Student Veterans of America Jobs

Welcome to SVA’s jobs portal, your one-stop shop for finding the most up to date source of employment opportunities. We have partnered with the National Labor Exchange to provide you this information. You may be looking for part-time employment to supplement your income while you are in school. You might be looking for an internship to add experience to your resume. And you may be completing your training ready to start a new career. This site has all of those types of jobs.

Here are a few things you should know:
  • This site is mobile friendly. You do not need a log-in or password to access information.
  • Jobs on this site are original and unduplicated and come from three sources: the Federal government, state workforce agency job banks, and corporate career websites. All jobs are vetted to ensure there are no scams, training schemes, or phishing.
  • The site is refreshed daily to remove out-of-date content.
  • The newest jobs are listed first, so use the search features to match your interests. You can look for jobs in a specific geographical location, by title or keyword, or you can use the military crosswalk. You may want to do something different from your military career, but you undoubtedly have skills from that occupation that match to a civilian job.
Home View All Jobs (2,300,490)

Job Information

Marriott Director, Security Architect, Certification and Accreditation, GC in Shanghai, China

Job Number 24035378

Job Category Information Technology

Location Shanghai Operations, 9/F Tower B One ITC, Shanghai, Shanghai, China

Schedule Full-Time

Located Remotely? N

Relocation? N

Position Type Management

JOB SUMMARY

Lead and manage security architecture and engineering team in Great China. Performs certification of Security Control attestations and evaluates the implementation of those controls in order to grant Approval to Operate for a release of new infrastructure, services, applications and processes into Marriott’s Production Environments in regional level.

Leverages existing Security Engagement processes and documentation, in conjunction with security compliance tools, to determine control implementation status. Will routinely process ITSM Release and Security Engagement Tasks to document justification for all approvals. Will routinely collaborate with multiple teams, including, but not limited to, Business Release Sponsors, Project Managers, Security Architects, Security Architecture Analysts, and Change Management teams to ensure the Security Processes are followed and completed in order to accredit the engagement or release.

Will routinely manage and communicate the status of the tasks assigned in ITSM to thoroughly document the accreditation resulting in granting of Approval to Operate. Understand, communicate, interpret and enforce MI Policies and Security Standards throughout the Certification and Accreditation process. Understand and communicate control objectives in terms of both MI Policy and Standards and Security Best Practice Frameworks, including, but not limited to, NIST RMF, NIST CSF, PCI DSS, GDPR, MPLS, EU Privacy, ISO, as referenced in Marriott’s Common Controls Framework. Will periodically provide status and metrics for the assigned C&A Engagements in order to provide visibility and transparency to GIS Senior Leadership

CANDIDATE PROFILE

Education and Experience

Required:

  • Bachelor’s degree in Information Systems, Computer Science or related field or equivalent experience/certification

  • 8+ years’ experience in Information Security with:

  • 3+ years in process-oriented Security Audit/Assurance/Technical Assessment role

  • 2+ years’ team management experience with security technical team members

  • 1-2 years’ experience/exposure to Common Controls Framework

  • Exposure/functional understanding of NIST RMF

  • Current and relevant information security certifications such as: CISSP (Certified Information Systems Security Professional), (ISC)2 CGRC certification, ISACA, PCI QSA/ISA, ITIL, IS Certification & Accreditation Professional - ISCAP, GIAC Information Security Professional (GISP),

Preferred Skills & Attributes

  • Strong oral and written communication skills and comfortable with speaking in large groups virtually and in person.

  • Ability to conduct independent security research

  • Strong understanding of common OWASP flagship projects, Top 10, Cheat Sheets…etc.

  • Strong understanding of cryptography concepts: hashing, signing, encryption, decryption, tokenization

  • Strong understanding of SDLC and security integration points

  • Functional understanding of microservice application architecture

  • Functional understanding of common application security controls such as WAF, RASP, Intercepting Proxies

  • Comfortable with the following tools and technologies: GitHub Advanced Security, Postman, Fortify SCA, Jenkins, Artifactory, SonarQube, Docker, JIRA, Confluence, Aqua CSP, Nessus Pro or Tenable.io

  • Comfortable with technical report writing and crafting security requirements.

  • Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Firewalls, Intrusion Detection, Segmentation

  • Basic understanding of Vulnerability and Patch Management practices

  • Basic understanding of endpoint security controls: EDR, Vulnerability Scanning Agents, HIDS, FIM

  • Basic understanding of Agile Software Development Practices & DevOps

  • Master’s degree in Computer Science or Software Engineering

  • Mid-level cloud computing certification, AWS Solutions Architect Associate, Azure Administrator Associate, Google Associate Cloud Engineer

  • Functional knowledge software engineering concepts: GOF software design patterns, SOLID design principles (SRP, OSP, LSP, ISP, and DIP) and design methods (Scrum, XP, Lean, Waterfall)

  • Functional understanding of common cryptographic algorithms and libraries

  • Functional foundational understanding of Cloud Computing

CORE WORK ACTIVITIES

Security Certification

  • Represent GIS C&A on all Release Communications, discussions and meetings

  • Process Releases and Security Engagements assigned to C&A.

  • Review Security Engagement final documentation and verify all required controls meet the security objectives and are in-place.

  • Evaluates applications for security flaws by performing fuzzing, access/authorization bypass, business logic abuse and intentional fault injection.

  • Uses Static and Dynamic Analysis tools to support broad testing and vulnerability discovery.

  • Reviews application architectures and implementation details for design flaws, incorrect security implementation and missing security controls.

  • Works with other security team members to research and test for complex security issues.

  • Consults with Software Engineers, Infrastructure Architects and Security Architects to correct application, architectural or environment flaws.

  • Validates external security researcher bug bounty submissions.

  • Ensures applications are built according to enterprise security standards.

Security Accreditation

  • Works with development teams to review application source code for security and operational risks.

  • Perform manual code reviews of applications that are not compatible with automated SAST tools.

  • Provide detailed security documentation to developers, software engineers and technical personnel when necessary

  • Provide guidance and recommendation to software architects and engineers on how to correct code related security flaws

Managing Work, Projects, and Policies

  • Manage security architecture and engineering team in Great China.

  • Participate in peer reviews of security assessments created by other team members.

  • Manage tickets and SLAs associated with security testing efforts.

  • Maintain and contribute to the enterprise SSDLC standard.

  • Coordinates and implements work and projects as assigned.

  • Generates and provides accurate and timely results in the form of reports, presentations, etc.

  • Analyzes information and evaluates results to choose the best solution and solve problems.

  • Develops specific goals and plans to prioritize, organize, and accomplish work.

  • Sets and tracks goal progress for self and others.

  • Monitors the work of others to ensure it is completed on time and meets expectations.

  • Provides direction and assistance to other organizational units’ policies and procedures, and efficient control and utilization of resources.

Leading Team

  • Creates a team environment that encourages accountability, high standards, and innovation.

  • Leads specific team while assisting with meeting or exceeding department goals.

  • Makes sure others understand performance expectations.

  • Ensures that goals are being translated to the team as they relate to tracking and productivity.

  • Creates and nurtures an environment that emphasizes motivation, empowerment, teamwork, continuous improvement and a passion for providing service.

  • Understands employee and develops plans to address need areas and expand on the strengths.

  • Provides the team with the capabilities needed to meet or exceed expectations.

  • Leads by example demonstrating self-confidence, energy and enthusiasm.

Conducting Human Resources Activities

  • Acts proactively when dealing with employee concerns.

  • Extends professionalism and courtesy to employees at all times.

  • Communicates/updates all goals and results with employees.

  • Meets semiannually with staff on a one-to-one basis.

  • Establishes and maintains open, collaborative relationships with employees.

  • Solicits employee feedback.

  • Interviews job candidates and assists in making hiring decisions.

  • Receives hiring recommendations from team supervisors.

  • Ensures orientations for new team members are thorough and completed in a timely fashion.

  • Observes behaviors of employees and provides feedback to individuals.

Additional Responsibilities

  • Provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner.

  • Manages group or interpersonal conflict.

  • Informs and/or updates executives, peers, and subordinates on relevant information in a timely manner.

  • Manages time effectively and conducts activities in an organized manner.

  • Presents ideas, expectations and information in a concise, organized manner.

  • Uses problem solving methodology for decision making and follow up.

  • Performs other reasonable duties as assigned by manager.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work,​ begin your purpose, belong to an amazing global​ team, and become the best version of you.

DirectEmployers