023369-IT Application Security Professional (Contract role)

(Contract role - 6 to 9 months with possible extension)

With more than 180,000 people in over 42 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2015 global revenues of EUR 11.9 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM, and draws on Rightshore®, its worldwide delivery model.
Learn more about us at  www.capgemini.com.
Rightshore® is a trademark belonging to Capgemini

Capgemini's robust Outsourcing offerings include: Applications Management, Infrastructure Management and Business Process Management. We combine these services with our deep industry knowledge and experience to provide the change agent to accelerate business growth. We generate quality and speed through our proven tools, methods and global centers. These capabilities, coupled with our program management expertise are tailored to fit the most challenging business needs.

The IT Application Security component assesses, designs, and implements capabilities, solutions, or preventative/remediation controls to protect proprietary/confidential data and systems in accordance with industry standards and governance/compliance requirements. Analysts apply industry standard risk management techniques to determine effectiveness of recommended or existing controls and create action plans that accept, mitigate, transfer, or avoid identified risks.

Significant duties and responsibilities for this position:

1. Applies information security common bodies of knowledge from industry organizations in conjunction with the company's Enterprise Information Security Policy and Enterprise Privacy Policy.

2. Participates with business partners in strategic design to translate security and business requirements into technical designs and solutions.

3. Researches/investigates emerging security topics, threats, capabilities, and solution options. Applies research to policy and governance, technology strategies, and solution architecture.

4. Understands the evolving governance, compliance, and regulatory landscape as it pertains to information security, advises on appropriate areas of subject matter expertise, and assesses efficacy of controls.

5. Implements, integrates, and supports the company infrastructure with technical applications and related vendor software/hardware

6. Performs research on infrastructure technologies and tools; designs and implements infrastructure architecture; implements and upgrades products

7. Responsible for the integrity of the infrastructure through product selection, development, understanding and managing the infrastructure, performance, and stability

8. Develops, follows, and/or implements infrastructure policies, strategies, guidelines, standards, and procedures

9. Interfaces with business partners to:
- Understand their technical needs
- Design, develop, or recommend integrated technical solution
- Implement and support integrated technical solutions


Other duties and responsibilities and of this position:

1. Strong written and oral communication skills including an ability to explain complex technical concepts to non-technical audiences.

2. Understanding of the software development lifecycle.

3. Significant understanding of OWASP principles, application architecture, ESAPI Framework, and ITIL principles.

4. High level understanding of privacy and compliance considerations/regulations (state breach requirements, GLBA, HIPAA, etc.).

5. Experience evaluating/working with third-par