CA Technologies provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. It’s our aim to encourage global collaboration and innovation while supporting and developing our talented workforce. CA Technologies empowers its employees to drive success for both the business and themselves.
Job Overview
This position is responsible for the definition, design, construction, testing and initial implementation of information security functions to secure CA's intellectual property, trademarks and brands to ensure availability of our systems, networks and applications for internal and external users. Assist with the development and implementation of security policies, procedures, guidelines and standards. Focus on the successful implementation of security solutions that optimize and improve the environment is required.
Work on problems of diverse scope where analysis of situations or data requires a review of a variety of factors. Demonstrate good judgment in selecting methods and techniques for obtaining solutions. Spend minimal time on day-to-day security and more time on working with management to develop and implement security strategies and managing portions of security projects.
Work is substantially complex, varied and regularly requires the selection and application of technical and detailed guidelines. Independent judgment is required to identify, select, and apply the most appropriate methods as well as interpret precedent. Regularly make recommendations to management on areas of significance to the department. Supervision received typically consists of providing direction on the more complex projects and new job duties and priorities. Compile and organize data and figures.
Decisions are made with greater freedom and discretion, including recommendations that are subject to approval on matters that may affect multiple departments across CA. Frequently expected to recommend new solutions to problems, to improve existing methods/procedures/services and generate new ideas. May also review decisions made by other individuals on more routine matters.
Decisions have moderate impact to the department or division, causing increased satisfaction or dissatisfaction; producing efficiencies or delays; promoting or inhibiting personal intellectual or professional development; and/or contributing to financial gain or expense. Errors may be serious, usually not subject to direct verification or check, causing losses such as improper cost calculations, overpayment or improper utilization of labor, materials or equipment. Effect is usually confined to CA itself.
Key Responsibilities
* Gather requirements for information security and works with Information Security Architecture to incorporate changes into the IT Architecture. Work to design, construct, and test and implement information security best practices, controls and implementations.
* Govern over security controls to ensure the prevention of malicious individuals from infiltrating company information or jeopardizing e-commerce programs
* Involved in the definition and creation of information security policies.
* Enforce security policies by taking action to remove violators from our systems and networks and by escalating to business mgmt
* Expert level, coordinate and conduct vulnerability scans and penetration tests as required by the business and management
* Drive remediation up to senior management when security configuration or patching problems exist
* Define the configuration for the company's firewall policy and security configurations for routers and switches
* Define and enforce applicable encryption methods
* Expert level, research attempted efforts to compromise security protocols and provide feedback to management
* Govern various security solutions including but not limited to, web filtering technologies, proxies and firewalls, Identity Management, Access Control, Authentication and Authorization technologies, Vulnerability Management, Intrusion Detection, etc…
* Through research, keep abreast of emerging security technologies and drive implementations of these technologies in CA's environment
* Oversee testing within security lab environments to examine functionality and effectiveness of various internal or third party solutions; drive vendor evaluations
* Drive and own CA's part of the product development lifecycle, ensure feedback to R&D is received and products improve due to recommendations
* Act as a champion for all IT Security Project implementation activities with varying counterparts within IT and the Business; seen as a leader and SME in this role
* Work directly with senior leadership to ensure that all flaws within existing security solutions are remedied to an acceptable level
* Own and understand the IT security requirements of CA's customers and implement measures to satisfy those requirements in the most efficient manner
* Drive the IT Security requirements within the Enterprise Supplier Management to define what constitutes acceptable connectivity to the organization
* Guide junior engineering staff on how to properly detect and implement new automation solutions for manual controls
* Often work with IT Engineering counterparts to ensure critical integrations are occurring between security solutions and infrastructure solutions; most notably when CA integrations occur, work through R&D and patents should be pursued
* Define the appropriate level of monitoring, logging and alerting in all security solutions hosted internally or externally such that access controls are enforceable and compliant to business requirements and/or regulations
* Build complimentary solutions that improve the effectiveness and reliability of existing or future IT Security solutions
* Define configurations for existing security solutions (GRC, DLP, Firewalls, Proxies, etc…)
* Evaluate network architecture and hardware/software configurations for security vulnerabilities and work with Infrastructure Engineering counterparts to ensure complex upgrades can occur to reduce security risks
* Provide innovation in security knowledge, practices, or procedures by testing and adopting new solutions and methods as part of your team goals
* Focus on the successful implementation of security solutions that optimize and improve the environment
* Correct all flaws within existing security solutions that are reported
* Accountable to deliver responses and actions for audit findings reported by internal and external auditing departments
* Lead forensic investigations and Computer Security Incident Response by coordinating efforts between HR, Legal, Compliance, Global Security, etc…
* Follow through with customer inquiries, requests and complaints with an extremely high level of professionalism
* Handle all non-routine inquiries or requests as required; escalations should be minimal
* Use non-standard practices and procedures to analyze situations or data from which answers may not be readily know
* Provide coaching to junior security staff and act as a role model / mentor
* Goal and customer service focused. During times of emergencies, outages and project planned work; be on call and available until the event is addressed. During system conversions, extra effort may be required in order to ensure the roll out of the system is successful.
* Perform other job-related duties as assigned and may assume the responsibilities from other security roles occasionally
Typical Role Definition
Sr Professional Staff. A seasoned, experienced professional with a full understanding of area of specialization. Resolves a wide range of issues in creative ways. Complete understanding and wide application of principles, theories, and concepts in the field. General knowledge of other related disciplines. Strong competence with the various tools, procedures, programming languages used to accomplish the job. Usually works with minimal supervision, conferring with a supervisor on unusual matters. May be assisted by (and at times direct) less senior level employees. Requires daily decision-making capabilities and actions that may not be reviewed by superiors. Assignments are broad in nature and need ingenuity and originality to solve. Contributes to moderately complex aspects of a project. May assist more junior staff members with aspects of their job. Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors. May play a role in high-level projects that have an impact on the company’s future direction.
Job-Specific Authority and Scope
* Generally works without consulting their manager.
* Independent decisions are made daily.
* Examples of typical decisions without manager consultation:
o May provide occasional work guidance, technical advice and training to staff.
* Typically has no direct reports.
* Typically has no total staff.
* Typically has a global geographic focus.
* Typically does not manage a budget.
Business Travel and Physical Demands
Business travel of approximately 10 or less percent yearly is expected for this position.
Physical demands:
* Office environment. No special physical demands required.
Preferred Education
Bachelor's degree or global equivalent. Master Degree in related field is preferred.
Work Experience
Typically 7 or more years of related experience working within the Information Security discipline.
Skills & Competencies
* Use skills as a seasoned, experienced professional with a full understanding of industry practices and company policies and procedures; resolve a wide range of issues in imaginative as well as practical ways.
* Highly advanced understanding of role based access Security for Business Applications (i.e.: SAP, Hyperion, Salesforce.com, and others)
* Highly advanced understanding of various web server technologies (IIS, Apache, Tomcat) and SSL certificate management solutions
* Advanced understanding of remote access technologies such as VDI, Juniper SSL VPN, and others
* Advanced understanding of Security Information and Event Management concepts
* Highly advanced understanding of wireless security solutions and protocols
* Advanced understanding of Firewall policy management and cisco router / switch security configurations
* Advanced understanding of Patch and Configuration management concepts and tools (MBSA, WSUS, Patch research and analysis)
* Advanced understanding of regulatory controls and industry standard like SOX, ISO27000, PCI and SAS70 Type2
* Highly advanced understanding of Access Management topics including but not limited to SAP Authorization Concepts, Business process, Segregation of duties review, and GRC tools
* Advanced understanding of programming and secure coding; Exploit Code reverse engineering knowledge is preferred.
* Senior-level exposure to systems analysis, application development and database design.
* Excellent Oral and Written Communication as well as the ability to interact effectively with peers and IT Mgmt.
* Ability to coach and mentor junior staff
* Highly advanced understanding of various operating systems and security configurations within (i.e.: AIX, Mainframe, Redhat, Solaris, Windows, Suse, Cisco IOS, Apple MacOS, Apple IOS, Google Android)
* Advanced knowledge of IT Security Risk management practices
* Advanced understanding of Computer Networking Concepts / Solutions (i.e.: TCP/IP, IPv6, Proxies, Switching, Routing, VPN Tunnels, DHCP, Subnets, VLAN's, Sniffers)
* Advanced understanding of protocols that closely impact security (i.e.: HTTPS, LDAP, SAML, Web Services, SSH, SSL, RDP, NetBIOS, Routing Protocols, FTP/SFTP, etc…)
* Advanced understanding of high level security concepts related to Cloud Computing, Web 2.0, Security Incident Response, Zero Trust Model, Enterprise Log Management, BCP/DR, IT Audit and Awareness Training
* Advanced understanding of Identity and Access Management concepts (Multifactor Authentication, Identity Management, Enterprise Directory / LDAP)
* Highly advanced understanding of End Point Protection (i.e.: Host-based IDS/IPS /Firewall, Anti-malware, End point hardening, NAC/NAP); Direct experience with McAfee EPO preferred
* Advanced understanding of computer forensics concepts and solutions (Access Data, Encase, Disc Imaging, eDiscovery)
* Advanced understanding with ITIL practices such as Incident, Request, Change, and Access and Problems Mgmt.
* Advanced understanding of Network-based Intrusion Detection / Prevention (Sourcefire, Snort, Signature Creation, etc...)
* Advanced understanding of Vulnerability Management concepts and solutions (Denial of Service, Port Scanning, Finger-printing, remediation, Nessus/NMAP); Direct experience with commercial great enterprise vulnerability management tool is preferred
* Strong understanding and proven ability to build work breakdown structures, tasks and activity timelines.
* Ability to effectively and pragmatically estimate activities and project activities and conform to delivery within time limits and budgets is critical to the success of this position.
* Expert level skills utilizing Microsoft Office applications
* Expert level analysis and problem solving skills
* Fully qualified, career-oriented, journey-level position.
Certifications
* Has completed all primary certifications in area of specialty. CISSP, ITIL v3, CCFE, CHFI or other forensics certification desired.
If you want to fulfill your potential, be acknowledged for your achievements, and be given autonomy to make decisions for your business and customers; if you want to work with a company that respects you as an individual - recognizing both your needs at work and your responsibilities outside of it - then CA Technologies is where you belong. At CA Technologies your passion and expertise can directly impact the business and you’ll help offer our customers practical approaches to delivering new, innovative services and value through IT.
Learn more about CA Technologies and this opportunity now at http://ca.com/careers
/ *Note to Recruiters and Placement Agencies:* We do not accept unsolicited agency resumes. Please do not forward unsolicited agency resumes to our website or to any of our employee. We will not pay fees to any third party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered our property and will be processed accordingly./