Tuesday, January 31, 2017

Security Architect

Title: Security Architect 
Location: San Jose
Duration: Full Time


Primary Responsibilities
• Lead application security framework
• Provide security requirements for test-driven design
• Routinely deliver metrics report of the application security status
• Integrating security tools, standards, and processes into the product life cycle (PLC).
• Help train development and QA teams to an appropriate level of security knowledge.
• Improve and support application security tools such as static analysis, runtime testing tools.
• Improve development standards
• Participate in architecture review where security expertise is needed
• Routinely perform code reviews, penetration tests and standards gap analysis of existing and new services – internal and partners
• Stay on top of third-party and open source activities to ensure development meets company standards

Job Requirements

• Proven hands-on work experience as a software security engineer is a must.
• Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
• Can translate security concepts into language that is meaningful to business and technical leaders and individual contributors.
• Candidates must be able to approach application security from the perspective of risk management and avoid purely academic thinking about software security.
• Demonstrable ability to influence decision-making processes at all levels of a large organization will be critical to success.
• Candidates must have strong leadership skills to lead highly technical individuals.
• Candidates must have excellent verbal and written communication skills. Experience speaking in public forums and writing/contributing to technical publications is a plus.
• Candidates should have experience integrating secure development practices into both waterfall and agile development processes.
• The ideal candidate has experience writing and testing web applications and web services in the following programming languages: C/C++, Java, and JavaScript. Embedded experience is a plus.
• The candidate should have familiarity with a variety of development and testing tools, including: Eclipse, GCC, JIRA, Confluence, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, Client/Fortify SCA, IBM AppScan, Client WebInspect, Veracode.
• Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques. Knowledge of embedded security models such as HSM is a plus.
• Candidates must have experience planning multi-year roadmaps.
• Familiarity with industry standards and regulations including PCI, FFIEC, SOX, and ISO27001 is desired.BS degree in Computer Science or related field

Education

Bachelor's degree or higher in Computer Science is preferred.Title: Lead, Application Security Engineer
 
Alex McChester
Technical Recruiter, Mondo
(310) 905-2410
Los Angeles, CA 90045

www.mondo.com
 

Information Security Officer

As a member of the global Information Security department, the Information Security Officer for the Americas contributes to Information Security activities at a global level and supports the appropriate implementation of the Information Security policies and initiatives in the US (Orinda, CA, Greenwich, CO, New York and Mexico City).

• Contribute to the information security strategy and the information governance framework by identifying local specifics and requirements; • Promote Information Security communication and awareness in the US in accordance with the global communication plan and local specificities • Monitor local information and systems risks through supporting the risk analysis of information, systems and applications, defining and updating the global and local information and systems risks map in accordance with the Risk and Controls department, and carrying out the relevant reporting and monitoring of risk mitigation actions • Take part in control reviews to evaluate whether Functional and Technical Support and Project activities managed by the IT Department are carried out in line with the approved and validated Information Security strategy and related roadmaps; the Information security standards and policies; and the approved risk-appetite framework • Contribute to the definition of a flexible annual control plan, taking into account any risk or control concerns identified by the Senior Information Security Officer for the USA, management or any other relevant person or committee • Provide advice to local users and IT teams • Contribute locally to the incident processes and activities to support the global operational support team in case of an incident • Contribute to the definitions of security policies adapted from standards and assist IT experts and the business to adapt standards and policies into operational procedures • Represent the Global Information Security department in the local governance instances

Education/Qualifications • Bachelor’s degree-level education or equivalent • A recognized certification (CISSP, CISA, CISM) would be a plus Experience • Relevant experience in Information Security • Experience in IT audit (internal or external) would be a plus • Experience in financial services institution or in an asset manager would be a plus • Experience in an international and multicultural environment would be a plus Knowledge and Skills • Good knowledge on organizational and governance of information security: policy definition / risk management / control • Good knowledge in technical information security: network security, system security, application security Competencies • Client focus: ability to understand and take into account various business context and situations, and to translate them into security analysis • Excellent written and oral communication skills • Team spirit / positive attitude • Autonomous • A good level in French (oral) would be a plus

Saturday, January 28, 2017

Cyber Security Ethical Hacker

Cyber Security Ethical Hacker
Addison, TX
Permanent/Direct Hire 


Job description
Candidate will be a member of a world-class ethical hacking team and will be responsible for performing automated ethical hack assessments against high risk applications to identify application security risks. Candidate must be able to meet the demands of a fast paced, high stress work environment.


As an experienced professional, provide advice to client management with regard to moderately complex security issues. Assists in the review, development, testing and implementation of security plans, products and control techniques. Coordinates the reporting data security incidents. Provides technical support to the client and management and staff in risk assessments and implementation of appropriate data security procedures and products. Monitors existing and proposed security standard setting groups. State and Federal legislation and regulations. Identifies and escalates changes that will affect information security policy, standards and procedures. Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs. Researches attempted efforts to compromise security protocols. Administers security policies to control access to systems and maintains the company firewall. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.


Required Skills & Experience:

Must have strong and effective communication skills


Must be knowledgeable about application security vulnerabilities and threats and be able to explain risks associated with application vulnerabilities (OWASP Top 10)


Must be motivated and willing to continuously learn and improve application security skills.


Must be proficient in standard application security tools (plus - IBM AppScan, Burp)


Ability to work independently on initiatives with little oversight.


Strong analytical skills/problem solving/conceptual thinking.


Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding


Must have strong leadership skills and qualities which enable you to work with peers and various levels of management



Desired Skills & Experience:

Bachelor's degree or equivalent work experience in Application Security or related field


Strong understanding of common application security vulnerabilities and ability to articulate associated risks.


Strong analytical skills/problem solving/conceptual thinking


Expertise with IBM AppScan and/or Burp a PLUS



More information about the job


Is Relocation Available?

No


Are you open to sponsorship?

No


This position is:

New Position


Is there a possibility to work remote?

No


Is there equity?

No


Are there flexible work hours?

No



Zachary Herman
Senior Recruiting Specialist
Axelon Services Corporation
44 Wall Street, 18th Floor |New York, NY 10005
Direct(212) 306-0180 | Fax(212) 306-0191 
Email: zachary.herman@axelon.com
For more job opportunities: www.axelon.com

Friday, January 27, 2017

Cyber Security Threat Analyst

Job ID: (9127)
Title: IT- Cyber Security Threat Analyst/Specialist – Senior
Location:  Concord, CA
Duration: 4 month contract.
 
Job Description:
 
Responsibilities:
Major Areas of Responsibility/Tasks • Perform hunting for malicious activity across the network and digital assets • Respond to computer security incidents and conduct threat analysis as directed • Identify and act on malicious or anomalous activity • Conducts analysis using a variety of tools and data sets to identify indicators of malicious activity on the network • Perform initial investigation and triage for potential security incidents • Provide accurate and priority driven analysis on cyber activity/threats • Perform payload analysis of packets • Detonate malware to assist with threat research • Provides input to assist with implementation of counter-measures or mitigating controls • Ensures all pertinent information is obtained to allow for the identification, containment, eradication, and recovery actions to occur in a time sensitive environment • Collaborates with technical and threat intelligence analysts to provide indications and warnings, and contributes to predictive analysis of malicious activity • Resolve or coordinate the resolution of cyber security events • Monitor incoming event queues for potential security incidents • Create, manage, and dispatch incident tickets • Monitor external event sources for security intelligence and actionable incidents • Maintain incident logs with relevant activity • Document investigation results, ensuring relevant details are passed to senior analysts and stakeholders • Participate in root cause analysis or lessons learned sessions • Write technical articles for knowledge sharing • Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business units
 
Technical Skills:
This is a challenging and fast passed position in PG&E's Security Intelligence and Operations Center (SIOC) which is responsible for detecting, analyzing and responding to any suspicious cyber security activity across PG&E's business and operational networks. The SOC is a critical team within PG&E's broader Information Security team which is led by PG&E's Vice President - Chief Information Security Officer. Education Required: • Formal education or training in Computer Science, Network and Security, or a related field under way or completed; or equivalent experience in IT Security related roles Training, Licenses or Certifications Required: • Formal IT Security/Network Certification such as Chappell Univ's WCNA, CompTIA Security +, Cisco CCNA, SANS GIAC Certified Intrusion Analyst (GCIA), SANS GIAC Continuous Monitoring (GMON) certification, or related certification/degree Prior Experience Required: • 3 years of Information Technology experience, with at least 2 years of experience in information security working within security operations, security intelligence or equivalent functions Desired: • Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC) or a Security Operations Center (SOC) experience • Utility Industry experience Knowledge, Skills, and Abilities/ Technical Competencies Required: • Working knowledge of log, network, and system forensic investigation techniques • Working knowledge of diverse operating systems, networking protocols, and systems administration • Working knowledge of commercial forensic tools • Working knowledge of common indicators of compromise and of methods for detecting these incidents • Substantial knowledge of IT core infrastructure and cyber security components/devices • Working knowledge of TCP/IP Networking and knowledge of the OSI model • Working knowledge of OS management and Network Devices • Working knowledge of Intrusion Detection/Prevention Systems • Working knowledge of Antivirus Systems • Experience monitoring threats via a SIEM console • Experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs • Excellent problem solving, critical thinking, and analytical skills - ability to de-construct problems • Strong customer service skills and decision-making skills • Experience with packet analysis (Wireshark) and Malware analysis preferred • Working knowledge of PG&E infrastructure preferred • IBM QRadar and Dell SecureWorks experience preferred • Candidate must have familiarity with regulatory requirements, such as NERC/CIP, NIST SP 800, SOX, etc. Desired: • Experience with scripting in Perl/Python/Ruby • Experience with both desktop-based and server-based forensics • Reverse engineering skills Personal Attributes • Strong sense of professionalism and ethics. • Acts with integrity and communicates honestly and openly • Ability to build rapport and cooperation among teams and internal stakeholders • Respects others and demonstrates fair treatment to all • Methodical and detail oriented • Self-motivated • Actively seeks to enhance the group through the sharing of knowledge
 

Saurabh Singh| Trainee Recruitment Executive
Saurabh.singh@intelliswift.com
Contact: 510-370-4566
Newark, CA.

Wednesday, January 25, 2017

L3 Network Security

L3 Network Security ( Palo Alto Resources only )
Dallas, TX
Contract
 
 JD
*Able to design ,present, install ,configure & commissions Cisco Security Device.
*Prepare presentations and visio diagrams
*Able to provide quality project documents
*Exposed to best practice design & Implementation methodology
*Identifies ,isolates and resolves network security problems
*Hands on Experience on Cisco and PaloAlto Firewalls.
*PCNSE certified (ACE at the minimum)
*Managing remote access Cisco VPN, webvpn and AnyConnect
*Managing URL filtering
*Follows escalation & notification process as required
*Willingness to proactively provide input for improvements
*Some experience with Problem and Change Management processes and applications
*Excellent written and verbal communication skills. Technical Certification are advantage
*Excellent leadership skills and teamwork skills. Results oriented, high energy, self-motivated.
 
 
Mayank Kapoor
e-Solutions Inc| 2 N. Market St., Suite # 400, San Jose, CA -95113
Phone: 732-243-0957 Ext. 5137 | Fax: 408-521-0167
Website: www.e-solutionsinc.com
E-mail Id: mayank.k@e-solutionsinc.com

Monday, January 23, 2017

Network Security Engineer

Role/Skill: Network/Security Engineer
Location: Sunnyvale, CA
Duration: 6 -12 Months(Extension Possible)

Job Description:
·         Desired years of experience 8 -10 years+
Mandatory Skills:
·         Experience in Network / Security Engineering
·         Strong experience on end-user security and support
·         Create/review/update security policies and procedures
·         McAfee /Symantec/Palo Alto
·         Microsoft Safety Scanner
·         Content Filter
·         Spam Filter
·         Virus Protection
·         Vulnerability Analysis

Subbareddy
Recruter - US IT
Phone :732-640-2138

Thursday, January 12, 2017

Linux Security Analyst

• Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident
• Strong experience administering and monitoring enterprise operating systems, including Linux, Windows, and Solaris
• Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.

--Antoinette Tapia
Sourcer
Splunk Inc.
Mobile: 1+ (303) 912-5851
Email: atapia@splunk.com

Connect with me on LinkedIn: http://www.linkedin.com/in/tapact

San Francisco | Cupertino | London | Hong Kong | Washington D.C. | Seattle | Plano | Singapore | Munich | Tokyo | Shanghai
 

Firewall Security Engineer

Firewall Security Engineer
Warren, NJ
Fulltime
Telephonic
 
  • Design, implementation, and documentation of new information security solutions to support the various Client’s Electronic Trading environments.
  • Deployment, configuration and maintenance of the Client’s Firewall environment
  • Design and deployment of high-performance, low-latency technology solutions
  • Compliance and Controls – participate in various reporting functions, metrics analysis and vulnerability remediation initiatives
  • Stability and resiliency of the infrastructure
  • Change control management, coordination and process improvements between infrastructure and development/application management units
  • Ownership of Infrastructure Problem, Incident and Change management

Mohit Goyal
Sr. Talent Acquisition Executive

Mobile: +1 260 786 6448 Board: +1 516 545 0746
Email: mohit@erostechnologies.com
Website: www.erostechnologies.com

Thursday, January 5, 2017

Security Risk Assessor

Job Title: Third Party Security Risk Assessor

Facebook is seeking a Third Party Security Risk Assessor to join the Information Security team. This position will be responsible for understanding and executing third party reviews as part of Facebook's Third Party Risk Security Program.

The Third Party Security Review specialist will be someone that has a passion for evaluating security risk posed by vendor relationships along with internal Facebook processes and technologies while empowering Facebook's culture of rapid innovation and helping demonstrate Facebook's dedication to security to the world. This role requires a mix of broad business and technical acumen, evaluating risk, and a polished ability to communicate. This is a contract position.

Responsibilities
Help demonstrate Facebook's commitment to security to internal and external stakeholders
Complete security reviews of third parties doing business with Facebook
Understand technical implementation details necessary to identify and assess security risks and recommend mitigating controls
Participate in the development and oversight of required corrective action plans relating to security risk issues specific to security reviews completed
Understand business process and requirements relative to the specific vendor security reviews

Requirements
Experience assessing Information Security risk with strong preference given to individuals who have completed vendor security risk reviews and technical risk assessments;
3+ years of proven experience working on Information Security teams or projects;
Strong program and project management skills required;
Experience with developing security reporting that is meaningful and actionable for a variety of audiences including internal stakeholders and external third parties;
Knowledge and understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, physical security, etc.;
Understanding of processes for risk evaluation and assessing third parties across diverse industries and against a broad range of security requirements;
Bachelors in business and technology preferred or equivalent experience.


Jagdeep Kaur | 
TalentBurst, Inc.

Boston | San Francisco | Miami | Milwaukee | Toronto | New Delhi | Bangalore
Work: (415) 523-8560| Email: jagdeep.kaur@talentburst.com
575 Market Street Suite 3025 | San Francisco, CA 94105 | www.talentburst.com