- Direct, hands-on experience or strong working knowledge of managing security infrastructure – e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, DLP (Data Loss Prevention) and log management technology
- Experience managing and working with Security Operations Centers
- Direct experience managing and working with MSSP (managed security service providers)
- Direct experience leading an application security program (code reviews, pen testing)
- Verifiable experience reviewing application code for security vulnerabilities
- Direct, hands-on experience or a strong working knowledge of vulnerability management tools
- Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
- Modern Authentication Protocols- SAML, OAUTH
- Cryptography – Asymmetrical/Symmetrical encryption, hashing
- Active SC Cleareance
