talent deep dive security engineer, security software ... · • develop decentralized apps using...

60
Talent Deep Dive – Security Engineer, Security Software Development and Security Compliance (Washington DC, Greater Boston, Austin and Vancouver) February 2019

Upload: others

Post on 23-Mar-2020

9 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

Talent Deep Dive – Security Engineer, Security Software Development and Security Compliance(Washington DC, Greater Boston, Austin and Vancouver)

February 2019

Page 2: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

22

AGENDA

Talent Deep Dive – Security Engineer, Security Software Development and Security Compliance

(Vancouver, Greater Boston, Austin and Washington DC01

Defining 3 Roles: Responsibilities, technical skills &

sample roles

Talent Dashboards for the 3 roles across 4 locations

Relevant employee profiles

Top Peer Company Employers, workload & salary

distribution

Skills, certification and tools

Page 3: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

33

Clusters Description Responsibilities (Not exhaustive) Technical Skills

Security Engineer

A Security Engineer develops solutions to complex security issues across kernels, virtualization, device emulation, firmware and hardware . They are responsible to drive security reviews, threat modeling and develop tools to detect security threats. A security engineer is also responsible for security reviews of new products and systems, design security architecture and build delivery metrics

• Design security systems and architecture • Design, implement and integrate enterprise

security solutions such as web application firewalls (WAF), intrusion prevention/detection systems (IDS/IPS), secure log management and anti-malware solutions

• Design and execute automated penetration testing modules to detect vulnerabilities

• Develop and implement security policies and procedures such as authentication rules, security escalation procedures and encryption routines

• Configure, upgrade and troubleshoot firewalls, web proxies or intrusion detection /intrusion prevention systems

Skills:• Firewall, IDS/IPS, network access control and

vulnerability testing• Security concepts related to DNS, routing,

authentication, VPN,TELNET, proxy services and virtualization technologies

• Router, switch and VLAN security, wireless security and information security

• Networking protocols like OSPF, DHCP, EIGRP, TCP/IP, VRF, IPSec, BGP and RIP

Certifications:CEH, CISM, CISSP, GSEC, CISA, GPEN, ISSAP, GIAC

A Security Software Developer develops security software and integrates security features into application software during the design and development phase. They globally distribute security systems and oversee the compliance required. Interact with security researchers to build best practices and provide scalable and globally distributed security systems

Security Software Developer

• Participate in the lifecycle development of software systems using agile methodologies

• Develop security software solutions and applications and delivery through large scale distributed systems

• Design and develop security architecture and fix vulnerabilities

• Perform both SAST and DAST security assessments of software releases in the SDLC

• Design and maintain continuous integration using Jenkins and related tools, mobile build tools and perform QA of security test cases

• Build Prototypes, Proof of Concept and Reference Models that demonstrate security value

Skills:• C, C++, C#, Java, ASM, PHP, PERL, Python,

Spring, Hibernate, Maven • TCP/IP security, Cyber security, Cryptography• HTML, CSS, REST, OpenGL, OpenCV, Maven,

Node.js• Relational databases (e.g. SQL, MySQL,

Transact- SQL, PostgreSQL, etc.)• Object oriented design, Shell scripting,

Information retrieval• XML, Restful Web Services, AJAXCertifications:ESCP, GWEB, CEH, CES, CSSLP, GSSP - JAVA, .NET

1)

2)

List of 3 unique job clusters and definitions extracted from sample profiles (1/2)

Sample Roles

• Network Security Engineer• Cybersecurity Engineer• Penetration Tester• Cryptographer• Information Systems Security

Engineer• End Point Security Engineer• Cyber Threat Intelligence

Analyst• Firmware Security Engineer• Security Engineer -

Incident Response

• Cyber Security Software Developer

• Security Software Architect• Software Developer -

Security Distributed Systems

• Embedded Security Software Engineer

• Full Stack Developer, Security

• Software Engineer, Cloud Security

• Cyber Security Implementation Engineer

Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Feb, 2019

Page 4: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

44

Security Compliance

A Security Compliance Engineer is responsible for defining and implementing information security strategies and procedures. Conduct regulatory examinations and providing advice on action plans designed to address regulatory findings, and track timely remediation of regulatory issues. Compliance specialist should act as a trusted advisor and drive in the implementation of continuous improvements to the security organization

• Perform security audits, risk analysis, network forensics and penetration testing

• Research and analyze compliance trends and leverage GRC tools to eliminate risks and to adhere with the industry standards such as FISMA, NIST and RMF

• Develop and report performance metrics that demonstrate readiness, business impact and risk reduction. Drive compliance initiatives internally and with customers

• Build risk management frameworks to support all aspects of cybersecurity compliance

• Identify security flaws and vulnerabilities among servers, systems and network devices

• Maintenance of security infrastructure, analyzing threat intelligence, security incidents and security risk monitoring

Skills:• C, C++, C#, Java, Perl, Python, ASP.NET,• Intrusion Detection, Penetration

Testing, Vulnerability assessment• HTML, CSS, XML• Transact-SQL, PostgreSQL• DDoS mitigation• Cryptography

Certifications:CISSP, GCIA, GCIH, GCFA, CEH, CCE, GPEN,CISA, CISM, CASP, GSLC

3)

List of 3 unique job clusters and definitions extracted from sample profiles (2/2)

Clusters Description Responsibilities (Not exhaustive) Technical Skills Sample Roles

• Compliance Officer -Cybersecurity

• Cybersecurity Compliance Engineer

• Security Engineer, Compliance• Security Compliance

Consultant• Risk & Compliance Security

Analyst• Senior technology/cyber

security Compliance Officer• Security Compliance Analyst• Cybersecurity Policy and

Compliance Engineer

Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Feb, 2019

Page 5: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

55

Certifications in Cybersecurity have accelerated talent upskilling and enabled employees to command higher compensations

Beginner Intermediate Advanced Expert

CompTIA A+

Microsoft Technology Associate: Security

Fundamentals

CompTIA Security+

CompTIA CySA+

CompTIA PenTest+

Cisco Certified Network Associate Security

SANS GIAC Certified Incident Handler

SANS GIAC Information Security Professional

EC Council Certified Ethical Hacker (CEH)

EC Council Computer Hacking Forensic Investigator

EC Council Certified Network Defender

GIAC Certified Intrusion Analyst

CompTIA Advanced Security Practitioner (CASP+)

Cisco Certified Network Professional Security

ISC² Certified Secure Software Lifecycle Professional

ISACA Certified Information Systems Auditor

CSA Certificate of Cloud Security Knowledge

GIAC Security Leadership Certification

GIAC Certified Enterprise Defender

Security University GIAC Certified Enterprise Defender

Cisco Certified Internetwork Expert -Security

Securing Cisco Networks with Threat Detection and Analysis

Certified Information Systems Security Professional (CISSP)

ISACA Certified Information Security Manager

Mile 2 Certified Penetration Testing Engineer

Note: The above list of certifications is non-exhaustive and the analysis shows the most commonly accepted Cybersecurity certifications found from CompTIA and curated by DRAUP Research Team

Page 6: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

66

Cybersecurity Tech Stack for analysed roles: Security Engineer, Security Software Development and Security Compliance

Note: The represented data is a stack derived by analysing multiple Cybersecurity profiles and job postings. This domain clustering is defined by DRAUP’s Talent Module updated in Feb, 2019

Domain Roles

• Enterprise Security Architect• Information Systems Security

Engineer• Network Security Engineer• Cybersecurity Engineer• Penetration Tester• Cryptographer

• End Point Security Engineer• Cyber Threat Intelligence

Analyst• Firmware Security Engineer• Security Engineer -

Incident Response

Cyb

erS

ecu

rity

Te

ch-S

tack

• Security Compliance Consultant• Risk & Compliance Security Analyst• IT Security Audit and Compliance• Cybersecurity and Infrastructure

Audit• Cloud Security Audit Governance &

Compliance• Privacy & Compliance Officer

• Cyber Security Software Developer

• Software Developer -Security Distributed Systems

• Security Software Architect• Security Implementation

Engineer

• Embedded Security Software Engineer

• Full Stack Developer (Security)• Cloud Software Engineer (Cyber

Security)• Security Implementation

Engineer

Security Engineer Security Software Development Engineer Security Compliance

Security Standards

Firmware Security

Threat/Attack Mitigation

Log Analysis

Encryption and Data Masking

NetFlow Analysis

Transport Layer Security

Forensic Investigation

Penetration Testing

Vulnerability Management

Cryptography

Virtual Private Network Technology

Distributed Systems

Application Programming Interface

Unified Threat Management

Error Detection Framework

IAM

Complexity Analysis

Security Algorithm

Software Architecture

Firewall

Compliance tools Management

Root Cause Analysis

Security Audit

Risk Management / Risk Management Framework

Security Standards

ISO/IEC 27001/2 ISACA COBIT 5 ISO 27017 ISO 27018 ISO 9001 CSA 4.0 DISA

GRCTools & Software

Integrated Governance, Risk & Compliance solutions

Domain specific GRC solutions

Point solutionsIBM Security QRadar SIEM

MetricStream Compliance

ArcSight EMC RSANetwrixAuditor

Page 7: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

77

Talent Landscape: Precisely estimating the talent suited for Security Engineer, Security Software Developer and Security Compliance, involves several interviews and deeper understanding of technical stacks across resumes and profiles

Austin, Texas

Greater Boston Area

Washington DC Metro Area

Vancouver, Canada

Security Engineer Security Software Developer Security Compliance

18,000 10,000 2,200

5,900 3,700 800

2,500 1,600 300

1,650 1,050 100

Total Talent Pool

30,200

10,400

4,400

2,800

Note : DRAUP’s Talent Simulation Module

Page 8: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

88

Washington DC, Metro Area

Page 9: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

99

Washington DC, Metro Area, Talent Landscape: Approximately 68% of the Security Compliance talent in Washington DC, Metro Area has more than 10 years of experience. Leading Software and Banking giants is the major employer of this talent

Note : DRAUP’s Talent Simulation Module was used to analyze the distribution of ideal talent by locations and skill sets

Washington DC, Metro Area

*Listed roles are a sample set and are not exhaustive

RolesMedian talent pool by experience levels (years)

0-5 6-10 10+ Total

Security Engineer 4,350 4,500 9,150 ~18,000

Security Software Developer

2,000 2,500 5,500 ~10,000

Security Compliance 250 450 1,500 ~2,200

Overall 6,600 7,450 16,150 ~30,200

0-5 years 6-10 years 10+ years

Talent Split By Experience

22%

25%

53%

Sample Roles

Sample Roles

Sample Roles

• Cyber Security Engineer• Information Security Engineer• Cyber Information Assurance Analyst• Threat Hunter• Security Architect

• Cyber Security Software Engineer• Security Software Developer• Cyber Software Engineer• Security Software Architect• Cloud Security Software Developer

• IT Audit Analyst• Compliance Analyst• Information Security Compliance Analyst• Cybersecurity Risk, Control, Audit• Cyber Security and Compliance Analyst• Compliance Analyst

Security Engineer

~18,000

Security Software Developer

~10,000

Security Compliance

~2,200

Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization

Page 10: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1010

Location Hotspot: Bethesda Maryland, Financial District, Maryland Avenue are the key employer hotspot in Washington DC, Metro Area which is a home to many tech giants like Google, Microsoft, IBM, Oracle etc.,

Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database

Washington DC, Metro Area

Microsoft

Oracle GoogleIBM

Dell EMC

Boxboat

VerizonHughesNet

ManTech International

Capital One

AXA

Tarkik

Kublr

Financial District

Northrop Grumman

Leidos

Verisign

Bethesda, Maryland

Bethesda, Maryland has presence of multiple Technology and BFSI companies

Financial District

Financial District is home to technology giants and major companies in the Software / Internet vertical

Maryland Avenue majorly hosts companies in Cybersecurity, Aviation, and BFSIMaryland Avenue

Peer Employer Extended List

BAE International General Dynamics Thales Freddie Mac CSRA Inc.

Carahsoft Technology

Marriott International

VISA

AES Corporation Raytheon

Danaher

Hilton

Capital One

Bethesda, Maryland

Maryland Avenue

Fannie Mae Cisco AES CorpHotspot Employer Locations

Page 11: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1111

90

120

155

100

135

175

75

100

135

Security Engineer Security Software Developer Security Compliance

Ave

rag

e Sa

lary

(0

00

’ USD

) p

er a

nn

um

Washington DC, Metro Area: Average talent cost for a Security Software Developer is greater than the average talent cost of a Security Engineer and Security Compliance Officer

Note : DRAUP’s Talent Simulation Module was used to analyze the talent cost by locations and skill sets

Entry Level(0-5 Years)

Mid Level(6-10 Years)

Senior Level(10+ Years)

Average Salary$115,000 USD

Average Salary$130,000 USD

Average Salary$80,000 USD

Page 12: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1212

Washington DC, Metro Area: Top Employer Profiles for Security Engineer talent pool

~160

~140

~60

~30

~30

Top Employers & Headcount Job Titles Workloads

• Cyber Security Architect• Cyber Security Threat and Vulnerability

Engineer• Information System Security Architect• Penetration Tester

• Cyber Security Engineer• Information Security Engineer• Cyber Systems Engineer• Cyber Information Assurance Analyst

• Cyber Security Engineer• Cyber Security Architect• Security Analyst• IAM Engineer

• Security Architect• Cyber Security Engineer• Lead Security Operations Engineer• Application Security Engineer

• Develop technical and written solutions to prevent cyber security vulnerabilities• Design and recommend integrated system solutions internally and for the client• Create new techniques for solving and optimizing existing operational security issues

and POAM items to reduce program risk• Identify and report cyber threat surface and risk mitigation postures

• Perform data centric risk assessment including vulnerability scans, penetration tests• Install, configure and use tools such as Fortify, HP Scan to perform white box security

assessments• Drive vulnerability testing by leveraging COTS and GOTS based tools and generate

security finding reports and build security control test cases

• Development and support the Identity and Security Platform for customer apps• Configure and handle security tools in compliance with DoD requirements • Provide information security domain expertise throughout the security tools

development task and translate security requirements into technical designs• Develop decentralized apps using blockchain with non relational database

• Build an incident response program for incident detection, analysis, containment, eradication, recovery and forensic artifacts required for additional investigations

• Security guidance to new projects and initiatives, and develop software's in PHP, C/C++, Java and Python

• Develop automation and processes to identify security flaws, and enforce security standards

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Cyber Security Engineer• Cyber Threat Intelligence Analyst• Security Analyst

• Develops technical and procedural knowledge of all MSS services• Configure, implement, maintain, patch and update deployed security devices in a global

environment• Develop and operate tools to detect security threats and incidents• Respond to detected threats by driving quick mitigation policies

Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization

Page 13: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1313

Core ResponsibilitiesCore Responsibilities

Washington DC, Metro Area: Security Engineer : Sample Talent Profiles (1/2)

Mike MicheoEducation: BS Computer and Information Sciences, StrayerUniversity

• Provide threat and risk assessment reviews and guidance. Respond to and successfully triage incoming client requests

• Responsible for developing Standard Operating Procedures (SOP), System Design Documentation (SDD), System Manuals, Standing Instructions (SI) and Bench Level Instructions (BLI)

• Installation and maintenance of equipment and tools employed including firewalls, gateways, routers, switches, specialized Intrusion Detection Systems, Data Lost Prevention servers & workstations, RedSeal, Qualys, and Splunk

Sr. Security AnalystExperience in Current Role: 2+ YearsTotal Experience: 8+ Years

Robert BoyerEducation: N/A

• Install and maintain security scanning, monitoring, and evaluation tools used across the enterprise

• Create scripts to automate repetitive and recurring tasks

• Perform static and dynamic analysis of .NET and Java based applications including code reviews

• Implement and oversee security tools, technologies and security hardening of device configurations

• Design, develop, administer, and secure the enterprise Linux systems in the lab

Cyber Security EngineerExperience in Current Role: 9+ YearsTotal Experience: 18+ Years

• Design and develop system security architectures, security controls for client network and infrastructure

• Troubleshooting the issues discovered during subsystem and system level testing. Conduct protective and corrective measures when a security incident on vulnerability is discovered

• Evaluate industry trends and security documentation including SSAAs, COOPs, and SOP assess security tools

• Monitor vulnerability reports and observe National Vulnerability Database and US Cert Cyber Security Bulletins for identifying impacts

Ricky A. MarzettEducation: MS Information system security, Strayer University-Maryland

Senior Security SpecialistExperience in Current Role: 12+ YearsTotal Experience: 19+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Troubleshoot security related issues such as firewalls, switches, physical and virtual servers

• Evaluate, design and implement secure solutions for networking, authentication and authorization with the latest security and infrastructure technologies

• Responsible for securing and monitoring Windows and Linux servers on-premise and in the AWS

• Assess threat advisories to determine vulnerability. Design, recommend integrated system solutions ensuring proprietary or confidential data and systems are protected

Alexandra PelanEducation: N/A

Security EngineerExperience in Current Role: 1+ YearTotal Experience: 14+ Years

Core Responsibilities

Page 14: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1414

Core ResponsibilitiesCore Responsibilities

Washington DC, Metro Area: Security Engineer : Sample Talent Profiles (2/2)

Mohad MohamedEducation: MS Information Systems, George Mason University

• Establish, maintain and execute all components of an incident response plan, from incident intake through root cause analysis, technical remediation analysis and reporting

• Design incident response for cloud service models

• Protect the network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters)

• Analysis and definition of security requirements for applications and systems

Cyber Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 8+ Years

Marshall MutumanjeEducation: N/A

• Analyze, measure and report risk occurred due to software vulnerability

• Responsible for maintaining the integrity & security of enterprise wide cyber systems and networks

• Perform cyber threat intelligence analysis, correlate actionable security events

• Perform network traffic analysis using raw packet data, net flow, IDS, IPS, & custom sensor output

Security EngineerExperience in Current Role: 4+ YearsTotal Experience: 18+ Years

• Configure and troubleshoot cyber security device, test security products and systems to detect weakness in information security

• Review security plans and assist in developing security measures to safeguard information

• Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation

• Develop and implement information systems security programs. Develop new product, process, standards or operational plans to improve the existing cyber security process

Bruce WitherspoonEducation: N/A

Principal Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 7 Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Perform CND trend analysis and threat intelligence reporting

• Verify new cyber threat adversary tools, tactics, and processes

• Identify Advanced Persistent Threat (APT) activities and review DoD and open source intelligence for threats

• Test and identify risks and vulnerabilities to key applications within cyberspace

Sahil SethiEducation: Btech Computer Science, Punjab Technical University

Security EngineerExperience in Current Role: 5+ YearsTotal Experience: 11 Years

Core Responsibilities

Page 15: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1515

Washington DC, Metro Area: Top Employer Profiles for Security Software Developer talent pool

~180

~140

~120

~60

~50

Top Employers & Headcount Job Titles Workloads

• Cyber Software Engineer• Software Developer and Malware Analyst• Web security developer

• Cyber Security Software Engineer• Cloud Migration Security Developer• Security Software Architect

• Cyber Security Software Developer• Software Engineer – Security• Product Security Developer

• Software Engineer• Senior Software Engineer• Chief Software Architect

• Build, test and maintain reusable and reliable code for Online Aerospace Supplier Information System (OASIS) web application development

• Develop and implement security related solutions to harden the security posture• Run vulnerability assessment, penetration testing and create assessment reports

• Build product processes, automation and operational framework• Develop new applications and frameworks to help the enterprise discover cyber risks• Maintain application and servers within the distributed systems• Perform Network vulnerability assessment testing

• Design and develop protocol parsers for detecting application threats and vulnerabilities on the network

• Perform application vulnerability assessments on high-risk targets within the Company’s intranet

• Utilize application security testing methodologies to perform vulnerability assessments• Develop multi factor authentication and implement RESTful API for internal UI

development and for external users• Develop network sensor apps, establish GRPC-based remote backend connection, and

build Docker containers for functional customization

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Software Engineer• Senior Software Engineer• Principal Software Engineer

• Develop and provide enhancements to multithreaded system utility software • Develop system level software in C, C++ and Python for all cybersecurity products• Conduct requirement gathering, design and documentation, code review,

implementation and testing, and software release• Front end integration and development for the Cybersecurity offerings

Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization

Page 16: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1616

Core ResponsibilitiesCore Responsibilities

Washington DC, Metro Area: Security Software Developer : Sample Talent Profiles (1/2)

Ethan PedoeimEducation: BS Computer Engineering, University of Maryland College Park

• Design, implement and demonstrate software applications within an IT security architecture

• Develop and implement IDS & SIEM solution to detect malicious threats and anomalous network activity

• Create and maintain automation scripts leveraged for integrations between data sources and SOC solutions

• Construct and execute roadmaps for cybersecurity strategy implementation and communication

Cybersecurity/Software EngineerExperience in Current Role: 1+ YearsTotal Experience: 3+ Years

Justin ChenEducation: BS Computer Engineering, University of Maryland College Park

• Responsible for platform and security application development, database and micro-service design

• Perform security assessments and vulnerability analysis on company assets

• Build, test and maintain efficient, reusable, and reliable code for Online Aerospace Supplier Information System (OASIS) web application development

• Integrate and test software components into systems to meet requirements

Software Developer & Malware AnalystExperience in Current Role: 4+ YearsTotal Experience: 8+ Years

• Develop several web applications using ASP.NET, C#.NET, SQL Server, XML, XSLT

• Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc

• Responsible for penetration testing on cloud-based solutions and in house products

• Perform feasibility testing on security programs. Lead releases through Gate 3 and ensure compliance with standards and requirements

Cyber Cloud Architect & DeveloperExperience in Current Role: 1+ YearsTotal Experience: 12+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Design, develop, test and productize security content updates across multiple security product lines

• Develop distributed, fault-tolerant software using Python, Java, C++ programming

• Design, develop and implement framework to calculate the security risks of the cloud carrier by identifying the router vulnerabilities using C#.NET, ASP.NET, SQL Server, Java, Python, XML

• Drive client requirements in the strategic design process and translate security & business requirements into technical designs

Anthony ChowEducation: BS Computer Science,University of Maryland College Park

Cyber Security Software DeveloperExperience in Current Role: 1+ YearTotal Experience: 14+ Years

Core Responsibilities

Daniel GuymonEducation: MS Computer Engineering, Virginia Polytechnic Institute and State University

Page 17: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1717

Core ResponsibilitiesCore Responsibilities

Washington DC, Metro Area: Security Software Developer : Sample Talent Profiles (2/2)

Pallavi ShridharEducation: MS Information Systems, George Mason University

• Create test plans and test data for validation of security in the software

• Develop frond end for registration system using Python/Flask/Bootstrap/Jquery

• Provide Transaction Management using the Hibernate configurations

• Responsible for creating map services, implementing security using ArcGIS server

Information Security Software SpecialistExperience in Current Role: 2+ YearsTotal Experience: 8+ Years

David HarmonEducation: BS Computer Science,Dartmouth College

• Develop network sensor apps, establish GRPC-based remote backend connection, and build Docker containers for functional customization

• Optimized host-level resource assignments to achieve scalable flow rates for any customer

• Develop multi factor authentication and implement RESTful API for internal UI development and for external users

Senior Software Engineer Experience in Current Role: 1+ YearsTotal Experience: 9+ Years

• Design, research and develop components of software architecture

• Use cryptographic methods to verify integrity and authenticity of the software products

• Develop and implement tests for the verification of requirements

• Develop frontend security application using Angular, HTML, CSS, Javascript, Jquery, Bootstrap

Mary LiebEducation: MS Cyber Security, Johns Hopkins Whiting School of Engineering

Cybersecurity Software ArchitectExperience in Current Role: 1+ YearsTotal Experience: 16+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Develop and provide enhancements to multithreaded system utility software

• License management, remote configuration, file/folder synchronization and process management

• Redesigned and refactored the security apps system using Spring and related technology

• Redesigned the Fidelis software update process using Python, C++ and enhanced the efficiency of bandwidth and maintenance window

Sandeep ReddyEducation: MS Computer Science, University Of Maryland College Park

Software EngineerExperience in Current Role: 1+ YearsTotal Experience: 3+ Years

Core Responsibilities

Page 18: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1818

Washington DC, Metro Area: Top Employer Profiles for Security Compliance talent pool

~30

~25

~20

~20

~15

Top Employers & Headcount Job Titles Workloads

• Cyber Governance, Risk & Compliance Officer• Cyber Governance and Risk Analyst• Cybersecurity Audit lead• Information Security Risk & Compliance Officer

• Cyber Security Strategy Analyst• Cyber Security Analyst• Senior Security Compliance Audit Analyst

• Cyber Security Analyst• Security Analyst• Security and Compliance Engineer

• Information Security Compliance Auditor• Cybersecurity Compliance Engineer• Information Assurance Compliance Analyst

• Deliver all necessary cybersecurity reporting, and prepare IT security programs for mandatory governmental compliance inspections

• Develop and implement IT site security procedures to ensure full compliance with government classification guidelines

• Develop and administer companies Cybersecurity plans and adhere to standards

• Develop security policies and ensure security compliance for Cloud implementation• Perform complex analysis of cyber intelligence and law enforcement/ counter

intelligence policy and governance issues• Drive security requirements for the customer, integrating multiple capabilities and

scenarios supporting the cloud implementation

• Manage internal and external data regulatory Security Compliance efforts• Implement and monitor standards such as NIST 800 series, ISO 27000 series, GDPR, etc• Act as a subject matter expert for applicable regulations such as ISO, SOC, HIPAA, PCI,

FedRAMP/FISMA• Develop, implement, maintain and oversee security policies

• Plan, execute and lead security compliance audits• Collaborate with various departments to improve security compliance, to manage risk

and to bolster security effectiveness• Evaluate the efficiency, effectiveness and compliance of operation processes with

corporate security policies and related government regulations

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Corporate Security – Governance, Risk, & Compliance officer

• Security Compliance Consultant

• Test, evaluate and verify hardware & software products to determine governance and compliance with defined security specifications

• Drive in the support of standards such as NIST internally and with the customers. Overseeing the Trading Partner Manager platform to identify any security breaches

Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization

Page 19: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

1919

Core ResponsibilitiesCore Responsibilities

Washington DC, Metro Area: Security Compliance: Sample Talent Profiles (1/2)

Jason SEducation: MS Cybersecurity,The University of Dallas

• Provide process improvement support in the functional area of Governance, Risk and Compliance

• Conduct targeted validations and reviews on standards such as ISO/IEC 27001 and 27002

• Develop compliance by design strategies and process resources within the Cyber Assurance

• Design and implement internal risk and control governance processes

• Participate in governance forums and assess compliance and risks to Information Data Management policy and standards

Cyber Governance & Risk ManagerExperience in Current Role: 1+ YearsTotal Experience: 17+ Years

John MadsenEducation: MS Cyber Security Strategy, George town University

• Develop, implement and communicate IT security policies, standards, best practices, guidance and procedures

• Develop cyber strategy and policy documents to support the operational execution of cybersecurity programs

• Lead security engineers, risk analysts and IT/cybersecurity professionals to ensure security and privacy requirements are incorporated throughout the policy development life-cycle

• Perform complex analysis of cyber, counter intelligence policy and governance issues

Cyber Security Strategy AnalystExperience in Current Role: 4+ YearsTotal Experience: 30 Years

Cyber Security Compliance ManagerExperience in Current Role: 8 YearsTotal Experience: 9 Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

Matthew BreedenEducation: MS Cyber Security, University of Maryland University College

Cyber Security AuditorExperience in Current Role: 2+ YearsTotal Experience: 14 Years

Core Responsibilities

Jim McCormackEducation: PhD Neuroendocrinology, Virginia Polytechnic Institute and State University

• Conduct assessments on complex systems using common compliance assessment methodology, tools, and applications to determine cyber security frameworks

• Plan, execute and lead security compliance audits across the organization

• Inspect and evaluate information systems, management procedures and security controls

• Review the personnel to establish security risks and complications

• Develop, implement, maintain and oversee enforcement of security policies

• Collaborate with security architects and technical security teams to implement security processes based on industry-standard and compliance requirements

• Act as a subject matter expert for applicable regulations such as ISO, SOC, HIPAA, PCI, FedRAMP/FISMA

• Ensure the use of standard methodologies such as NIST 800 series, ISO 27000 series, GDPR wherever applicable

Page 20: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2020

Core ResponsibilitiesCore Responsibilities

Washington DC, Metro Area: Security Compliance : Sample Talent Profiles (2/2)

Harry LEducation: BA English Language and Literature, North Carolina Central University

• Develop and implement programmatic strategies for enterprise compliance and integrate program management strengths with Agile practices to drive Cyber objectives

• Drive governance and coordinate periodic reviews to identify opportunities and refine initiatives

• Lead IT strategy relating to privacy, security and compliance assurance

• Design and articulate the compliance posture and run test audits to ensure compliance. Assist in capturing, maintaining, and analyzing compliance data and build a holistic compliance risk management framework

Cyber Governance, Risk & Compliance ManagerExperience in Current Role: 5 MonthsTotal Experience: 8+ Years

Loretta LemonEducation: MS Management –Information Systems Security, M.S.- Colorado Technical University

Cybersecurity, Privacy & Compliance ManagerExperience in Current Role: 8+ YearsTotal Experience: 12 Years

Cuong NguyenEducation: MS Cyber Security, George Mason University

IT Security Compliance AnalystExperience in Current Role: 2+ YearsTotal Experience: 11 Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

Doug EnnelsEducation: NA

Information Systems Security Risk Analyst - ComplianceExperience in Current Role: 2+ YearsTotal Experience: 5 Years

Core Responsibilities

• Evaluate security governance including payment card industry (PCI) security, identity and IT regulatory compliance needs and gaps against business requirements and objectives

• Provide recommendations and allocate resources to manage security risks and compliance

• Develop an IT security plan to manage risk and automate multiple risk management programs

• Manage IT governance, risk and compliance and deliver leadership in Security Strategy Risk and compliance

• Conduct vulnerability and compliance assessment scans on assigned systems using Tenable Nessus, Retina, and AppDetective tools

• Review systems, programs, and other elements to determine compliance using Cyber Security Framework

• Create, maintain and implement the security governance, security frameworks ,compliance polices and standards for ICT infrastructure program in accordance with standards that needs to be adhered

• Develop, implement and maintain System Security Plans (SSP), Standard Operating Procedures (SOP) and information security policies to ensure compliance with Risk Management Framework (RMF) guidelines

• Conduct risk assessments and implement compliance in accordance with government regulations and cybersecurity guidelines

• Perform hardware/software configuration management, develop hardware/software approval letters for government approval and perform IA self inspections to measure regulatory compliance

Page 21: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2121

Greater Boston Area

Page 22: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2222Note : DRAUP’s Talent Simulation Module was used to analyze the distribution of ideal talent by locations and skill sets

Greater Boston Area

*Listed roles are a sample set and are not exhaustive

RolesMedian talent pool by experience levels (years)

0-5 6-10 10+ Total

Security Engineer 1,200 1,300 3,400 ~5,900

Security Software Developer

600 700 2,400 ~3,700

Security Compliance 70 130 600 ~800

Overall 1,870 2,130 6,400 ~10,400

0-5 years 6-10 years 10+ years

Talent Split By Experience

18%

20%

62%

Sample Roles

Sample Roles

Sample Roles

• Information Security Engineer• Network Security Architect• Embedded Security Engineer• Security Analyst, Malware and Forensic Lead• Cybersecurity Risk Assessment Engineer

• Cyber Security Software Engineer• Security Software Developer• Cyber Software Engineer• Security Software Architect• Cloud Security Software Developer

• IT Audit Analyst• Compliance Analyst• Information Security Compliance Analyst• Cybersecurity Risk, Control, Audit• Cyber Security and Compliance Analyst• Compliance Analyst

Security Engineer

~5,900

Security Software Developer

~3,700

Security Compliance

~800

Greater Boston Area, Talent Landscape: Approximately 75% of the Security Compliance talent has more than 10 years of experience. Leading Software and Banking giants is the major employer of this talent

Page 23: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2323

Location Hotspot: Westford, Cambridge and Plymouth are the key employer hotspot in Greater Boston Area for the analysed security talent roles

Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database

Hotspot

Greater Boston Area

IBM

MathWorks

RSA Security

Akamai Technologies

Google

State Street

Pivotal

Microsoft

Fidelity Investments

Liberty Mutual

Insurance

Athenahealth

RedHat

Plymouth

Wesford

Employer Locations

Dell EMCCambridge

Raytheon

National Grid

Cambridge Cambridge is home to technology giants and major companies in the Software / Internet vertical

Westford Westford has a mix of Software, BFSI and Cybersecurity companies

Plymouth majorly hosts companies in BFSI, Healthcare and Energy/PowerPlymouth

Peer Employer Extended List

Cisco Boston Scientific Schneider Palo Alto Networks Honeywell

Symantec BAE Systems Iron Mountain Bank Of America Boston Scientific

Sanofi Fiserv NetScout AT&T Analog Devices

Page 24: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2424

80

105

140

90

115

155

65

90

125

Security Engineer Security Software Developer Security Compliance

Ave

rag

e Sa

lary

(0

00

’ USD

) p

er a

nn

um

Greater Boston Area: Average talent cost for a Security Engineer is greater than the average talent cost of a Security Software Developer and Security Compliance Officer

Note : DRAUP’s Talent Simulation Module was used to analyze the talent cost by locations and skill sets

Entry Level(0-5 Years)

Mid Level(6-10 Years)

Senior Level(10+ Years)

Average Salary$102,000 USD

Average Salary$120,000 USD

Average Salary$72,000 USD

Page 25: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2525

Greater Boston Area: Top Employer Profiles for Security Engineer talent pool

~180

~55

Top Employers & Headcount Job Titles Workloads

• Security Hardware Engineer• Network Security Engineer• Security Architect

• Troubleshoot storage-related reliability, availability and performance issues• Security field solution design for XtremeIO Business unit• Perform storage virtualization, fully automated storage tiering and disaster recovery• Perform customer’s risk and fraud environment analysis, including extensive production

data to identify vulnerabilities and risk patterns

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Information System Security Engineer• Industrial Security Specialist• Network Security Engineer

• Develop cyber security requirements, including design and architecture artifacts, strategy, plans, and policies

• Implement security controls for networking devices, operating systems and hardware and software components

• Perform vulnerability assessments

~30

~25

• Information Security Engineer• Network Security Architect• Security Solutions Engineer

• Assess the security and vulnerability of deployed systems using tools and adversary Tactics, Techniques, and Procedures (TTPs)

• Develop networking prototypes and security capabilities in advanced labs• Conduct security reviews of internal facing prototypes and services

• Network Engineer – Cyber Security• Cyber Security Analyst• Cybersecurity engineer• Cybersecurity Risk Assessment Engineer

• Develop and maintain an Information Assurance Vulnerability Management (IAVM)• Develop threat models, measures and metrics for security• Integrate Linux security configurations via DISA STIGs• Analyze and integrate scalable human-assistive cyber decision support tools

~20

• Information Security Engineer• Security Analyst, Malware and Forensic Lead• Computer Forensic Analyst• Security Architect

• Design, develop, implement and integrate IA and security systems and system components

• Validate and verify system security requirements definitions and analysis and establish system security design

• Build of security architectures and mitigate system security threats throughout the program life cycle

Page 26: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2626

Core ResponsibilitiesCore Responsibilities

Greater Boston Area: Security Engineer : Sample Talent Profiles (1/2)

Tim HonkerEducation: BS Astronautic/Space Engineering, The University of Texas at Austin

• Responsible for tools and data collection, tracking and analysis, internal processes, threat awareness and training, and external engagement domains

• Design, build, test and deploy SIEM and Security Architectures

• Perform security incident analysis and recommend remediation steps

• Develop, implement and maintain security polices and standards

Senior Cyber Security EngineerExperience in Current Role: 3+ YearsTotal Experience: 10+ Years

Ronald HodgesEducation: BS Computer Engineering, Virginia State University

• Investigate incidents and create accurate incident reports for records

• Deploy cloud-based test network infrastructure and design embedded systems pen-testing framework

• Build data architecture and implement vulnerability theory

• Develop Systems Security Plans (SSP) and Plan of Action and Milestones (POAM) for missile defence testing and training systems

Cyber Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 5 Years

• Establish a framework to improve delivery of IaaS security services

• Architect product portfolio in the areas of encryption, authentication, system integrity, and policy management

• Develop security features into cutting edge storage products, and perform security penetration tests

• Manage secure development life cycle (SDLC) for products

Sharath HugluvalliEducation: MS Computer Information Systems, St. Mary's University

Senior Security ArchitectExperience in Current Role: 12+ YearsTotal Experience: 19+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Conduct vulnerability scans, static code scans and dynamic code scans to detect software vulnerabilities

• Implement, maintain and integrate various enterprise cybersecurity tools and provide integration support to NAVFAC

• Create and maintain multiple virtual server systems based on VMware

Jason HillEducation: MS Cybersecurity Technology, University of Maryland College

Senior Cyber Systems EngineerExperience in Current Role: 9+ YearTotal Experience: 12+ Years

Core Responsibilities

Page 27: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2727

Core ResponsibilitiesCore Responsibilities

Greater Boston Area: Security Engineer : Sample Talent Profiles (2/2)

TJ McCannEducation: NA

• Generate and update Cyber Security plans as required

• Provide IT Policy and targeted incident reduction to the software projects

• Develop security artifact templates for security assessment plans and reports

• Perform automated and manual testing for vulnerabilities and misconfigurations

• Responsible for providing on-site IT security support to remote field sites

Cyber Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 19+ Years

Ari SeitelmanEducation: MS Information Assurance & Cyber Security, Northeastern University

• Provide guidance and oversee vulnerability assessments

• Define, negotiate, and execute Assessment and Authorization (A&A) programs

• Define security development and test efforts for the implementation of security controls of networking devices, operating systems and hardware & software components

• Define and develop cyber security requirements, including design and architecture artifacts, strategy, plans and policies

Cyber Security EngineerExperience in Current Role: 3+ YearsTotal Experience: 13+ Years

• Perform network troubleshooting, firewall changes, security auditing, and vulnerability management

• Manage, monitor and troubleshoot systems with strong focus on continuous improvement

• Manage incident response and troubleshoot the issues when raised

• Design, implement and maintain security processes and controls, ensure compliance with core applicable standards (PCI-DSS, SOC2 Type II, ISO27001)

Salman SyedEducation: Information Technology Cybersecurity, University of Cumberland

Network Security EngineerExperience in Current Role: 1+ YearTotal Experience: 3+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Test and implement appropriate security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup and recovery

• Evaluate, develop and implement security standards and procedures

• Review the development, testing and implementation of security plans, products and control techniques

• Assist with automation development of security process by interacting with the development and product teams

Dale GoinsEducation: BS Information Technology, University of Phoenix

Senior Information Security AnalystExperience in Current Role: 1+ YearTotal Experience: 13+ Years

Core Responsibilities

Page 28: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2828

Greater Boston Area: Top Employer Profiles for Security Software Engineer talent pool

~100

~80

~80

~50

Top Employers & Headcount Job Titles Workloads

• Principle Software Engineer• Sr Software Engineer• Security Software Developer

• Security Front End Developer• Cloud Security Engineer• Security Software Developer

• Cloud Security Software Developer• Security Software Engineer• Software Engineer II (Security)

• Security Software Engineer• Cyber Software Engineer• Security Software Architect

• Build advanced threat protection and endpoint protection solution• Develop network security software solutions• Perform penetration testing and system attack for the software projects• Build API translation layer for integrating mobile security solutions

• Develop distributed, fault-tolerant security software for IBM products• Enhance the Bluemix application development platform and avoid threat indulgence• Create and maintain secure machine learning models with a focus on big data• Develop creative technology solutions and implement new features and enhancements

for the next generation cybersecurity controls

• Perform user implementation for customer facing application using AWS active directory service hosted on AWS elastic bean stack

• Design, build and own production deployments such as Kafka, Kubernetes, Elasticsearch and PostgreSQL

• Design, implement, debug and fix problems with the software applications• Develop products and solutions that are hardened against emerging cyber threats• Develop and enhance security tools• Perform crash analysis, vulnerability assessment, malware detection, code

development, system hardening and security certification and accreditation

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill setsNote : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization

~30 • Cyber Security Software Engineer• Security Software Developer

• Perform penetration testing and system attack for the software projects• Conduct internal forensic investigations and develop global security monitoring and

incident response programs • Support Big data and analytics, including application of Map Reduce programming

model and analytics technologies such as Hadoop, Hive and Pig

Page 29: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

2929

Core ResponsibilitiesCore Responsibilities

Greater Boston Area: Security Software Engineer: Sample Talent Profiles (1/2)

Omar RazaEducation: N/A

• Design, research and develop components of security software architecture

• Build and manage testing environments, and assist in debugging application issues

• Design and code servers, services, applications and databases that are reusable, scalable and meet critical architecture goals

• Design, develop and create automated frameworks, processes and test cases based on functional and non-functional requirements

Security Software Development EngineerExperience in Current Role: 2+ YearsTotal Experience: 8+ Years

Zach BornsteinEducation: BS Information Security and Forensics, Rochester Institute of Technology

• Design and implement systems that enhance Liberty Mutual’s security infrastructure

• Implement software security techniques in compliance with Linux Kernel and Android software architecture

• Perform threat modelling, implement attack surface reduction and kernel hardening features

• Guide the software development team in implementing security standards and tools

Senior Software DeveloperExperience in Current Role: 11 MonthsTotal Experience: 6+ Years

• Design, develop, test, deploy, maintain and improve software

• Architect and design security software to meet current and future requirements and test vulnerability assessments

• Responsible for implementing design specifications, system flow diagrams, documentation and testing of security software

• Drive application security and conduct incident management of Google’s products and applications

Sr Software Engineer - CybersecurityExperience in Current Role: 3+ YearsTotal Experience: 20+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Design, architect security software solution in components like deep learning security, secure boot, Secure OS on Tegra platform

• Develop Secure OS and Secure OS applications used in various security use cases like secure key exchanging and web security

• Triage and debug various software issues in complex applications

• Develop, review and execute test plans and test cases

Rajesh RameshEducation: MS Computer Science, Northeastern University

Application Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 8+ Years

Core Responsibilities

Sachin PatilEducation: MS Computer/Information Technology, MIT

Page 30: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3030

Core ResponsibilitiesCore Responsibilities

Greater Boston Area: Security Software Engineer: Sample Talent Profiles (2/2)

Jay McDermottEducation: N/A

• Build platforms by architecting reusable building blocks

• Responsible for software architecture, operating system fundamentals, API designs, and system security

• Design strategy for deployment, maintenance and monitoring the platform infrastructure

• Develop cloud micro-services and platforms and provide functionality to Bose products and mobile applications

Cloud Security Software EngineerExperience in Current Role: 3+ YearsTotal Experience: 20+ Years

William NeilonEducation: BS Computer and Information Systems Security/Information Assurance, The University of Texas at San Antonio

• Develop and enhance security tools, exploit development, reverse engineering of software and hardware products

• Perform crash analysis, vulnerability assessment, malware detection, code development, system hardening and security certification and accreditation

• Support generation of documentation to include software development folders, design presentations and problem reports

Sr. Software Engineer IIExperience in Current Role: 2+ YearsTotal Experience: 12+ Years

• Build integration design between cloud applications using Java/J2EE and related web application technology without compromising security of data

• Responsible for interface design and develop connectivity diagrams

• Design and develop Single Page Application(SPA) using Angular 5 and integration to .NET Web API (Restful Web service)

• Implement Single Sign On (SSO) solution using RSA SECUREID

Senior Security Software EngineerExperience in Current Role: 3+ YearsTotal Experience: 5+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Develop modules of security and authentication components for multipurpose usage of toolkits in C, and C++

• Develop and maintain secure authentication with LDAP authorities AD, Open LDAP along with role based authentication

• Implement and test new features and modules of the toolkit

Anup Swamy VeenaEducation: MS Computer Science, Northeastern University

Security DeveloperExperience in Current Role: 2+ YearsTotal Experience: 5+ Years

Core Responsibilities

Sachin PatilEducation: MS Computer/Information Technology, Central Michigan University

Page 31: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3131

Greater Boston Area: Top Employer Profiles for Security Compliance talent pool

~25

~25

~20

~15

~10

Top Employers & Headcount Job Titles Workloads

• Security Compliance Officer• Cybersecurity and Infrastructure Audit Analyst• IT Risk & Compliance officer

• IT Audit Analyst• Compliance Analyst• Information Security Compliance Analyst• Cybersecurity Risk, Control, Audit

• Security Compliance Officer• Information Security and Compliance Officer• Cloud Security and Compliance Officer

• Security & Compliance Analyst• IT Security and Risk Analyst• Compliance Analyst

• Identify real-time CRMT process improvements and suggest resolutions when applicable• Implement a Compliance Monitoring program over the IT Organization and provide subject

matter expertise in the design and testing of infrastructure technology• Liaise with Compliance Advisory to detect gaps, issues, breaches and process

improvements

• Monitor control remediation plans in the Governance Risk and Compliance (GRC) system• Perform IT general control readiness assessments• Design and operate effectiveness of Information Security controls required for cloud based

platforms and applications

• Utilize information security practices such as NIST 800 series, ISO 27000 series, GDPR, etc• Develop, implement, maintain and oversee enforcement of security policies• Conduct regular audits on systems and host third-party audits as required, in order to

maintain certifications and compliance certificates

• Manage the Cyber Security risk assessment program for Liberty Mutual projects• Provide process improvement support in the functional area of Governance, Risk and

Compliance• Provide periodic analysis of corporate risk position, assist in the development,

configuration and implementation of GRC toolsets

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Cyber Security and Compliance Analyst• Compliance Analyst• Information Security Compliance Analyst

• Develop, implement and maintain key operational Compliance and Vulnerability metrics for the software projects

• Manage security and compliance activities for development, testing, configuration and life cycle management of cloud software

• Develop strategies to solve complex technical challenges

Page 32: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3232

Core ResponsibilitiesCore Responsibilities

Greater Boston Area: Security Compliance : Sample Talent Profiles (1/2)

Lored FabbricatoreEducation: Diploma in Information Technology Networking at Latin University of Costa Rica

• Develop, implement, maintain and oversee enforcement of security policies

• Create, implement and maintain appropriate enterprise programs, policies and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA

• Determine secure operation of all computer systems, servers, and network connections in accordance with the policies, procedures and compliance requirements

• Assist team members and internal clients with highly complex security issues applicable in cloud enterprise environment

Cloud Security Audit Governance & Compliance leadExperience in Current Role: 1+ YearTotal Experience: 20+ Years

Joshua KeilsonEducation: BA Economics, University of Massachusetts

• Design and operate effectiveness of Information Security controls required for cloud based platforms and applications

• Provide guidance on cloud based application solutions which include regulatory, contractual, security and architecture standards

• Actively monitor control remediation plans in the Governance Risk and Compliance (GRC) system

• Ensure Information Security, Regulatory Compliance, Incident Management, Problem Management and Change Management practices

Compliance AnalystExperience in Current Role: 7+ YearsTotal Experience: 11+ Years

• Design and conduct monitoring activities networks/systems, corporate security policies, systems and network architectures, documentation review and development, vulnerability assessments and security testing and evaluation

• Track and follow up ongoing audit and compliance efforts

• Monitor Information Security team projects and activities. Regularly update the compliance process and standards maintained

• Provide process improvement support in the functional area of Governance, Risk and Compliance

IT Risk & Compliance OfficerExperience in Current Role: 1+ YearTotal Experience: 4+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Remediation tracking, support and escalation of compliance gaps identified through the Security and IT Compliance Dashboard

• Develop compliance strategy in alignment with business requirements, objectives and metrics

• Responsible for ensuring the security controls which are operating effectively in the organization

• Perform vendor risk assessment annually for existing vendors and identify gaps. Identify any breach of compliance by vendors in the security space

Gerardo Barrios E.Education: BS Computer Science, Westfield State University

Senior Compliance AnalystExperience in Current Role: 4+ YearsTotal Experience: 30+ Years

Core Responsibilities

Stephanie InvernizziEducation: MS Information Security and Assurance Field Of Study Cybercrime and Critical Infrastructure, Norwich University

Page 33: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3333

Greater Boston Area: Security Compliance: Sample Talent Profiles (2/2)

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Perform technical compliance reviews including configuration hardening reviews, vulnerability assessments and penetration testing

• Evaluate and report on security risks, processes and projects to various stakeholders

• Manage compliance to security frameworks, e.g. ISO/IEC 27001/27018, SOC 2 Type 2, PCI DSS, ITGC/SOX, etc.,

• Act as an advocate to ensure compliance for security standard methodologies for cloud and network specific design concerns

Core Responsibilities

Randy OldenburgEducation: BS Computer Science, Worcester State University

ITS Quality & Compliance AnalystExperience in Current Role: 2+ YearsTotal Experience: 13+ Years

• Develop a comprehensive controls and governance approach

• Develop risk analysis, risk management framework and processes, risk evaluation and quantification methodology and risk standards

• Responsible for security compliance and privacy to develop and implement effective IT risk management practices

IT Risk, Compliance and SecurityExperience in Current Role: 13+ YearTotal Experience: 13+ Years

Core Responsibilities

Bob ClairmontEducation: N/A

Core Responsibilities

Randall LawrenceEducation: MA Justice Studies,University of New Hampshire

• Responsible for the identification and escalation of changes that affects the information security policy, standards and procedures

• Establish and leverage interfaces to relevant internal or external functions and experts

• Provide periodic analysis of corporate risk position, assist in the development, configuration and implementation of GRC toolsets

Regulatory Compliance AnalystExperience in Current Role: 2+ YearsTotal Experience: 6+ Years

• Focuses on assessing and prioritizing risk across the organization and compliance with information security policies

• Perform risk assessments and control gap analysis against Information Security Policies and Risk Management Standards

• Perform security control assessments utilizing established industry frameworks (SSAE18 SOC 1 & 2 Type 2, HIPAA, PCI DSS, FedRAMP, NIST CSF, NIST 800-53, ISO 27001, etc)

Information Security Compliance ManagerExperience in Current Role: 7+ YearTotal Experience: 24+ Years

Core Responsibilities

Steve TurnerEducation: N/A

Page 34: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3434

Austin, TX

Page 35: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3535

Austin, Texas Area, Talent Landscape: Approximately 77% of the Security Compliance talent in Austin, Texas Area has more than 10 years of experience majorly employed across technology giants like Dell, IBM, and Oracle

Note : DRAUP’s Talent Simulation Module was used to analyze the distribution of ideal talent by locations and skill sets

Austin, Texas Area

*Listed roles are a sample set and are not exhaustive

RolesMedian talent pool by experience levels (years)

0-5 6-10 10+ Total

Security Engineer 450 600 1,450 ~2,500

Security Software Developer

300 400 900 ~1,600

Security Compliance 35 35 230 ~300

Overall 785 1,035 2,580 ~4,400

0-5 years 6-10 years 10+ years

Talent Split By Experience

18%

24%

59%

Sample Roles

Sample Roles

Sample Roles

• Cyber Security Engineer• Information Security Analyst• Cyber Security Analyst• Information Security Engineer• Security Engineer

• Security Software Engineer• Security Software Developer• Cyber Security Software Developer• Cyber Software Engineer• Cyber Security Software Engineer

• Security and Compliance Engineer• Cyber Security Analyst• Information Assurance Compliance Analyst• Security Compliance Audit Analyst• Cybersecurity Compliance Engineer• Security Compliance consultant

Security Engineer

~2,500

Security Software Developer

~1,600

Security Compliance

~300

Page 36: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3636

Location Hotspot: North Austin is the key employer hotspot in Austin, Texas Area

Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database

Austin, TexasNorth Austin

North Austin is the employer hotspot in Austin Texas. Software/Internet and Telecom & Networking are the major companies located here

Peer Employer Extended List

Rapid7 HP Force point CSRA Inc.

Intel Corporation

NXP Semiconductors

Accenture

General Motors FlextronicsAccruent

3M Corporation

AMD

Freescale Semiconductor

Dell Technologies

IBM

Apple

Hewlett Packard Enterprise

AT&T

Cisco SystemsGeneral Motors

Oracle

North Austin

VISA

Fannie Mae Gemalto

Hotspot Employer Locations

Page 37: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3737

65

95

135

75

100

140

55

70

100

Security Engineer Security Software Developer Security Compliance

Ave

rag

e Sa

lary

(0

00

’ USD

) p

er a

nn

um

Austin, Texas Area: Average talent cost for a Security Engineer is greater than the average talent cost of a Security Software Developer and Security Compliance Officer

Note : DRAUP’s Talent Simulation Module was used to analyze the talent cost by locations and skill sets

Entry Level(0-5 Years)

Mid Level(6-10 Years)

Senior Level(10+ Years)

Average Salary$90,000 USD

Average Salary$98,000 USD

Average Salary$58,000 USD

Page 38: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3838

Austin, Texas Area: Top Employer Profiles for Security Engineer talent pool

~130

~40

~40

~20

~20

Top Employers & Headcount Job Titles Workloads

• Security Architect• Network Security Engineer• Security Specialist

• Security Engineer• Network Security Engineer• Network Development Engineer

• Security Architect• Information Security Engineer• Network Engineer

• Cyber Security Engineer• Network Engineer• Network Security Engineer

• Implement security related strategies and proposals, identify and manage security related task

• Manage network intrusion detection and data loss prevention to determine their root cause

• Execution of penetration test for external and internal networks, wifi and web applications

• Configure and maintain next generation firewalls, web filtering, database firewalls• Proactive threat hunting and malware analysis using commercial and open source tools• Troubleshoot and deploy security devices across various network segments• Identify root cause for vulnerabilities in design, implementation or in configuration and

recommend future preventative measures

• Implement and upgrade security measures and controls to protect digital files and information systems from unauthorized access

• Design and implement security operations and critical network integrations• Develop, implement and maintain security assessment processes and tools to review

the security controls

• Design and architect secure applications, systems and networks in line with industry best practices, company policy and compliance frameworks

• Monitor the cybersecurity landscape to identify trends and emerging risks• Evaluate and assess the security of components within global connectivity platforms

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Security Support Analyst• Security Control Specialist• Network Security Engineer

• Deploy and troubleshoot IP subnets, routers, switches, access points and modems• Develop and implement strategies to detect, prevent and analyse security threats• Troubleshoot and install unified Communications and wireless devices

Page 39: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

3939

Core ResponsibilitiesCore Responsibilities

Austin, Texas Area: Security Engineer : Sample Talent Profiles (1/2)

Jennifer ChavezEducation: B.S. Management Information Systems, Doane University

• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements

• Configure and troubleshoot security based firewalls, routers and switches

• Design, implement and analysis of end-to-end testing methodologies to analyze the interoperability of networks

Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 11+ Years

John SnellEducation: N/A

• Perform application vulnerability, threat modelling and security risk assessments

• Develop policies, procedures and technical reports associated with operating and maintaining global network security

• Analyze the performance of strategic network security and troubleshoot end to end connectivity problems

Network EngineerExperience in Current Role: 21+ YearsTotal Experience: 21+ Years

• Build integration and automation tools for security processes to build infrastructure and servers

• Design and development of security solutions using IBM security capabilities

• Build enterprise security level catalog , techniques and patterns to enable secure implementation of features in products

• Design and implement network intrusion detection and data loss prevention systems

Jaya RamanathanEducation: Doctor of Philosophy (Ph.D.) Computer Science, Michigan State University

Security EngineerExperience in Current Role: 16+ MonthsTotal Experience: 17+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Correlate threat intelligence with security systems and controls to handle security events

• Deploy and manage hardware security modules

• Troubleshoot access Network issues, patch Vulnerabilities and Mitigate DDoS attacks on Firewalls

• Identify and solve cyber threats by defining security requirements and performing penetration tests

• Analyse code reviews for vulnerabilities and adherence to requirements

Vincent Le RoyEducation: N/A

Security EngineerExperience in Current Role: 1+ YearTotal Experience: 22+ Years

Core Responsibilities

Page 40: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4040

Core ResponsibilitiesCore Responsibilities

Austin, Texas Area: Security Engineer: Sample Talent Profiles (2/2)

Jorge Pina

Education: BA Public Administration, University of Arizona

• Implement and design protocol compatibility standards and network management components

• Implement hardware and software solutions to mitigate a wide variety of network attacks

• Configure, monitor and troubleshoot network routers, switches and encryption devices in Windows Active Directory environment

• Oversee Anomaly Detection, Intrusion Detection, Anti-phishing, Web Application Firewall and Network Security

Network EngineerExperience in Current Role: 5+ YearsTotal Experience: 20+ Years

Angelo Colon

Education: Bachelor of Science (B.S.) Biomedical, California Polytechnic State University

• Develop system security plans, risk management matrix, security control traceability matrix and security test procedures

• Develop policies, procedures and technical reports associated with operating and maintaining global network

• Configure antivirus servers and program its applications to integrate with existing applications

• Create network using active directory, Splunk and analyze log files of incoming attacks into the network

Cyber Security EngineerExperience in Current Role: 5+ YearTotal Experience: 7+ Years

• Troubleshoot problems with applications, network and security infrastructure including routers, switches, firewalls, VPN appliances, proxy servers, DNS appliances and Wireless devices

• Configure and troubleshoot routing protocols like MP-BGP, OSPF, EIGRP, RIP, BGP v4 and MPLS

• Build or enhance solutions to detect and mitigate new threats that increase security and organizational efficiency

Joshua Eastman

Education: N/A

Network Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 10+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Define design requirements in hardware, software and infrastructure to achieve desired security assurance levels

• Design and develop micro architecture for hardware components and implement strategies for mitigating damage and preventing future breaches

• Maintain cyber defense initiatives, indicator lists, threat reports, incident response techniques and cyber defense technologies

Aditya Katragada

Education: MS Computer Engineering, University of Missouri-Rolla

Security ArchitectExperience in Current Role: 8+ YearsTotal Experience: 9+ Years

Core Responsibilities

Page 41: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4141

Austin, Texas Area: Top Employer Profiles for Security Software Engineer talent pool

~200

~110

~90

~70

~50

Top Employers & Headcount Job Titles Workloads

• Software Security Developer• Software Security Architect• Cloud Software Engineer• Software Analyst

• Software Security Developer• Software Engineer

• Security Engineer• Software Security Engineer

• Security Software Engineer• Software Engineer

• Build automation or integration with API’s using automation tools such as Ruby, Go and Perl

• Design and develop applications, libraries and scripts using rapid automation tools• Design, develop and integrate object oriented applications

• Develop and implement high performance web application and mobile application using Microsoft .NET technologies

• Design and develop secured RESTful Application Programming Interface (API) layer using ASP.NET Web API

• Provide technical direction on product planning for complete security software systems

• Develop web based application using Java, JavaScript, HTML/CSS and MySQL• Develop secure frameworks, libraries and create threat models for a complex set of

technologies• Develop automation testing framework using selenium web driver, TestNG and spring

• Design and develop company wide standardized versioning system for both internal configuration management using Jenkins

• Implement TLS/SSL features in the next generation firewall and IPS appliance based on Fire Linux OS

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Application Security Developer• Software Security Engineer

• Deploy and troubleshoot IP subnets, routers, switches, access points and modems• Develop next generation web applications for managing firewall and intrusion

prevention systems

Page 42: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4242

Core ResponsibilitiesCore Responsibilities

Austin, Texas Area: Security Software Engineer : Sample Talent Profiles (1/2)

Alfredo Mellado

Education: N/A

• Design, develop GCCX security architecture and gateway system to consume micro services on spring cloud framework

• Design and implement UI on angular 5 framework and Integrated Azure AD, Spring security and OAUth2 protocol to secure services

• Design and implement the next generation service engineering delivery systems

Software DeveloperExperience in Current Role: 3+ YearsTotal Experience: 7+ Years

William Hunt IIIEducation: MS Cyber Security, National University

• Design, develop, configure, test and integrate host based security monitoring software

• Setup single sign on authentication using ping federate to provide identity management with API security

• Design, develop and migrate legacy application from third party data centers to in house data centers

• Develop security related modules and libraries for building secure applications using python

Cyber Security EngineerExperience in Current Role: 4+ YearsTotal Experience: 5+ Years

• Implement and verify secure coding techniques to build the next generation payment processing solutions

• Design and develop web 2.0 rich UI for self service application using jQuery ajax framework and screen functionality using HTML, CSS and JavaScript

• Design, build and maintain DevNet Sandbox’s APIs and associated deployment architecture

• Develop rest APIs with design patterns and java frameworks like spring and hibernate

salauddin sEducation: MS Computer and Information Systems, University of the Cumberlands

Software DeveloperExperience in Current Role: 2+ YearsTotal Experience: 9+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Design, code, and debug both front-end and backend security interfaces

• Design, build, configure data security solutions and data protection and privacy software capabilities

• Develop unified AP and LAN ports features using Ruby on rails and PostgreSQL

• Design and develop spring boot application (GMM simulator) to simulate upto 8000 IR800s series gateways in a cluster

Alok Nath SahaEducation: MS Electrical and Computer Engineering, New York University

Security Development EngineerExperience in Current Role: 2+ YearsTotal Experience: 9+ Years

Core Responsibilities

Page 43: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4343

Core ResponsibilitiesCore Responsibilities

Austin, Texas Area: Security Software Engineer : Sample Talent Profiles (2/2)

Avi KatzEducation: Master of Science (MS) Electrical Engineering, Arizona State University

• Design, Develop and Test BIOS/UEFI Firmware for Dell PowerEdge Server and ESI Servers using C and x86 assembly

• Design and develop ACP, PCI Express, IPMI, Power management and SMBIOS modules

• Debug BIOS/UEFI using JTAG debugger, Oscilloscope and other instruments

• Develop GUI interface using angularJS, Bootstrap, CSS3, HTML5 and enterprise inter process communication frame work using Spring REST Service

Software EngineerExperience in Current Role: 4+ YearsTotal Experience: 11+ Years

Srujith reddyEducation: N/A

• Architect and build security response and forensic automation platforms to enhance security incident response function

• Prepare application deployment plan using SQL script files, code component compilation script for UAT and production deployment

• Develop data access layer and Build management using spring DAO and Gruntjs

• Design and develop several software integrations by utilizing ASP.NET, jQuery and restful webservices

Software Security DeveloperExperience in Current Role: 3+ YearsTotal Experience: 9+ Years

• Design security solutions covering DLP, SIOC, IRP areas in the Software Development Life Cycle (SDLC)

• Design and develop front end GUI modules for automatic report generation application and maintain online GIS applications based on ArcGIS server

• Develop unit test suite for session modules within a GUI tuning tool

• Design, develop and Develop automated and reporting process for real time mapping and online applications

Ben KellerEducation: Bachelor of Science (BS) Software Engineering, Behrend College

Software DeveloperExperience in Current Role: 4+ YearsTotal Experience: 5+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Design major software components, systems and features for IBM security software products

• Architect and build security response and forensic automation platform

• Build security framework and security integration platform includes authentication, authorization, Crypto, Multi-Tenancy and Vulnerability Protection

George WilsonEducation: Bachelor of Science (B.S) Computer Science, Louisiana State University

Security DeveloperExperience in Current Role: 19+ YearsTotal Experience: 30+ Years

Core Responsibilities

Page 44: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4444

Austin, Texas Area: Top Employer Profiles for Security Compliance talent pool

~20

~10

~10

~10

~10

Top Employers & Headcount Job Titles Workloads

• Security Compliance• Compliance Specialist• Security Risk and Compliance• Security and Compliance Architect

• Security Compliance• Compliance Engineer• IT Security Compliance Specialist

• Governance Technical Analyst• Information Security Risk Specialist• Data Governance Compliance

• Compliance Engineer• IT Security Compliance Specialist

• Implement compliance audit including PCI, HIPPA, SOC AND ISO 27001• Monitor and analyze system activity to identify malicious activities using cyber defense

tools• Monitor open source feeds and reporting on the latest threats against computer

network defenses

• Develop and implement DHS IT security processes and policies with different security tools and communication protocols

• Act as a SME for security compliance and actively guide the broader risk and compliance team on all security related technical components

• Monitor external data sources like cyber defense vendor sites and ensure the adherence to standards

• Define, prepare and communicate on reports and metrics related to compliance and control activities

• Develop and document risk mitigation plans and recommendations to reduce information security risk

• Review enterprise agreements or contracts with organizational IT security requirements

• Continuously research and design new security technologies, architectures, and products to support/improve security and meet the compliance requirements

• Comply with standards such as ISO27001/2, PCI-DSS, HIPAA, FedRAMP, SSAE16, SOC 1, SOC 2, IEC62443

• Extract, transform and validate data for compliance management

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Compliance Analyst• Security and Compliance Architect

• Perform security and compliance assessments at all levels of the Infrastructure, Platform and Software by utilizing established security frameworks

• Interact with cybersecurity architects, engineers and product teams to continuously monitor security capabilities and to adhere with the required standards

Page 45: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4545

Core ResponsibilitiesCore Responsibilities

Austin, Texas Area: Security Compliance: Sample Talent Profiles (1/2)

Pam PowellEducation: N/A

• Develop systems and strategies to comply with security standards such as SOC, SOC2, ISO 27001/2, GDPR

• Prepare audits of compliance files to ensure accuracy of documentation

• Develop, implement, maintain and oversee enforcement of security policies

• Develop and implement appropriate processes to achieve and maintain compliance and reduce risk

Security compliance EngineerExperience in Current Role: 21+ YearsTotal Experience: 21+ Years

Greg VinsonEducation: N/A

• Diagnose the root cause of problems and propose solutions for failed patches, false positives on system test and authentication problems. Identify root cause issues impacting multiple audit frameworks and support compliance framework

• Develop and control audit third party vendors on IT security compliance such as external threats, network hardening and manufacturing quality checks

• Drive continuous service improvement and service excellence. Continuously get updated on cyber security technical risks and perform ad-hoc security architecture/app reviews to assess new risks

Compliance EngineerExperience in Current Role: 18+ YearsTotal Experience: 20+ Years

• Establishment and maintenance of GDPR, PCI and HIPAA compliance to establish efficient flow of security information and drive consistent application standards to networks, systems and software

• Monitor compliance activities to reduce cyber security risks and prepare security related documentation

• Deploy and monitor SIEM, AV, IDS, IPS and other security tools to reduce risk factors

• Analyze, design, develop and implement security assessments to ensure compliance with National Institute of Standards and Technology (NIST)

Richard HarmanEducation: MA, European Studies/Civilization, University of Surrey

Security Compliance SpecialistExperience in Current Role: 2+ YearsTotal Experience: 22+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Identify root cause and remediate issues in timely manner including policies, standards, procedure and guidance

• Deploy and manage complex enterprise software solutions in the areas of cloud brokerage, cloud management, data center transformation, Enterprise Hybrid Cloud Architectures and IT Governance

• Establish and maintain unified control and policy framework to support various security, compliance audit, regulatory and third party audit requirements

Frank BlackEducation: N/A

Security Strategy, Risk & ComplianceExperience in Current Role: 1+ YearTotal Experience: 12+ Years

Core Responsibilities

Page 46: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4646

Core ResponsibilitiesCore Responsibilities

Austin, Texas Area: Security Compliance: Sample Talent Profiles (1/2)

Matt BurrusEducation: Bachelor of Information Systems, Florida State University

• Identify and analyze potential threats and vulnerabilities to determine their impact on business objectives

• Implement and deploy Security Operations Center (SOC) and Security Information Event Management (SIEM), Vulnerability Scan Management and Firewall Risk Management tools

• Implement new tools and polices to configure and patch hardware systems and applications. Ensure that all cybersecurity related standards are met

Security - Governance, Risk, and ComplianceExperience in Current Role: 1+ YearTotal Experience: 3+ Years

Charles McCordEducation: N/A

• Comply with standards such as ISO27001/2, PCI-DSS, HIPAA, FedRAMP, SSAE16, SOC 1, SOC 2, IEC62443

• Establish strategic security & network architecture vision including standards and frameworks that are aligned with overall business strategy

• Continuously research and design new security technologies, architectures, and products to support/improve security and meet the compliance requirements

Security - Risk Management Compliance & AssuranceExperience in Current Role: 3+ YearsTotal Experience: 20+ Years

Chuck CarlsonEducation: B.S.C Computer Studies, University of Maryland University College

Compliance AnalystExperience in Current Role: 3+ YearsTotal Experience: 38+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Drive compliance with company identified security frameworks and practices (NIST & CSA)

• Track and monitor the completion of vulnerability, static and dynamic scans includes penetration test and ethical hacking

• Monitor security log collection, database activity monitoring, network access control, identity and access management, security controls and networking monitoring

Michael EmbryEducation: MBA, University of Pittsburgh

Data Governance officerExperience in Current Role: 4+ YearsTotal Experience: 37+ Years

Core Responsibilities

• Perform compliance assessments at all levels of the Infrastructure, Platform and Software by utilizing established security frameworks

• Develop process and procedures to improve incident response times, analysis of incidents, and overall S&C functions

• Implement and maintain Vulnerability Management, Network traffic and log analysis on critical infrastructure

Page 47: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4747

Vancouver, Canada Area

Page 48: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4848

Vancouver, Canada Area, Talent Landscape: Approximately 70% of the Security Compliance in Vancouver, Canada Area has more than 10 years of experience majorly handling the security compliance and audit for large MNCs in Software and Banking verticals

Note : DRAUP’s Talent Simulation Module was used to analyze the distribution of ideal talent by locations and skill sets

Vancouver, Canada Area

*Listed roles are a sample set and are not exhaustive

RolesMedian talent pool by experience levels (years)

0-5 6-10 10+ Total

Security Engineer 380 470 800 ~1,650

Security Software Developer

260 340 600 ~1,200

Security Compliance 10 20 70 ~100

Overall 650 830 1,470 ~2,950

0-5 years 6-10 years 10+ years

Talent Split By Experience

22%

28%

50%

Sample Roles

Sample Roles

Sample Roles

• Threat Information Security Analyst• Security Engineer• Cyber Security Engineer• Information Security Engineer• Information Security Analyst

• Software Engineer – Security• Software Developer - Security Engineering• Cyber Software Developer• Software Engineer• Cyber Security Software Engineer

• Security Compliance Audit Analyst• Information Security Risk & Compliance

Officer• Security and Compliance Engineer• Information Security Compliance Auditor• Cybersecurity Compliance Engineer

Security Engineer

~1,650

Security Software Developer

~1,200

Security Compliance

~100

Page 49: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

4949

Location Hotspot: Downtown is the key employer hotspot in Vancouver, Canada Area which is home to many tech giants such as Microsoft, IBM and SAP in Vancouver

Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database

Vancouver, Canada AreaDowntown

Downtown is home to large MNCs especially in Software and Banking verticals having a talent presence in the analysed roles

Peer Employer Extended List

3M Accenture Inc Air Canada Adobe Systems Fidelity Canada

Graham GroupOpenText

Corporation

Shopify

Procter & Gamble Inc.

SaskTel

Schneider Electric

Pfizer

TD Bank Freddie Mac Salesforce

IBM

Fortinet

Telus

SophesSAP

Downtown

Boeing

PaypalAvigilon

PCL ConstructionHSBC Ford Motor Digital Extremes

Samsung Electronics

Hotspot Employer Locations

Page 50: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5050

50

70

105

55

75

110

40

55

75

Security Engineer Security Software Developer Security Compliance

Ave

rag

e Sa

lary

(0

00

’ USD

) p

er a

nn

um

Vancouver, Canada Area: Average talent cost for a Security Software Developer is greater than the average talent cost of a Security Engineer and Security Compliance Officer

Note : DRAUP’s Talent Simulation Module was used to analyze the talent cost by locations and skill sets

Entry Level(0-5 Years)

Mid Level(6-10 Years)

Senior Level(10+ Years)

Average Salary$65,000 USD

Average Salary$67,000 USD

Average Salary$48,000 USD

Page 51: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5151

Vancouver, Canada: Top Employer Profiles for Security Engineer talent pool

~150

~30

~20

~10

~10

Top Employers & Headcount Job Titles Workloads

• Security Engineer• Network Security Engineer• Information Systems Security Engineer

• Security Engineer• Cyber Security Engineer• Network Security Engineer• Information Security Analyst

• Security Engineer• Cyber Security Engineer• Information Security Engineer• Network Security Engineer

• Cyber Security Engineer• Security Engineer• Information Security Engineer

• Analyse and design robust solutions to address specific vulnerabilities of the information security environment

• Manage strategic cyber security infrastructure, platforms and critical applications, with automation of dynamic asset management and configuration activities

• Develop and implement IT security and risk management framework and policies

• Develop automation scripts to handle and track security incidents• Analyse information security incidents and risk assessments to ensure protection and corrective

measures• Administrate and maintain security vulnerability scanning, event logging services and devices

• Design and implement redundant structures of backup using Arcserve UDP and UTM Firewalls• Analyse data to perform incident response and deploy security services for platforms through

BC/DR policy• Develop system security/IA plans and controls in DIACAP, RMF, NIST 800-53 and NISCAP

• Create and maintain security enablement activities for global IBM Cloud and Application security• Design authentication rules, security escalation procedures, encryption routines and security

policies• Design security solutions with enterprise quality assurance and conduct web app security testing

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Cyber Security Engineer• Security Engineer• Information Security Engineer

• Develop, implement and test advanced software security techniques and review code to improve software security

• Analyse and optimize internal software and hardware vulnerabilities and threats• Identify and integrate security issues, cyber security incidents with threat intelligence platform

Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization

Page 52: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5252

Core ResponsibilitiesCore Responsibilities

Vancouver, Canada: Security Engineer: Sample Talent Profiles(1/2)

Palance Ng

Education: BA Computer Science, The University of British Columbia

• Analyse and detect network based security activities and threats with new exploits and vulnerability research

• Design and test IPS signatures to detect intrusive activities such as DoS attack

• Develop security based configuration standards and hardening guide for DNS, Apache, AD Domain controllers and windows servers, MSSQL, Cisco devices, Linux, MySQL and Vmware ESXi server

IPS Security AnalystExperience in Current Role: 7+ YearsTotal Experience: 10+ Years

• Create Information Security policies and procedures for Cloud, Wireless and Virtualized solutions

• Deploy security solutions for public social media channels using UTM, SFOS XG Firewalls, Enterprise/Central Endpoint and Web gateway

• Design and maintain firewall/proxy for proxying HTTP(S) connections and block connections based on the web content

Network Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 3+ Years

• Design complex IT Systems, Network infrastructure and Cyber security solutions including selection and acquisition of system software and hardware components

• Identify cyber-security risk to system, assets, data, capabilities and develop risk management strategy

• Develop and implement security policies, procedures and standards to deploy access control and data security activities

Harvinder Virk

Education: MCA, Punjab Technical University

Information Security EngineerExperience in Current Role: 7+ YearsTotal Experience: 17+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Deploy information security governance and develop medium scale information security based on business security requirements

• Design, establish and maintain security based access control workflow and matrices with cybersecurity and request authorizations

• Deploy, maintain, monitor and upgrade ELK stash security logging tier with Kafka, Logstash, Elasticsearch and Kibana clusters

Security EngineerExperience in Current Role: 8+ MonthsTotal Experience: 6+ Years

Core Responsibilities

Florentino Sanchez

Education: Diploma Computer Information Systems, The University of British Columbia

Mitch Kelsey

Education: BA International Security and Conflict, Political Science,Simon Fraser University

Page 53: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5353

Core ResponsibilitiesCore Responsibilities

Vancouver, Canada: Security Engineer: Sample Talent Profiles(2/2)

Pritpal Manak

Education: MS Computer Networks, The University of British Columbia

• Develop security standards, patterns to identify and track the remediation of software security vulnerabilities

• Analyse and review information on cyber threats and internal information security activities

• Design and implement Information Security Management System (including BCP) for SOX and DRP for Cloud solutions

• Information security administration with security risks, gap analysis and check compliance for security configuration baseline

Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 7+ Years

Jefferson Aguilar

Education: Diploma in Telecommunication Engineering, Northern Alberta Institute of Technology

• Provide administrative and operational support for both physical security access control system and security enabled system

• Develop and enforce business related information security policies and evaluate security technology

• Design standards and solutions to manage device information, proactive monitoring of data and maintenance plans

• Develop requirements and design constraints for secure solutions and develop security documents with specifications and test plans

IT Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 12+ Years

• Develop and deploy security solutions related to information security, compliance and risk management

• Design scripts and programs for penetration test automation of security activities

• Detect and assess cybersecurity threats and incidents across security based environment

• Implement and customize technical security controls in recognized hardening frameworks and design secure software development standards

Sorin Popa

Education: N/A

Cyber Security EngineerExperience in Current Role: 3+ YearsTotal Experience: 20+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Implement security based Checkpoint Firewalls and Websense BlueCoat Proxys for reliable security solutions

• Design and test security solutions using industrial standards and security technologies

• Deploy antivirus, intrusion detection related security tools and endpoint process recordings for solving security issues

• Design and implement cybersecurity technical solutions to perform cybersecurity operational activities

Paulo Brito

Education: BE Computer Engineering, Potiguar University

Security EngineerExperience in Current Role: 5+ MonthsTotal Experience: 11+ Years

Core Responsibilities

Page 54: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5454

Vancouver, Canada: Top Employer Profiles for Security Software Engineer talent pool

~60

~40

~30

~30

~30

Top Employers & Headcount Job Titles Workloads

• Security Software Engineer• Security Software Implementation Engineer• Application Security Engineer

• Security Software Architect• Software Application Developer

• Security Software Engineer• Security Software Architect• Embedded Security Software Engineer

• Security Software Architect• Software Engineer(Security)

• Create and support internal software solutions related to security incidents and threats• Integrate, configure and test software security solutions to manage network, system firewalls

and intrusion detection systems• Develop, document and implement information security procedures to enforce compliance with

information security standards and policies

• Develop, integrate, optimize, maintain and troubleshoot proprietary DNS server software with Security Extensions (DNSSEC) for Linux using C++ language

• Develop security application Forti Authenticator which provides RADIUS, LDAP and 802.1X wireless authentication, certificate management and Single Sign-on

• Develop security solutions for RESTful API web services using modern stack of technologies

• Design and build software tools for security infrastructure using Jenkins, Pipeline and Plugins• Develop and maintain advanced security automation frameworks• Design, implement and operate feature toggle management software for SAP Cloud security

systems

• Support security based activities such as detecting loopholes and intrusion preventive measures• Design and develop internal security, administrative tools and reports for gaming software• Design security architecture for online and cloud games

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Cyber Security Software Developer• Security Software Engineer

• Design and develop security applications, system to system interfaces and software solutions• Perform vendor-related activities for security and create documentation such as user guides and

software development guides• Develop testing frameworks and source control systems for authentication and identification of

security vulnerabilities

Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization

Page 55: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5555

Vancouver, Canada: Security Software Engineer: Sample Talent Profiles(1/2)

Core Responsibilities

• Design and develop security features such as IPsec, IP source filtering, IPSG, Mac filtering, Egress filtering and RA Guard for software modules

• Design, deploy and support security solutions for information technology architecture and hardware/software application

• Monitor security threats, event analysis, attacks and incident response for Windows logs and servers

Security Software EngineerExperience in Current Role: 2+ YearsTotal Experience: 12+ Years

Core Responsibilities

• Design and implement authentication and security solutions for web based portal and develop API for communication using UDP

• Design, implement and validate security features for quality enhancement of components in analytical and cloud software

• Design software related components for encompassing kernel drivers, virtualization and emulation technologies, behaviour detection, pattern matching, network protocol parsers and intrusion prevention

Security Software EngineerExperience in Current Role: 1+ YearsTotal Experience: 22+ Years

Core Responsibilities

• Develop and implement the security policies and procedures such as authentication rules, security breach escalation procedures for XSUnit frameworks and APIs

• Build frameworks and tools which provides solution for security issues related to logging and monitoring activities

• Design scalable security services-oriented applications in microservice environment

• Perform penetration and vulnerability tests on internal processes and systems

Software Engineer- SecurityExperience in Current Role: 9+ MonthsTotal Experience: 4+ Years

Core Responsibilities

• Design and implement automated testing and security services to monitor mechanism for Fortinet business applications

• Perform public facing servers and internal data warehouse security audit by using ISACA audit control

• Deploy continuous API integration with multiple external entities to ensure high system availability and security services

Security Software ArchitectExperience in Current Role: 2+ YearsTotal Experience: 23+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Stone Liu

Education: Bachelor of Aerospace Engineering, Beijing Institute of Technology

Wesley Wineberg

Education: BTech Computer Systems, British Columbia Institute of Technology

Felipe Cerqueira dos Santos

Education: Information Technology and Systems, Infnet Institute

Christopher Le

Education: BE Computer Science Engineering, Simon Fraser University

Page 56: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5656

Vancouver, Canada: Security Software Engineer: Sample Talent Profiles(2/2)

Core Responsibilities

• Design, deploy, prototype and integrate security features into SAP services related to RASP SQL injection detection & big data anonymization

• Develop and maintain relevant risk metrics to monitor and report information security risks through security governance activities

• Design and deploy security specific configuration for AUTOSAR, GUAM based platforms and other software components

Software Engineer- SecurityExperience in Current Role: 10+ MonthsTotal Experience: 3+ Years

Core Responsibilities

• Design and deploy weblogic based application with performance and vulnerability analysis

• Implement security solutions such as Host Intrusion Prevention, SIEM, Checkpoint firewalls, Onsite Aggregators and Vulnerability scanners

• Analyse events, flows and advanced analysis of potential security incidents for integration and automation of applications

Security Software DeveloperExperience in Current Role: 8+ YearsTotal Experience: 19+ Years

Core Responsibilities

• Develop and implement security policies and procedures for gaming applications and APIs using security auditing procedures, firewalls and encryption routines

• Support online SE software for authentication and authorization with EA services

• Deploy security services on FUT for both client and server applications

Security Software EngineerExperience in Current Role: 3+ YearsTotal Experience: 17+ Years

Core Responsibilities

• Design and deploy rapid incident resolution and consistent security operations for software activities

• Design and code D3 Python library and playbook to solve SOC and IR related issues by automating tasks, orchestrating machine processes and incident documents

• Design web application with streamlining workflows including authorization and control access routines

Software Developer- SecurityExperience in Current Role: 2+ YearsTotal Experience: 12+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Kevin LEducation: ME Computer Software and Theory,Yanshan University

Paul Vu

Education: Bachelor of Applied Science and Computer Engineering, Simon Fraser University

Chris C

Education: BSc Computer Engineering, University of Alberta

Yaroslav Pelekh

Education: NA

Page 57: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5757

Vancouver, Canada: Top Employer Profiles for Security Compliance talent pool

~25

~25

~20

~15

~10

Top Employers & Headcount Job Titles Workloads

• Security Compliance Engineer• Compliance Engineer

• Infrastructure Security & Compliance Engineer• Compliance Engineer

• Security Compliance Analyst• Compliance Specialist

• Governance, Risk and Compliance Engineer• IT Security Compliance Specialist

• Develop automated process for incident response alerting and attack detection• Resolve issues in applying compliance and security controls including remediation

deficiencies, flaws and vulnerabilities• Configure and monitor Host Based Security System (HBSS), ePO servers, rogue sensors,

firewalls and Intrusion Prevention/Detection Systems

• Maintain corporate information security policy, platform standards including periodic assessments of changes to domestic and international regulatory guidance

• Assess and monitor compliance with regulatory requirements related to cyber security• Create and manage incident response plans and actively conduct vulnerability assessments

• Maintain security controls for compliance standards such as SOC 2 and ISO 27001• Support cybersecurity privacy analysis throughout the security assessment and compliance

lifecycle process• Develop a framework for vulnerability assessments, review findings and manage

remediation activities

• Improve and maintain security controls and policies for designing new controls with security compliance and certifications

• Design and implement security baselines, automated compliance checks and desired state configuration

• Design, configure and troubleshoot security platforms and tools for IT security infrastructure

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

• Security and Compliance Engineer• Compliance Analyst

• Design compliance strategy with business requirements, objectives and metrics • Support security control assessment systems using ICD 503, CNSSI 1253, NIST 800-53, NIST

Cyber Security Framework• Implement Critical Infrastructure Protection (CIP) compliance with cyber system security

policies and practices

Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization

Page 58: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5858

Core ResponsibilitiesCore Responsibilities

Vancouver, Canada: Security Compliance : Sample Talent Profiles(1/2)

Eva Kuiper

Education: MS Computer Science, University of California

• Develop and maintain security controls for different compliance standards such as SOC 2 and ISO 27001

• Design and develop procedures for handling security breaches, manage internal communication of security incidents, compliance and governance

• Support security risk, control and compliance operations for desired architecture and solution

Security and Compliance ConsultantExperience in Current Role: 1+ YearTotal Experience: 23+ Years

• Responsible for ISO: 27001 certification and documentation along with compliance of IT act

• Deploy security solutions for public social media channels using UTM, SFOS XG Firewalls, Enterprise/Central Endpoint and Web gateway

• Design and maintain firewall/proxy for proxying HTTPs connections and block connections based on the web content

Security and Compliance SpecialistExperience in Current Role: 2+ YearsTotal Experience: 12+ Years

• Support and maintain vulnerability management infrastructure, problem solving and investigate root cause of the issues

• Define and maintain the dashboard for IT infrastructures security vulnerabilities and security compliance

• Develop and implement IT security related policies, standards and procedures relating to cyber-security controls, applications, networks and operating system

Paolo CarEducation: BA, University of Victoria

Security and Compliance EngineerExperience in Current Role: 2+ YearsTotal Experience: 20+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Monitor Cyber security resilience framework with its standards such as PCI-DSS, ISO 27001 and GDPR

• Manage and support network device management configuration, periodic review of firewall rules and access control lists

• Develop information security risk and compliance management strategies with business goals and protect the confidentiality, integrity and availability of information assets

Karen Villanueva

Education: N/A

Security and Compliance AnalystExperience in Current Role: 19+ YearsTotal Experience: 22+ Years

Core Responsibilities

Vira Krykus

Education: N/A

Page 59: Talent Deep Dive Security Engineer, Security Software ... · • Develop decentralized apps using blockchain with non relational database • Build an incident response program for

5959

Core Responsibilities

Vancouver, Canada: Security Compliance : Sample Talent Profiles(2/2)

Andrew BaxterEducation: BA Computer Science, Acadia University

Security Compliance EngineerExperience in Current Role: 1+ YearTotal Experience: 19+ Years

• Develop and update system security plans, system security inventories and cyber security queries

• Manage security intake process engagement for various risk assessments including security architecture review, vulnerability assessment, vendor assessment and legal document review

• Implement and integrate global service delivery process and control framework for cyber security compliance

Fabrice Renaud

Education: N/A

Security and Compliance EngineerExperience in Current Role: 1+ YearTotal Experience: 19+ Years

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

Core Responsibilities

• Administer annual security awareness, secures application development and auditing of Internal controls through the testing, tracking and reporting of internal controls

• Implement and execute comprehensive risk tracking GRC process and assessment process

• Develop and track performance metrics, cyber security policies and periodic audit on ISO 27001

Amanda Alblas-Stepanov

Education: BA History, University of British Columbia

Security and Compliance AnalystExperience in Current Role: 1+ MonthTotal Experience: 7+ Years

Core Responsibilities

Eva Kuiper

Education: N/A

• Support PCI compliance activities such as vulnerability analysis, penetration testing, patch management and risk analysis

• Install and monitor internal firewalls, intrusion detection system and centralized anti virus solution

• Build, test, patch and reconfigure security systems, security audit and cloud security

• Develop new governance and technical procedures for Network Security, Application Security and Endpoint Security

Core Responsibilities

Gabriel Kojima

Education: N/A

• Responsible for Governance Risk and Compliance for Telus external clients

• Perform technical and Security Compliance Assessments

• Create and recommend remediation for components of assessments such as security policies, procedures and standards

• Responsible for governance, risk management, incident response, security analysis and vulnerability management including security methodologies, standards, and practices such as NIST, ISO 27001, NERC, and PCI

Information Security –Compliance AnalystExperience in Current Role: 3+ YearsTotal Experience: 13+ Years