Delan Associates is looking for ITS professionals Solution Engineer for our client located in the New York City area.

U.S. Citizenship is required.

Location: Must live in the New York City area

Contract Period of Performance : 1-3 years long (1 year with (two) additional years to renew)

Overview:

The company ITS is a full-service provider of information technology services. ITS provides the company with centralized network services that will encompass, but will not be limited to, systems development / design, security analysis, information processing, telecommunications and data center support services, data communications infrastructure, platform hosting, an e-mail system, internet and intranet access data security and exchange, desktop/client support, help desk, project management, applications development and quality assurance.

The company's hardware and software platforms include, but are not limited to, IBM and UNISYS mainframe, Microsoft Windows client servers and SUN/UNIX.

ITS requires assignments to be completed within a specific time frame provided by ITS during normal work hours. The consultants assigned to these positions may be asked to work off-hours, weekends, or holidays. ITS estimates the various assignments associated with a position will be worked simultaneously and will be required over the life of the contract.

PROJECT NAME: IT Development and Management

HRA JOB TITLE: Solution Engineer

PROJECT DESCRIPTION: COMPANY has a constant increased need for the provision of full systems life cycle applications development on various computer platforms, including a variety of client eligibility and recertification systems, employment/work engagement services, claims systems, etc., that are critical to the operation and functioning of COMPANY programs, requiring periodic refinements to maintain the applications at optimum service levels. Having a project portfolio which properly reflects the user's business needs and COMPANY' workload is crucial. Therefore, there is a need for IT consulting resources for the expanding responsibilities at COMPANY.

Tasks & Duties

• Work with product development, management, engineering and operational teams to develop best of breed security architectures supporting compliance (e.g., NYC Privacy Law, Citywide Security Policies, HIPAA, SHIELD Act), customer requirements and operational SLAs
• Provide practical guidance to application development teams to support the implementation of security controls, guidelines, recommendations and best practices.
• Develop and implement Secure Development Lifecycle (SDL) processes and automated / DEVOPS tools integration to CI/CD.
• Assist application development teams in performing Threat Modeling, identify application threats/vulnerabilities and recommend mitigation strategies.
• Assist application development teams in identifying mitigation approaches for of vulnerability and static/dynamic scan results.
• Identify technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• Work on management requests to provide periodic updates, compiling security reports and designing Dashboards showcasing current application risk scenarios.

Required Skills

• Minimum 6 Years Strong understanding of application security and industry standards and best practices (OWASP / SANS / NIST)
• Minimum 6 Years Strong understanding of SDLC and Secure Development Lifecycle (SDL) including performing threat modeling and risk assessments, Application Scanning for Vulnerabilities (Static, Dynamic and Software Composition Analysis).
• Minimum 6 Years Strong understanding of integration of security in CI/CD pipeline, DevOPS, DevSecOPS
• Minimum 6 Years Experience designing and implementing and assessing API Security and Access Controls (OAuth/SAML, Web SSO, AWS IAM, Federation).
• Minimum 6 Years Must be a self-starter and able to work well with others in a fast-paced agile environment with an emphasis on collaborating and assisting the team to meet business objectives.
• Minimum 3 Years CISSP / CCSP / CSSLP certification is a plus.