Application Security Architect - Lead Specialist Mercer
Hoboken, NJ

Job Description

Company:MMC Corporate

Description:

Applications Security Architect - Lead Specialist

Location: Hoboken or Phoenix

We are, Marsh & McLennan Companies, a global multinational enterprise known for recognizing talent and rewarding outstanding performance. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients.

If you are an Application Security Architect and have worked at the enterprise level in a large, complex organization, we would like to hear from you.

You will help drive and implement key security strategies designed to protect from threats thousands of applications and servers world-wide.

Responsibilities include but are not limited to:

* Design and implement network security architecture controls in support of hundreds of internal and external business IT projects and applications contributing to revenue growth globally
* Design, document, and deploy secure Infrastructure Solutions and participate in project teams to include designing connectivity and Software Solutions Aligning Security, cost, performance, and customer requirements to reach viable secure solutions.
* Review, assesse and signoff on business projects with respect to risk/adherence to security policies, standards, and industry best practices for data protection of Company and client data
* Lead project teams to include design, connectivity, and software solutions aligning security, cost, performance, and customer requirements to reach viable secure solutions
* Drives technical and strategic direction of the Information Security function across all of the company globally
* Maintain and update Information Security Technology road maps through industry research, knowledge transfer, continued learning
* Document and maintain comprehensive Information Security roadmaps and strategies with respect to process mapping; technical diagrams and schematics; standard operating procedures; and technical infrastructure documentation which results in the protection of sensitive information across thousands of applications and thousands of servers world-wide
* Partner with and provide Information Security expertise to the operating companies; to provide guidance and direction on secure application hosting for hundreds of internal and client facing application systems
* Assess applications and the associated data flow for risk to sensitive data, systems, or infrastructure.
* Collaboratively document security controls and application access requirements associated with hosted applications and system
* Responsible for End-to-End enterprise-wide Tier III troubleshooting of network, desktop, server (hardware & software) and application performance & connectivity across the global wide area network as it relates to Information Security
* Participate in or lead Computer Incident Response Teams (CIRT) as necessary by providing Tier III support to mitigate active security incidents possible threatening the Global Company Computing environment

Qualifications

* 4-year college/university degree required
* Minimum 10+ years of application security architecture experience with large scale implementations spanning multiple business lines distributed globally
* Must have experience with Internet Application Hosting architectures on premise and public clouds, best practices and related technologies to effectively protect externally facing applications at the network and host level
* Strong knowledge of WAF technologies. Experience with F5 ASM is preferred
* Familiarity with web application security vulnerabilities such as XSS, SQLi, CSRF
* Familiarity with common web application technologies such as .NET, Java, Openstack, Docker, TAM, SSL/TLS, load-balancing, etc.
* Familiar with common security controls on both Windows and Unix-based operating systems
* Familiarity with top security frameworks such as NIST 800-53, CIS, ISO 27000 series, COBIT, etc
* Familiarity with Application Hosting in Public Clouds i.e. AWS and Azure as well as related PaaS and SaaS services
* Good understanding of Microsoft AD and integration in to secure application hosting environments
* Good written and verbal communication skills a must
* Must be able to quickly and succinctly architect and create technical solution documentation
* Must be a self-starter, work with limited supervision & be able to work well with others in a globally diverse IT environment
* Knowledge of cryptography as it relates to application and network security is a must
* Experience coding/scripting with common languages such as Java Script, Python & Perl is a plus
* CISSP and/or CSSLP certification is preferred. Other Information Security oriented certifications a plus

Marsh & McLennan Companies offers competitive salaries and comprehensive benefits and programs including: health and welfare, tuition assistance, 401K, employee assistance program, domestic partnership benefits, career mobility, employee network groups, volunteer opportunities, and other programs. For more information about our company, please visit us at: http://www.mmc.com/. We embrace a culture that celebrates and promotes the many backgrounds, heritages and perspectives of our colleagues and clients. For more information, please visit us at: www.mmc.com/diversity.

Marsh & McLennan Companies and its Affiliates are EOE Minority/Female/Disability/Vet/Sexual Orientation/Gender Identity employers.

Marsh & McLennan Companies and its Affiliates are EOE Minority/Female/Disability/Vet/Sexual Orientation/Gender Identity employers.