #: 91325
Location: TX-Houston
Functional Area: Information Technology
Company: 10042 - AIG Global Services, Inc.
Employment Type: Full Time - Permanent
Education Required: Bachelors Degree (or equivalent)
Experience Required: 6-9 years
Relocation Provided: No
Travel Percentage: 0

Position Description:

The position will be responsible for managing vulnerability scans within for our expanding Application Assessment Program. This is a hands-on position to review, perform, assess, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure. The Engineer should be familiar with technologies employed on the Internet including: web application frameworks, secure distributed component architectures, and database management systems.

- Assist in the execution of AIG's Software Security Assurance program supporting all Corporate Functions and Business Units.

- Perform Software Security Assurance Assessments on the applications defined above using the following mechanisms:
* AIG's Software Security Assessment (SSA) methodology
* Dynamic Testing Tools (IBM Appscan Enterprise & Standard Editions)
* Static Testing Tools (HP/Fortify SCA 360)

- Work with Business application development team members to remediate risk issues identified in the software security assurance assessments

- Maintain AppScan Enterprise and HP Fortify SCA environments

- Responsible for software assurance in assessing and evaluating potential risks involved in granting exceptions and ensuring alignment with the defined information security policies and standards.

- Coordinate with IT and the business stakeholders to ensure effective communication, updating, and maintenance of the Software Assurance Program at the global level supporting all Corporate Functions and Business Units.

- Thorough understanding of threats and vulnerabilities related to the following:
applications, architecture,databases; thin/thick client, mobile/virtualized applications.

- Support corporate and business units in developing action plans to remediate their identified exceptions/issues/findings

- Support periodic reports/KPIs/metrics regarding risk management processes and action plan closure status, schedule, and trends identified during ongoing examinations, audits, and assessments

- Examine information security risks from a cross-organizational viewpoint including internal and external risks, from a security and compliance perspective

- Participates as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developments

Position Requirements
Job Requirements
- Professional Information Security Certification(s) (CISSP, CISM, GIAC etc.);
- Minimum of 5 years experience in Information Security and IT in general;
- Software Security Fundamentals, Cryptography, Penetration Testing, Source Code Analysis
- Experience with application vulnerability testing tools like AppScan Standard, AppScan Enterprise, Burp Proxy, Fiddler, Wireshark, nmap, Fortify
- Expert knowledge of common application vulnerabilities and their exploitation
- Clear understanding of various application architectures and their impact on application security
- Ability to identify mitigating controls
- Ability to effectively communicate risks of application vulnerabilities
- Knowledge of Electronic Data Interchange (EDI)
- Knowledge of XML based Web Services
- Excellent written and oral skills in English
- Experience within the financial services industry helpful
- Bachelor's or master's degree in computer science, information systems, engineering, or a related discipline or equivalent experience.
- Experience with technical aspects of IT including networks, servers, regulatory and associated risk issues.
- Experience performing audits, security, vulnerability, penetration tests, assessments and evaluations.
- Ability to clearly interpret and communicate the threats, risks and impacts to all levels of the organization
- Experience with risk and compliance tools such as Archer and Open Pages is a plus
- Extensive experience with Word, PowerPoint, Excel
- Excellent written and verbal communications, effective interpersonal skills, strong formal presentation abilities
- Familiarity with the following web languages/technologies is preferred: Java, Spring, Struts, Servlets, JAAS, XML, AJAX, JavaScript, .NET, C#, VB, Perl, Python, PHP, Ruby on Rails, Flash, ActionScript, SQL, UNIX scripting, HTML5

About Us:

American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries and jurisdictions. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States.

AIG Property Casualty is a global market leader, one of the few truly global property casualty franchises.

AIG Life and Retirement is one of the largest life insurance organizations in the U.S., and provides protection, investment and income solutions needed for financial and retirement security.

United Guaranty Corporation is the marketplace leader in mortgage insurance in the U.S.