As the Senior Lead Cyber Security Analyst, you will lead the security assessments across a variety of 3rd Party vendors, commercial off-the-shelf products (COTS), custom applications and platforms. You will work closely with both external vendors and product (application) team to help implement security solutions that are tailored to the specific risks facing the organization, including threat modeling and applications security consulting services. You will be a critical component to help manage the compliance of policies and standards as a function of an end-to-end SDLC project lifecycle.
You will play a meaningful role in maintaining the controls that enable our organization to operate efficiently, cost effectively, and within compliance standards. You will also assist others in interpreting, understanding, and applying security policies and standards to mitigate information security risks. This position works closely with other members of the Information Security and Legal Compliance organizations, in a coordinated and focused manner.
- Supervise contractors and consultants based on demand and project needs.
- Communicate the results and recommendations for improvements effectively to junior and senior level staff.
- Contribute to the ongoing collection, development, review, and adoption of architecture and development standards and standard methodologies.
- Support the evaluations of technologies and software products to figure out feasibility and desirability of incorporating their capabilities within the Hilton product suite.
- Actively participate in the governance process associated with application security and technology standards.
- Conduct vendor and application security assessments and act as a security escalation point for project teams.
- Author reports with detailed findings descriptions, and prioritized recommendations.
- Knowledge of two or more following technologies: Gitlab, Atlassian Stack, Node.js, React, Graphql and NOSQL databases such as Couchbase
- Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing (e.g., GDPR, ISO 27001, Cloud Security
- Alliance, NIST 800-53, PCI DSS, SOC2)
- Experience reviewing vendor and application design, software framework, and infrastructure to identify issues. Capable of assessing underlying components (e.g., databases, servers), configuration, and security access controls
- Experience working with development methodologies (e.g., Waterfall, Agile, RUP)
- Exposure to C++, J2EE, Java, C# and/or, .Net development
- Social communicators, who will positively influence Hilton’s partners and who will communicate effectively at all levels
- Dedicated, ambitious individual with good time management and attention to detail
- Experience with static code scan tools (e.g., Fortify, Checkmarx) and dynamic scanning tools (e.g., Rapid7, AppScan, Burp, Qualys)
- Knowledge of hotel-based IT systems and applications
- Self-starters, who take initiative in implementing goals, utilizing analytical skills, and possessing adaptability to change
Qualification & Experience:
- One (1) year of experience working with AWS/Azure Cloud design and architecture such as SaaS, IaaS and/or PaaS
- Three (3) years of consulting experience (internal or external)
- Bachelor’s Degree OR Associate’s Degree plus six (6) years of Technology related experience OR High School Diploma/GED plus twelve (12) years of Technology related experience
- Two (2) years’ experience working on product development and web development on J2EE platforms
Vacancy Type: Full Time
Job Location: Mclean, Virginia
Application Deadline: N/A