|Act as the lead technical subject matter expert on all security matters within the company. Architect, design, deploy, administer and maintain information security systems/architecture utilizing a thorough understanding of available technology, tools, and techniques. Evaluate, implement, and maintain security standards and practices with direction from Information Security Management.
POSITION RESPONSIBILITIES :
Provide special technical guidance and recommendations to co-workers about the risks and control measures associated with new and emerging information system technologies as needed.
Assist with the research, evaluation, selection, installation, configuration and adoption of automated tools that enforce or monitor the compliance with information security policies, procedures, standards, and similar information security requirements.
EDUCATION : Bachelor’s Degree in Computer Science or related field of study; or any equivalent combination of relevant work experience and training
EXPERIENCE : 3-5 years experience in an enterprise security architecture role. 3 years of experience with commercial and open source security applications and technologies (e.g. malware prevention, DLP, IDS/IDP, cryptography, vulnerability scanning and penetration testing), as well as related protocols and tools (e.g. SSH, SSL/TLS, snort, port scanners, rootkit detectors, etc.). 2 years of experience performing network and application security penetration testing and/or threat assessments.
KNOWLEDGE & SKILLS : Experience implementing and operating technologies such as Websense, Tipping Point, Blue Coat, Cisco IOS, IDS/IPS, anti-virus software, advanced anti-malware prevention, and MS Windows Server, Unix/Linux systems, Windows desktop systems and Mac O/S. Knowledge of mobile (phone and tablet) device security and application security is also required. Extensive knowledge and hands-on experience with secure web application architecture, design, and coding techniques. Demonstrated understanding of security business controls, strategies, and methodologies as well as knowledge and experience with at least some of the following technologies; firewalls; intrusion detection; directory services; web access controls; advanced authentication methods; public key infrastructure (PKI); VPN; TCP/IP; anti-virus, single sign on; and audit; diagnostics, and forensic tools.
Strong background in data protection via PKI and various other encryption methods. Experienced in creating secure & compliant services and applications supporting a range of regulations, including but not limited to, PCI-DSS and PABP, SOX, FACTA & FACTA red flags provisions, US state data privacy, and GLBA. Must have extensive experience with the current regulatory environment including as Sarbanes-Oxley, PCI-DSS, GLBA, etc. Experience conducting code reviews in Perl, Python, Ruby, Java, Java Swing, HTML, XML, CSS, ASP, ASP.NET, Cold Fusion, Oracle, T-SQL, SQL and/or other languages.
Hands-on experience using enterprise web scanning tools (Nexpose & AppScan experience preferred). Knowledge of threat modeling or other risk identification techniques. Must be able to work at a high technical level of all phases of architectural design and implementation by processing a broad understanding of networks, computers, communication systems, threats and vulnerabilities and their interrelationships. Must be able to prepare and present detailed technical documents and presentations as needed.
EQUAL EMPLOYMENT OPPORTUNITY:
Norwegian Cruise Line Holdings Ltd. and its subsidiaries are equal opportunity employers, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristics protected by law. EEO is the law | EEO is the law GINA Supplement
Applicants have rights under Federal Employment Laws. FMLA | EPPA | Job Safety and Health: It’s the Law
NCL Corporation – Miami, FL