POSITION PURPOSE: The Sr. Security Specialist- Security Operations is responsible for managing customer information security services. This can include code reviews, web application security assessments, assessments on new application security projects, and application security training for developers. Designing, developing or recommending security systems solutions that will ensure proprietary/confidential data and systems are protected. Participates with the client in the strategic design process to translate security and business requirement into processes and systems. ESSENTIAL DUTIES AND RESPONSIBILITIES : Static and dynamic code analysis of new and existing code as well as explain results. Apply a security analysis methodology to security development projects and provide recommendations based on results. Must be able to do manual security testing of web applications. Provide security training to developers based on OWASP recommendations. Understand contractual requirements with assigned customers Deliver customer security solutions Understand, communicate and administer established IT security policy Assist solution design teams on technical specific security requirements Contribute on a proactive basis to trend analysis and policy development Review and approve change management and new customer requests from a security and risk management perspective Second Level support for security related end user problems Perform security trend and technology related research as necessary OTHER DUTIES AND RESPONSIBILITIES : Implement security audit gaps results into the build and implementation project phase Define and realize plans concerning technical content and innovation in such way that will contribute adequately to the realization of Security Management Client's goals Assist in internal and external security audits Review and when needed improve the Security Management process QUALIFICATIONS : Relevant security certifications are desirable but not mandatory, such as CISSP, CISM, CISA or relevant application security certification like GIAC. Tool experience with Fortify 360, AppScan a plus. Bachelor's Degree with a focus in Information Systems / Computer Science / Information Security or higher. Minimum 5 years of working experience in systems engineering on a specific OS (AIX, Linux or Microsoft Windows) or storage infrastructure, 3 years in Information Security experience with a focus of Security Management Strong understanding for various IT security standards and practical experience implementing it within the IT framework of an organization Strong understanding and practical experience of multiple compliance frameworks like PCI. ISO 27001, ISAE3402, COBIT, ITIL, and SOX also helpful. Excellent knowledge in access management/controls and have working experience in implementing it by applying a model and/or using a tool or system Competent in security strategies and technologies including operating systems security, secure network, web and database services, penetration testing, access control, system monitoring and cryptography. Experienced at implementing or managing risk management/methodology, processes and tools. Ability to evaluate enterprise-wide impacts and make recommendations to approach issues and mitigate potential risks to an acceptable level Experienced with solving complex technical security issues through design of security controls within a development lifecycle, provide recommendations to operational processes in service delivery, etc. Experienced in handling challenging security incidents and participation in audit demands, communicate with internal & external customers management. For More Details: Dhanraj, Finezi Inc. 510-984-2273 dhanraj@finezi.com