求人詳細
| 求人コード | 006-664 |
|---|---|
| 求人企業 | 外資系生命保険 |
| 求人タイトル | Platform-Security-Engineer |
| 職務内容 | ◆Overview We are currently undergoing several major transitions: Moving to a globalized organization from largely Japan focused organization Insourcing of key skills to ensure that IT becomes a part of the core competitive advantage of the company Changing operating model from a developer led IT strategy to a more cross functional strategy Integration of Japan centric on premise systems to hybrid cloud based global solutions. Overall the objectives are to move to a simpler model by using more standardized IT to allow innovations to be better propagated through the business functions. But while that simplicity should allow our company to respond more quickly – and less expensively – to changing business needs, bringing together these services for supporting business capabilities requires that these solutions are well integrated and understood, secure, reliable, and highly available and perform well. It also requires that these solutions align with the overall enterprise architecture to lower cost and avoid complexity. ◆Role Value Proposition We are increasing adopting modern technologies like software defined infrastructure, hybrid cloud geographically distributed platform and automation of deployment, capacity management and operations. A combined team with different technical disciplines is better prepared to ensure we can take full advantage of the possibilities. The security engineer will be focused on evaluating and implementing pragmatic security solutions that will take in account the trade-offs between risk reduction, usability and cost. The security engineer will be expected to work on both new and old technologies during the evolution to a best practice security engineering team. The Platform Security Engineer will be working side-by-side in a bilingual environment with the application, engineering and IT operations teams. Build and operationalization of new security platforms Ensure that build and operational design of security related systems and subsystems is consistent with plan design but also can be successfully operationalize with available technology Ensure that the security model used with new systems meets our guidelines and is in alignment with generally recognized industrial practice Demonstrates how new systems meet security and regulatory requirements Ensures systems are correctly handed over to infrastructure operations team including training of operational teams Ensures security model of new systems are well understood by the security stakeholders and any known weaknesses are correctly handled through risk management and registration Drive continuous improvement of security through better use of available technology ◆Key Relationships Reports directly to the Platform Solutions Office Manager who is under the Infrastructure Solutions Engineering Department Manager Reporting may include vendor and contractor staff contributions and project status Other key stakeholders: Infrastructure Teams. Operations Teams, Application Developers, IT Architecture Office ◆General Responsibilities Ensure that technical solution meets requirements defined by plan design, application design and operational requirements Establish and maintain build and security standards for technical deliverables and ensure design, application and operational stakeholders have provided necessary input Leverage and make best use of design, application and operational networks to ensure solution meets expectations or expectations are updated to reflect technical and operational feasibility Define clear solutions which cover build, operationalization and describe how systems will function within operational environment Document solution including build and operationalization documents especially showing how solution will meet functional and non-functional requirements Ensure development of a clear build and operational solution Design infrastructure and drive its implementation to protect our networks and systems. Provide security expertise and guidance to a diverse set of teams. Conduct security reviews of core corporate and production infrastructure. Drive enterprise focused security improvements to our products and services. Build security tools and processes for critical infrastructure protection, monitoring and remediation. Planning of security solution implementations over multiyear plan Planning of risk prevention, reduction and mitigation for major systems Assistance with risk evaluation during solution selection |
| 応募要件 (必須) |
最終学歴:四年制大学卒以上 |
| ◆Technical Architecture Governance Management Responsibilities Drive the technical design reviews to evaluate the build and run designs Ensure that run design documents have been reviewed and signed off by technical stakeholders Ensure that plan, build and run design are aligned Participate in plan design review as reviewer and provide feedback to help keep plan process aligned known limitations Ensure that all build and run level artefacts have been submitted to global reference repositories Ensure all build and run design proposals have been approved according global governance processes Participate in operational model creation for new technology ◆Education and Experience 5-10 years of professional IT experience related to infrastructure and IT security either in consulting, engineering or operations 1-3 years of design and hands on experience of CA SSO/CA Siteminder 2-5 years of experience of designing, hands on implementation and operations security services (e.g., security monitoring, access administration, intrusion prevention, data protection, anti-malware, data loss prevention etc.) Familiarity of security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats Experience with attacks and mitigation methods, with experience working in two or more of the following: Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application and browser security; Security assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; Security monitoring and intrusion detection, Incident response and forensics; Development of security tools, automation or frameworks. |
|
| 応募要件 (尚可、その他) |
◆Preferred 4-year degree in IT related course of study, preferred Expertise in designing, monitoring and optimizing security measures to protect information assets in cloud-based solutions (IaaS, PaaS, SaaS) will be a plus Familiarity with industrial standards FISC version 8, ISO27000, PCI-DSS, JA-SOX, NIST, COBIT is a plus Excellent written and oral communication skills in Japanese and English Highly motivated to learn new technologies and evaluate its application in MetLife Well organized and able to work independently with minimal direction 5 years of working experience in financial industry Cybersecurity Certification such as CISSP |
| 勤務地 | 東京 |
| 年収 | 700万~900万(応相談) |
