Thursday, March 30, 2017

Sr Security Engineer

Role: Sr Security Engineer
Location: SFO, CA
Duration: 12+months

Work closely with project managers and enterprise architects to ensure the implementation of approved security designs. Work with business partners to implement the overall solution architecture and providtechnical leadership during the design, development, and testing phase of major initiatives. Create and present engineering design documents to business partners and executive leadership. Support the implementation and enforcement of security and design principles according to the policies, standards, and procedures of Gap Inc. Research and present trade’ documents and risk assessments to leadership. Partner with Gap Inc.'’s Centers of Excellence to provide guidance on security issues. 

SKILL SET 
Bachelor's degree in Computer Science or EE preferred. CISSP, GIAC or CISM preferred. Security engineering experience. Enterprise level security experience. Knowledge of cryptographic systems and algorithms. Experienced in leading the implementation of multiple large, multi-platform security initiatives. Knowledge and understanding of security best practices and designs. Detailed understanding of the Payment Card Industry (PCI) security standard. Experience in the implementation of controls to mitigate PCI issues. Strong communication skills required to discuss and present complex engineering principles and issues to both technical and non-technical business leadership. Ability to work with multiple project teams, provide engineeringguidance and decision making to ensure architectural alignment. Ability to adapt to rapidly changing priorities and conditions. 

EXPERIENCE LEVEL 
8+ 
years

Infrastructure Security Engineer II 2 Folsom St. Gap Inc. Technology is the engine driving innovative retail, e-commerce, and global enterprise technology for Gap Inc.’s five renown brands – Gap, Banana RepublicOld Navy, Athleta and INTERMIX. We’re looking for exceptional talent with fresh ideas, cutting-edge skills, and a passion for retail technology. As part of our team, you’ll be exposed to hands-on learning opportunities across all facets of the Gap Inc. Technology organization, working on high-profile, big-impact projects alongside the best technologists and leaders in the industry. Ready to get started? The Infrastructure SecurityEngineer reports to the Director of Data Protection and Infrastructure. In this role, the Engineer will work closely with technical peers across all of GapTech to ensure that all of our customer developed platforms and technologies protect all Gap Customer and Employee Data analyzed, captured, processed, and/or stored. The Engineer will also be key to enabling security self-sufficiency across our DevOps organization by help design, deploy, and operate solutions that strengthen our capabilities in Data Protection, Endpoint Security, Critical Infrastructure, and Vulnerability Management. Responsibilities: • The Information SecurityEngineer position works closely with infrastructure, application, and managed service provider teams to ensure the securityposture of Gap’s global enterprise is maintained, including endpoint, network, server and bordersecurity . • Assist in developing solutions to ensure existing and new systems and application deployments are appropriately secured to meet security policy and standards, and audit compliance requirements • Identify security issues and risks asssociated with ecurity events reported by L1 or L2 InfoSec teams, or via alerts from various security tools, and develop remediation and/or risk mitigation plans • Participate in investigations of suspected information technology security misuse or compliance reviews as requested by Gap’s SecurityCouncil, InfoSec management, or as required when alerts are received from InfoSec threat monitoring tools • Assist in responses to internal and external compliance audits, e-Discovery data collection, penetration tests and vulnerability assessments • Coordinate maintenance of security-related systems (Anti-Virus, Patching, Intrusion Detection, Logging, Anti-spam, etc.) Qualifications: • Bachelor's degree in computer science or related field, preferred • 3-5 years of experience in the security field with working knowledge of any network and InfoSec components, including firewalls, intrusion detection systems, anti-malware products, e-Discovery and forensics tools and products, data encryption, VPN's, vulnerability scanners, multiple operating systems (Windows, UNIX, Linux, etc.), and directory services (Active Directory, LDAP) • Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols • Demonstrated programming ability in C, C++, Java, php, Javascript, python, perl, and other languages • Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc. • Passion to learn or knowledge of information security risks and counter-measures for Windows and Unix/Linux platforms • Demonstrate the strong communication skills required to discuss and present engineering principles and issues to both technical and non-technical business partners & write concise proposals and documentation • The ability to provide support after normal business hours, as needed Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001

They use Linux based systems, so a strong Linux background is required

Strong Python and Ruby skills also required

3 to 5 years of experience and exposure to security tools required

Top 3 skills:
  1. Linux
  2. Python
  3. A coding language 


Sara
IT Career City

Information Security Analyst

Job Role: Information Security Analyst at T-Mobile
Location: Bellevue, WA
Duration: 12 + Months contract with a high possibility of extension/conversion based on performance.

Job Description:
Security analysts use a variety of databases, software applications, and other intelligence research tools to identify, assimilate, examine, interpret, and evaluate all-source information/intelligence to determine the nature, function, interrelationships, personalities, capabilities, and intent regarding the capabilities and focus of cyber threat actors.

Enterprise Core Competencies
Requires competency in customer focus, change & innovation, strategic thinking, relationship building & influencing, and results focus.
Essential Functions
• Monitor and analyze network traffic to establish accepted baselines and identify anomylis activity.
• Develop and deliver network traffic profiles for distribution to the security operations teams.
• Validate information/data, identify threat concerns and address them through established escalation processes
• Collects, organizes, analyzes, interprets, and summarizes network traffic and develop reports to provide actionable remediation plan
• Display critical thinking in the creation of narrative reports, presentations, visual mapping and link charts or similar diagrams to report analytical assessments
• Possess strong technical security skills with hands-on experience, particularly in network packet capture and analysis.
• Must have a strong understanding of sophisticated cyber-attacks, hacking techniques and associated defensive techniques
• Interact and assist other teams on time-sensitive, network investigations
• Strong oral and written communication skills, able to communicate with senior Technology and Business management
• Strong team player with the ability to build relationships from both a business and technical point of view
• Coding (scripting) experience e.g. Perl, VB Script, Python etc.
• Ability to plan, organize and prioritize tasks to complete independently and within time frame established

Required Qualifications:
• Minimum 4 years of experience in info security traffic analysis, network capture, and threat intelligence or related field • Strong knowledge of multiple technical security subject areas • Knowledge of critical security elements, threats, vulnerabilities, and safeguards • Knowledge of information security policies and regulatory controls (per team function) • Strong written, verbal, and interpersonal communication skills; ability to communicate internally, upward, and cross functionally; ability to interface with cross-functional team members to gain support required to accomplish assignments; able to build coalitions • Always act with tact and integrity, and interface with a variety of individuals in a positive and productive manner • Strong problem solving / troubleshooting skills • Ability to plan, organize and prioritize tasks to complete independently; Ability to work under pressure and meet tight timelines

Preferred Qualifications:
The must haves are in the description. Most relevant is understand network traffic flows and flow analysis. Data analytics is needed for analysis work. The must haves are in the description. Most relevant is understand network traffic flows and flow analysis. Data analytics is needed for analysis work.


Purbasha Banerjee
Recruiter |D: 14254494569 |F: 425-440-3970 

Frontend developer

Role: Frontend developer    
Location: Sunnyvale, CA
           
 Responsibilities:
— 3+ years of Front end web development using HTML5, CSS, JQuery, Angular.js, (or similar Java Script technologies)

— Deep understanding of Web development including security and API integration
— Strong problem solving skills
— Good Oral and written english communication skills
— Experience with GIT
— Have implemented HTML5 and Responsive / Adaptive Web Design
— Experience in AJAX, XML, JSON
— Experience with JS MVC frameworks (AngularJS, Backbone.js, CanJS, etc)
— Possess firm knowledge of cross-browser, cross-platform & cross-device compatibility standards and behaviors
— Experience with CSS3 animations is nice to have
— Experience using other dynamic web application languages (JSP, PHP, XSLT) is a plus


Biswajit Dash
Intelliswift Software, Inc.
Phone: 510-370-4542 (office)
39600 Balentine Drive,
Suite 200, Newark, CA 94560
biswajit.dash@intelliswift.com||www.intelliswift.com
biswajit.intelliswift@gmail.com

Information Security Engineer

Job Title : Information Security Engineer
Duration : 3+ months Contract
Location : Duluth, GA

Start Is ASAP.

Job Description :
·         Manage the design, implementation, and support of a diverse security infrastructure including firewalls, IDS/IPS, secure web gateways, endpoint security, vulnerability scanners, SIEM and DLP.
·         Serve as the Subject Matter Expert and conduct security reviews and testing of new projects and initiatives.
·         Research and recommend emerging security technologies and tools to address current and future threats.
·         Provide guidance for security remediation to business and IT partners.
·         Create and maintain documentation as it relates to security designs/configurations, processes, and requirements.
·         Collaborate with key stakeholders to assess near- and long-term security needs.
·         Participate in security incident response process.
·         Develop and maintain partnerships with key vendors to ensure that service levels are understood and met.
·         Mentor junior members of the Information Security team.
·         Working in a rotational 24x7 SOC environment.
·         Provides analysis and trending of security log data from a large number of security devices.
·         Provides threat and vulnerability analysis as well as security advisory services.
·         Bachelor's or Master's Degree in Information Systems, Computer Science or related discipline
·         CISSP certification


Surya Kulkarni
Desk:   404-496-4368 *416
Direct: 404-380-1806

Enterprise Security Engineer

Job Title:                      Enterprise Security Engineer
Job Location:               Atlanta, GA
Duration:                     12 + Months Contract
No of Jobs:                  2
 
Job Description:
Technical Skills:
Excellent knowledge on IDAM space;
Excellent working knowledge on Oracle Access Manager 11g R2 PS3,  OIM, OVD, OHS, IIS, Weblogic Web servers and Webgates, LDAP
Experience on Cyber Ark
Experience on RSA Multifactor Authentication
Excellent understanding on the Shared Services in Security
Knowledge Dynatrace and other monitoring tools
 
Technical and Professional Requirement:
He/She should have experience & capabilities to provide technical solutions to Production Support issues.
- Good in Customer orientation by understanding the Requirement gathering and interpret nicely to the offshore team.
- Identifying, Analyzing and providing a solution to the issues in the Shared Service - Security based servers of Production to Development environments
-  Should have good hands on experience with Shared Service Security System Integration for Oracle Identity & Access Management solutions (OIM & OAM).
- Review the IT artifacts and guide the team in accordance to the industry best standards.
- Adhere to the timelines and guide the team in documenting and implementing the changes
- Leads through thought leadership, responsible for providing strategic direction to the Production Support processes, business strategy and growth initiatives.
- Sets vision and provides strategic direction and thought leadership to the group in the Program/Project
- Maintains key the relationships with clients and interacts with clients for current Production Support tasks and new business initiatives.
-The Operational Production Support Technology Lead will be responsible for Production and Operational support activities, attending day-to-day user requests, application alert monitoring, health checks, and incident management, prepare and maintain operational activities documentation.
- Full Accountability on support of Security Shared Services applications 24 X 7 by meeting SLA
- Willingness to work on weekends on rotation basis
- Good problem solving and analytical skills
- Ability to work under pressure and co-ordinate with offshore team and provide guidance on Incident Management, Work Order Management, Change Management, Problem Ticket Management, Stakeholder communications, Role back plans, etc...
- Co-ordination with enterprise infrastructure teams
- Document daily activities and maintain documents in sharepoint
- Provide analytical and technical guidance to the team and recommend and/or take action to direct the analysis and solutions required,
- Come up with a plan to automate operational activities
- The candidate will work closely with the other project team members to deliver the working solution and test process for the access management solution.
The candidate will also work closely with our information security group, IT policy owners, end user technologies specialists, and application architects.
- Good Communication Skills.
- Ready to work in onsite/offshore model and shifts

Vikash Kumar.
First Tek, Inc. (FSTONE Technologies)
1551 S Washington Avenue, Suite 402 A, Piscataway, NJ 08854Phone: (732) 276-1463 | Fax: (732) 909-2773
Vikash.Kumar@first-tek.comwww.first-tek.com |

Incident Response Engineer

Position Title:              Incident Response Engineer
Client:                          Montgomery County Government
Work Location:          Rockville, Maryland
Estimated Duration:   6 months+

FYI: - Background Investigation will be conducted before on boarding, once confirmed (selected).

Job Summary

Client is expanding its current Information Security Incident Response program. Client seeks a qualified contractor with extensive experience and subject matter expertise in identifying, analyzing, scoping, containing and eradicating real-world threats. 

Requirements: 
Contractor will be a direct report to the County’s Enterprise Information Security Officer, and also receive direction from the Enterprise Information Security Office Security Architect.
Contractor will work side-by-side with County staff to facilitate knowledge transfer.

Responsibility Include:

Consultant will: -
·         participate in a 24/7 on-call operation that monitors for and responds to security events on Montgomery County's networks, including working with external entities, where necessary.
·         respond to information security incidents, including internal and external events and targeted threats.
·         develop internal tools used to respond to incidents (e.g., forensic toolkits) or recommend the purchase of specific tools to support Montgomery County’s unique environment
·         identify and execute on projects that improve our intrusion detection and incident response capabilities
·         prepare recommendations, including language where appropriate, for updates to or creation of incident response procedures.
·         prepare weekly status report that will include:
·         Work completed
·         Work planned for the next 1+ week(s)
·         Risks
·         Items for escalation

Evaluation Criteria:
1.    Qualified candidate must have Subject Matter Expertise in incident response procedures and processes, including knowledge of common indicators of compromise and of methods for detecting these incidents
2.    Qualified candidate must have Subject Matter Expertise in common incident response tools such as Splunk, Snort IDS, AlienVault SIEM, and Kali Linux
3.    Qualified candidate must have a minimum of five (5) years of experience in performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, or intrusion prevention logs
4.    Qualified candidate must have a minimum of five (5) years of experience in performing client/customer interviews and documentation of security incidents


Kaleem Khan
Priserve Consulting Inc.
1035 Dairy Ashford Rd, Suite 220, Houston, TX

Wednesday, March 29, 2017

Sr. Security Engineer

Sr. Security Engineer
Location:          Novato, CA (20 minutes North of San Francisco; relocation assistance provided)
Salary:              $140-170K DOE + 10-15% Annual Bonus
Position is available as a Contract and Contract to Hire
100% Remote work is not available
1-2 days telecommute is an option

An extremely successful publicly traded international company that is a leader in the industry is looking for a Sr. Security Engineer. The company has been in business for 12+ years, is public, earns $30+ million in net income, has cash reserves, is NOT VC funded, is cash flow positive, has 2400+ international employees and has over 100 million active global users. The company develops extremely high volume online and interactive web based products.

The Sr. Security Engineer will join and assist the Security Operations Center Manager and Sr. Security Architect in the ground up design, build out, evolution and management of a World Class Security Operations Center. The first order of business for this position will be the design, configuration, implementation and utilization of a formal Incident Response System and a SIEM System. The company is currently using Splunk and Imperva for Incident Response and SIEM respectively. Note that the systems are in a rudimentary stage and the Security Operations Center Manager and Sr. Security Architect are not locked in on these tools. The Sr. Security Engineer will, at the minimum, have an extensive understanding and solid professional experience with Incident Response Systems and SIEM systems; regardless of specific security tools. The Sr. Security Engineer will be responsible for receiving security alerts, identify attacks via Splunk or Imperva, investigating the security issue, determine impact of attack, plot remediation course (install ACL’s, take steps to stop or shut down attack, remove malware, etc.), identify gaps in coverage and create security solutions to fill gaps. Once the Incident Response and SIEM systems a fully operations, the Sr. Security Engineer will work with the Security Operations Center Manager in researching, evaluating, creating POC’s, testing in lab environment and implementing the appropriate IDS/IPS, Vulnerability Management Systems, Web Application Scanning and DLP/DLS’s based on the Sr. Security Engineer’s and SOC Manager’s expertise in the field and the current environment and collaboration with the Sr. Security Architect.
Additional responsibilities:
Plan and execute regular incident response and postmortem exercises
Manage security event investigations, partnering with other departments as needed
Create, implement and continually evaluate and update SOC policies and procedures as appropriate
Develop metrics and scorecards to measure risk to the organization, as well as effectiveness and efficiency of SOC analysts
The Sr. Security Engineer will report to the Security Operations Center Manager

Please note that the Hiring Security Operations Center Manager and Director of Security understand that a Sr. Security Engineer will not have experience with all of the above security tools and responsibilities. Expertise with Incident Response OR SIEM systems is mandatory.

The company offers matching 401K, full benefits (PPO & HMO) including medical, dental and vision, paid vacation and paid holidays, Short and Long Term Disability, Life Insurance, Employee Assistance Program, fitness reimbursement program, free onsite gym, free espressos and snacks, casual dress, paid parking (or public transportation subsidization) and flexible work hours that all start upon employment.

REQUIREMENTS:
Must have 4-5+ years of Information Security Engineering experience
MUST have significant experience with either Incident Response Systems OR SIEM Systems (Splunk, IBM’s QRadar, HP’s ArcSight, LogRythym, AlienVault, Nitro, Imperva, etc)
Experience performing event monitoring, packet analysis, log analysis, etc
Experience performing Security Remediation

The following are only a Plus (NOT mandatory):

Experience with the ground up design, configuration and implementation of a formal Incident Response System or SIEM System a plus (including processes, procedures, investigations of incidents/security breaches/hacks and resolutions).
Experience designing and building out or working within a formal SOC is a plus
Understanding of OWASP
SQL Injection
Cross-site scripting / XSS: understanding of what types of web attacks exist

Any experience with any of the following security tools only a plus, not mandatory:
  • Network: Palo Alto Threat Platform (ability to get around the GUI, perform queries)
  • IDS/IPS: Cisco, Sourcefire, Snort, Palo Alto, Qualys, etc.
  • Vulnerability Management: Qualys, Nessus/Tenable, Nexpose, etc.
  • Web Application Scanning: IBM’s AppScan, HP WebInspect, W3AF, BurpSuite, QualysGuard WAS, NetSparker, etc.
  • DDoS: Arbor Networks, Prolexic
  • Penetration Testing
  • AntiMalware: Malwarebytes’ Anti-malware, McAfee, ClamAV, ViruTotal
  • GRC: governance, risk and compliance (GRC): MetricStream, ARIS, IntelligenceBank, Resolver, BP Logix, etc.

Any experience designing and architecting security systems
Global security experience
Any Security experience in a high volume highly interactive web based environment is a big plus
Any experience with anti-virus, firewalls, Active Directory, web proxies, DDoS mitigation strategies and solutions, Linux / Windows operation systems, TCP/IP, packet analysis tools (Wireshark, etc.), databases and web applications /servers
Any experience with or knowledge of Security and privacy regulations
Certified Information Security Professional (CISSP) or equivalent certification is a plus
CISO, CISM, CPP, GIAC, ISSO, CPP, GCIA, GCIH, CEH, CPSSE, ECSP, GSSP
BS and/or MS in Computer Science or a related degree

With your resume submittal, please answer the following questions:

Citizenship status: U.S. citizen or Green Card or EAD Holder or H1 Visa holder (chose one)

If a Visa holder, can your Visa be permanently transferred to my client for a full time permanent position? (This is not a C2C contract or contract to hire).

Do you prefer a full time permanent or contract position?

What is your current base salary or contract rate (W-2 or 1099)?

What salary range are you considering (please do not respond *negotiable* or similar).

Why did you leave your last 3 employers?


Al Karaptian
Phone:  310.937.3388