Cognizant Corporate Security, a key organization within Cognizant Technology Solutions, is chartered with managing and directing the global enterprise physical and logical security programs. The Corporate Security organization is responsible for the oversight and coordination of security efforts across the company, including information technology, human resources, communications, legal, facilities management and various other groups, and is responsible for identifying security initiatives and standards. Corporate Security provides governance and leadership and drives information security on key initiatives in helping the business appropriately manage security risks. 100% Remote
Position Description
Cognizant requires a security individual to work to perform Cyber Security Architecture reviews and Information Risk Assessments. The individual will also be responsible for the Secure Development Life Cycle for solutions developed by the organization. This includes the implementation of and continuous management of the secure testing life cycle including DevOps and CICD integration, Static and Dynamic Application Security Testing as well as penetration testing. This role will provide subject matter expertise, strategic guidance, and security oversight for various initiatives including customer engagements and Cognizant corporate projects. Candidates will have a proven ability to provide guidance on industry best practices, regulatory compliance, and security assurance as it relates to Cognizant Corporate Security Policies, Procedures and Standards. This position will also be responsible working with development staff to review and remediate security testing findings. The SME will evaluate and assess solutions both prior to deployment and on an ongoing basis as part of Cognizant’s continuous security management program.
Primary Responsibilities
Serve as a Cybersecurity resource and SME for a Product and Platform centric organization — ensuring that secure coding practices, security architecture, and governance are integrated with solutions during development while also ensuring that security is designed into actual services from the inception of the project, to production and client delivery
Day-to-day work with client delivery teams and ensure that they adhere to Cognizant’s corporate information security architecture, policies, procedures, baselines and guidelines. This is role requires a mix of technical capabilities as well as the know-how to provide security governance over complex applications and projects while also having the ability to articulate complex security concepts to business personnel and non-security personnel
Work with the application and solution teams to secure SaaS and on premise applications including assisting in the overall architecture and design of the solution and supporting components
Engage with resources across governance, compliance, and technical architects during the lifecycle of a project, supporting the sales cycle, to interacting with prospective clients and client teams to usher in, and provide security assurance, guidance, and advisory
Coordinate security testing of solutions including result analysis and driving of remediation (SAST, DAST, IAST, RASP, VM, and penetration testing)
Work with infrastructure and development teams to integrate, implement, and maintain security tools in the CICD pipeline leveraging automation to ensure SAST, DAST, etc. are part of the overall model.
Interface with Digital business leaders, client architecture teams, corporate architecture and governance personnel, as well as the Cognizant Security (CS) teams.
Ability to translate technical risk issues and distill such issues to common IT business leaders and upper management
Work with program managers to develop project plans, estimation documents, specifications, diagrams, and flowcharts
Solid understanding of security vulnerabilities (OWASP, CVE scoring) and experience working with development and product teams to remediate vulnerabilities during development cycles.
Solid understanding as to how to mitigate risks with common controls such as WAF’S, IDPS’s, MPS’s, AWL, etc.
Implement common principles and practices across cloud platforms and provide compliance with industry specific guidelines such as the Security Trust and Assurance Registry from the Cloud Security Alliance.
Qualifications
A four-year college degree in Computer Science or equivalent certification, or experience is required
5 years of security architecture responsibility and progressive information security experience across various information security / information technology risk management domains
7+ years of IT experience (including hands-on knowledge of network and distributed systems) and a sound understanding of networking concepts
3+ years performing risk assessments including experience with SAST/DAST tools, Vulnerability Remediation, Controls Mapping, Audit Protocols, Applications, Databases, Virtual Networks, Servers, Domains, SaaS, Cloud, Encryption, Firewalls, DLP, IAM Solutions, and security testing. Some experience with IAST and RASP tools preferred.
Experience coordinating third party penetration testing and working with development teams and product teams to drive remediation of findings. Some experience performing penetration testing is preferred.
Experience implementing security testing tools (i.e. Fortify, BlackDuck, Accunetix, Burp, etc.) and integrating them with workflow and development platforms (i.e. Jira, Jenkins, etc.).
Experience implementing secure solutions in public cloud environments (AWS/Azure/GCP) in alignment with ISO 2700, CSA, ISF, and NIST compliance
Strong experience in public cloud solutions, services and practices including PaaS, IaaS, and SaaS products and services.
Understanding of network design principles with and knowledge of virtualized environments and implementation of security controls in a virtual infrastructure.
Implement application security best practices according to industry-recognized standards and frameworks such as OWASP, SANS, CIS.
Understanding of current information security solutions market and vendor spaces across broad security domains
Work with development teams to ensure that appropriate assessment of security risks is performed. This is role requires a mix of technical capabilities as well as the know-how to provide security oversight for complex applications and articulate security concepts to developers
Strong communication and presentation skills. Ability to present complex compliance issues in an easy to understand manner for executive management.
Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources.
Certification in one or more of the following is required: CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager, or GIAC (Global Information Assurance Certification)
Technical Skills
SNo
Primary Skill
Proficiency Level *
Rqrd./Dsrd.
1
Spring Core
PL4
Desired
2
Spring Cloud
PL4
Desired
3
Spring Boot
PL4
Required
4
Core Java
PL4
Required
5
J2EE
PL4
Required
Domain Skills
SNo
Primary Skill
Proficiency Level *
Rqrd./Dsrd.
1
Billing
NA
Desired
2
Order to Cash Order Management
NA
Desired
* Proficiency Legends
Proficiency Level
Generic Reference
PL1
The associate has basic awareness and comprehension of the skill and is in the process of acquiring this skill through various channels.
PL2
The associate possesses working knowledge of the skill, and can actively and independently apply this skill in engagements and projects.
PL3
The associate has comprehensive, in-depth and specialized knowledge of the skill. She / he has extensively demonstrated successful application of the skill in engagements or projects.
PL4
The associate can function as a subject matter expert for this skill. The associate is capable of analyzing, evaluating and synthesizing solutions using the skill.