Wednesday, December 30, 2015

Sr.Information Security Analyst

Title- Sr.Information Security Analyst
Location Costa Mesa, CA
Duration- 4-5 Months Contract



Justification: The position was recently vacated and has left the related team stretched for resources. This is a critical position that needs to be filled as soon as possible, until a permanent candidate is identified.

Summary
The Senior Security Analyst is a cross-functional business and technology auditor, responsible for ensuring corporate regulatory compliance, risk remediation and vulnerability management, and maturing business processes. The Security Analyst may conduct reviews of network infrastructure, systems infrastructure, application configurations, and software code reviews. He or she provides oversight to Security Operations, governance to data access, and supports security compliance in new initiatives.

Domestic or international travel may be required.

Essential Duties and Responsibilities
  • Coordinate and oversee 3rd party activity such as pen testing, code review, and training. Capable of understanding and explaining application findings, also able to reproduce findings using pen test tools such as BURP, Fiddler, etc.
  • Monitor configuration, deployment, and integration of security technologies associated with web applications. This includes web application firewalls, dynamic and static analysis applications and services, and occasional code review.
  • Participate in cross-functional project teams along with individuals from IT, Architecture and Development to design and implement security solutions as prioritized by management.
  • Ensure proper hand-off to Ops and SOC teams to monitor alerts and dashboards so that standard performance monitoring and fault management can occur.
  • Maintain and develop adequate compliance documentation presentable for external and internal audits.
  • Develop and maintain Infosec baselines (MBS) and report on deployed devices according to the standard build
  • Advise, recommend, and report on risk assessment for site compliance/safety gates for review by Risk Management team prior to implementation.
  • Assist forensic investigation efforts through log management and correlation activities. 
    Qualifications
  • OSCP or equivalent training desired
  • CISSP certification
  • GIAC Gold or Platinum
    Education and/or Experience
  • A Bachelor's degree in Engineering, Computer Science or an equivalent combination of education and work experience is required. (7-10 years)

    Specific Knowledge
  • Language background in .NET, Java preferred
  • Scripting languages Python, Ruby, Javascript desired
  • Working experience with IT policies, procedures, and standards
  • Basic experience with vendor management and product evaluation
  • Aware of cloud technologies (Amazon, MS, Google)
  • Next generation firewalls and application identification and tuning
  • Web proxies
  • Web Application Firewalls and XML Gateways
  • Forensics systems and techniques
  • SIEM, SIM, or SEM
  • Security packet analysis
  • WIFI scanning and reports
  • Content Load Balancers
  • SSL VPNs
  • Next generation transparent remote access solutions
  • Application execution control
    Supervisory Responsibilities
    May recommend methods and procedures on new assignments and may provide guidance to other non-exempt personnel.
    Supervision Received
    Acts independently on day-to-day work and assessments, reports, and recommendations are reviewed by peers, managers, and executives prior to implementation.
    Language Skills
  • Communicates effectively in English in written and verbal form.
  • Write reports with correct grammar, punctuation, spelling and good structure.
  • Read, analyze, and interpret complex, technical and business documents. 

    Business Planning
  • Recommends solutions for defined processes.

    Documentation & Presentation Skills
  • Effectively presents information, ideas, perspective to peers, team members and managers and responds to questions.
  • Speaks effectively one-on-one and in small group situations.
  • Reads and analyzes technology journals and interprets documents, such as technical reports and instructions.
  • Follows documentation requirements.
  • Ability to summarize and communicate data.
  • Ability to assess technology literature.
  • Effectively presents data to team.

 Santy Kumar | TalentBurst, Inc.
Boston | San Francisco | Miami | Milwaukee | Toronto | New Delhi | Bangalore
Work: (508) 628-7589| Fax: (508) 319-3065 | Email: santy.kumar@talentburst.com
679 Worcester Road | Natick, MA 01760 | www.talentburst.com