Friday, April 28, 2017

Security Engineering

Job Title: Principal Analyst – Security Engineering
 
Job Location: Mountain View ,CA /Herndon, VA
  
Duration: 6 Months

 

Job Description
Principal Analyst – Security Engineering High level responsibilities Accountable for design, implementation and administration of  Security Engineering in the Information Security department Ability to detect, analyze information security threats, and be able to architect solutions for it. Able to operationalize processes to drive a robust security architecture. Work closely with IT and architecture teams to guide security direction and solutions in alignment with Industry best practices. Hands on experience with deploying security solutions in on-premise and public cloud environments. Be able to architect, deploy, enhance, orchestrate, automate and operationalize information security capabilities for the enterprise network. Accountable for Serve as a subject matter expert on information security architecture, threat & vulnerability management and security analysis. Perform security design reviews to assess security implications for introduction of new and differentiated technologies within the environment. Drive security orchestration efforts in the enterprise to drive efficiency in security operations Analyze compromised/potentially compromised systems and participate in incident response as required Qualifications Candidate must have 7+ years working in information security College degree BS/MS in Computer Science preferred Expert level hands on experience with log management tools such as Splunk. Medium-level hands on experience with tools such as DLP and IPS. Strong in operational processes.   Security Operations Center experience a plus Some level of experience working with security monitoring, and security incident/event management tools is a plus Experience in security orchestration and automation a plus Experience in any of the public clouds  – AWS, Azure, is a plus Travel requirements <=25% that would include GSO all hands meetings, team offsite meetings, training and client facing presentations Security certifications are a plus (CISSP, CISM, CISA, SANS, Security+, etc


Mayur Kharwadkar
Infobahn Softworld, Inc.
www.infobahnsw.com
2010 N. 1st Street, Ste 470,
San Jose, CA 95131
Phone: (503) 755-6484
Email: mayur@infobahnsw.com

Senior Cyber Security Engineer

JOB DETAILS:
Position           :  Sr. Cyber security Engineer
Location         :  
Franklin Lakes, Saint Louis, Bloomington, NJ, MO, MN.
Full Time        :  Fill Time

--Only On W2--

Job Description:
POSITION SUMMARY
This position functions as a member of the enterprise Security Engineering organization, focusing on the application of cybersecurity concepts and controls as applied to information technology design and implementation.

He /She will work across the organization to ensure the design, development and implementation of both new and existing security capabilities and standards including threat modeling, vulnerability management, analytics, incident response and investigative support across the network security landscape. The Sr. Cybersecurity Engineer will both develop and adhere to ESI's network security design principles and information protection policies. Focus will be on assuring the security of the computing environment, protecting customer and employee confidential information, and complying with regulatory requirements. This is accomplished through strong information risk governance, active collaboration with business risk managers, and providing high quality security solutions and services that ultimately work to improve overall risk posture.

Security Engineering acts as a collaborative partner to the CISO in protecting the Confidential Information of our members, clients, partners, employees, and the corporation. Our mission is to deliver, optimize, and maintain a comprehensive ecosystem of security control technology, solution designs, methods, and processes to detect, deter, and prevent compromise of our systems and data theft from both internal and external sources, and to protect against the unintentional misuse and exposure of confidential information. We will ensure that security controls are being monitored, that they remain viable, that they are performing as expected, that they are alerting, and collecting data that is useful in providing threat intelligence. We will remain vigilant in assessing our attack surface and staying abreast of current and emerging threats.

ESSENTIAL FUNCTIONS

  • Identify areas for architectural, engineering, and operational improvements of existing security solutions
  • Engineer, implement and monitor security measures for the protection of computer systems, networks and information
  • Design computer security architecture and develop detailed cyber security designs
  • Complex planning and analysis to determine what tools, technologies, processes, and controls are needed to meet security objectives.
  • Develop and update security metrics for framework maturity, security posture governance, and reporting
  • Perform systems security engineering activities for deployment of new enterprise cyber security technologies
  • Ensure all security technologies and solutions are operating at a high level of assurance and properly integrated into SIEM solution(s).
  • Be a strong partner and collaborate with company Information Risk Management organization in identifying and developing solutions for evolving threat model.
  • Identify risks/gaps and make recommendations for remediation.
  • Stay current on the latest and emerging cyber threats and threats to enterprise information security and proactively work to address risk.
  • Prepare and document standard operating procedures and protocols
  • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
  • Ensure that the company knows as much as possible, as quickly as possible about security incidents

Qualifications:

  • 8 + years of proven work experience as a system security engineer or information security engineer
  • Experience in building and maintaining security systems
  • Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus / anti-malware software, authentication systems, log management, content filtering, email security DLP and remote access
  • Experience with network security and networking technologies and with system, security, and network monitoring tools
  • Experience with computer and end-point security solutions and technologies
  • Experience with penetration testing, vulnerability management, forensic investigation and red team / blue team exercises
  • Thorough understanding of the latest security principles, techniques, and protocols
  • Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols and application security concepts including WAF.
  • Basic working knowledge of Unix/Linux operating systems and concepts
  • Scripting / automation background a plus
  • Security certifications a plus (CISSP, SSCP, CISA, etc.)
  • Bachelor's degree in Cyber security / Information Security or related experience
Kavya|Recruiter| Email: kavya@softpath.net
Direct: 770-450-6430| Fax: (404) 315-1558
Softpath System LLC | 3985 Steve Reynolds Blvd | Bldg C| Norcross GA 30093
www.softpath.net

Network DevOps

Role: Network DevOps (Jr. - Mid)
Location: Downtown Dallas, TX
Duration: 12 month open-ended Contract (long-term contract, permanent potential)
*Exclusive to Apex. Interview Immediately. 
*4 openings 
 
Looking for someone with a networking/scripting or systems/security background.
 
  • You will be joining the ticket automation team who is building the back-end for the mass security team. You will be working with network customers, going through logs and performing systems side scripting.
  • Languages: Perl, Python PHP, Bash, korn, or shell scripting.
  • Networking experience
  • Telecom background is nice to have
 
These are the type of flows for each device that will need to be created :
•Palo Altos Ping System Health Check
•Palo Altos High CPU Memory Alert
•Palo Altos HA Alert
•Jun Ping System Health Check
•Juniper Interface Up Down
•Juniper High CPU Memory Alert
•Juniper HA Alert
•Fortigate Ping System Health Check
•Fortigate Interface Up Down
•Fortigate High CPU Memory Alert
•Fortigate HA Alert
•Checkpoint Ping System Health Check
•Checkpoint Interface Up Down
•Checkpoint High CPU Memory Alert
•Checkpoint HA Alert
•BlueCoat System Health Check
•BlueCoat Interface Up Down
•BlueCoat Disk Check
•BlueCoat Attack
•Cisco ASA System Health Check
•Cisco ASA Interface Up Down
•Cisco ASA High CPU Memory Alert
•Cisco ASA HA Alert
 
 
Jennifer D’Souza | Professional Recruiter | Apex Systems
222 W. Las Colinas Blvd, Suite 645E, Irving, TX 75039
Office: 972-550-9191  |  Fax: 972-550-9161 
jgarza@apexsystemsinc.com  |  www.apexsystems.com

Thursday, April 27, 2017

Cyber Security Engineer

TITLE:
 Cyber Security Engineer
 STATUS:
 Open
 JOB CODE:
 17658
 LOCATION:
 Washington, DC, United States
 # of Openings:
 1
Emp Type
Permanent/Fulltime


Requisition Details:

HP ArcSight Administration
SIEM Operations
HP ArcSight Content development - co-relation rules and policy orchestartion
QualysGuard Vulnerability management
Qualysguard administration
VA operations, scan rules etc.
Genereal Role and Responsibilities
Use Case Requirement gathering,
 - Dataset and Datafield mapping
- Anomaly identification
- Maintaining and managing the threat intelligence platform
- Threat briefings to Client
- Incident Response
- Management and configuration of Vulnerability Management (VM) platform
- Scheduling and running Infrastructure
- Preparing security advisories and defining the severity levels for the vulnerabilities
- Scanning, validation and reporting of vulnerabilities on daily and monthly basis
- Preparing monthly security reports for the management

ArcSight Content Development:
- Log Sanity and Operational Assessment
- Development of Fraud Monitoring rules
- Development of Cloud Monitoring rules
- Generate and Schedule Ad-hoc reports
- Development of use cases for security monitoring
- Fine tuning the use cases and improve on the alerting mechanism
- Participate in new integrations with ArcSight and determine effective ways for ingesting the logs in SIEM.




DaYa Shashtri
Work: +1-516-545-0716,
EROS Technologies Inc.

Infrastructure Security Architect

Infrastructure Security Architect
   
Description:                
Exciting opportunity for an experienced IT infrastructure security architect to join one of the world's leading customer experience management software companies. In this role, you will be responsible for identifying security risks to global IT infrastructure, designing scalable security solutions, driving implementation and demonstrating effective risk mitigation to leadership. The role will be the technical subject matter expert on network security, system security, security monitoring and other infrastructure security related areas. You will also design & implement security controls within Docker container / Apache stack environment. Requires solid understanding of containerization & network segmentation within a software defined network. Requires strong Python scripting skills and good understanding of Docker.

Responsibilities include but are not limited to:
* Own the security of the technology stack supporting our SaaS applications, including
VMs, Docker containers, OS configuration, and networking
* Create secure configuration templates and network architecture standards, for our SaaS
offering as well as our corporate IT infrastructure
* Perform threat modeling to identify weaknesses, and provide remediation guidance
* Design and build security into next generation software-defined network, for both
on-prem and cloud environments
* Periodically and proactively assess system and network alignment with established
baselines and standards

              

Requirements:            
Background / Experience requirements:
- Minimum of 5+ years of experience in technical infrastructure security related function
- Deep knowledge of the security aspects of microservices and associated technologies,
including Docker configuration, and distributed file systems (e.g., Ceph, NFS)
- Deep knowledge of authentication protocols, applied cryptography, PKI, and TLS
- Deep knowledge and experience in Unix, Linux and OS X
- Working knowledge of directory and distributed authentication/authorization technologies
(OpenLDAP, Active Directory, RADIUS, SAML, OAuth)
- Strong scripting skills (Perl/Python/Shell) and ability to write code for automation
- Experience in a technical security role with hands on experience in design and
implementation of network security, operating system security, vulnerability assessment
- Experience with customizing open source tools for enterprise deployment
- Experience with audits and certifications to regulations and standards like PCI DSS, SOC
2, ISO 27001:27002
                                   
Location:  Palo Alto, CA


Lauren Twisselman | Technical Recruiter The Armada Group - On Demand Talent Solutions
O: 408.520.9454 F: 831.515.5111  Skype ID: armada.lauren.twisselman

Systems Administrator

Title: Data Center/Systems Administrator – II
Location: Plano, TX
Duration: 12 Months 
 
Description
Security Operations Center Analyst Role - McAfee 
 

The primary purpose of the Security Operations Center (SOC) Analyst position is to help detect, analyze, coordinate, resolve, and report on cybersecurity incidents impacting McAfee, Inc. This position involves critical duties and responsibilities that must continue to be performed during crisis situations and contingency operations, which may necessitate extended hours of work.
 
Duties and Responsibilities 
• Responsible for working in a 24x7 SOC environment.
• Provide analysis and trending of security data from a large number of heterogeneous security and non-security devices.
• Provide Incident Response (IR) support when analysis confirms actionable incident.
• Investigate, document, and report on information security issues and emerging trends.
• Integrate and share information with other analysts and other teams.
• Other duties as assigned
 
Required Qualifications 
• Bachelor's degree in a related field or equivalent demonstrated experience and knowledge
• GCIA, GCIH, or other related certifications strongly preferred (must be current)
• CISSP certification preferred (must be current)
• 2-4 years' experience as a Security / Network Administrator or equivalent knowledge
• Knowledge of various security methodologies and processes, and technical security solutions (firewall and intrusion detection systems, endpoint protection systems, etc.)
• Knowledge of common Internet protocols and applications, TCP/IP protocols, network analysis, and network / security applications
• Experience in large, heterogeneous enterprise environments
• Ability to multi-task, prioritize, and manage time effectively
• Strong attention to detail
• Excellent interpersonal skills and professional demeanor
• Excellent verbal and written communication skills
• Excellent customer service skills
• Proficient in Microsoft Office Applications
 
Desired Qualifications 
• Network Certification (for example: CCNA, etc.)
• System Administrator / Engineer certification (for example: MCSA, MCSE, RHCE)
 
Personal and Professional Qualities 
The successful candidate will possess the personality traits, work habits, communication, and social skills necessary to work effectively within a dynamic and highly operational enterprise environment. The successful candidate will have exemplary personal and professional integrity and demonstrate strong interpersonal skills.


Astick Venkata Challa,
Bellevue, WA, 98004, United States
(415) 854-0683
astickvc@aditistaffing.com
Aditi Staffing

Wednesday, April 26, 2017

IT Security Analyst

Our client, a global life sciences leader, has an immediate need for a Level II IT Security Analyst to join its San Francisco Peninsula, CA operations. 

This individual will work as a lead within the IT Incident Response Team. 

Responsibilities 
  • Technical leadership for cyber security and incident response; including event correlation, malware/threat analysis and incident management
  • Cyber Security threat and vulnerability analysis
  • Demonstrate exceptional communication skills, written and verbal, working in a globally distributed team working closely with cross-functional groups
  • On call rotation for after-hours support
Requirements
  • Network Security Monitoring experience; tuning IDS/IPS, SIEM
  • Acted as a lead in a security operations or incident response team
  • Forensic or malware analysis experience
  • Penetration Experience testing
  • Strong communication with the ability to document technical details clearly and concisely

Inno Tolentino | Technical Recruiter | w: 925.271.6790 | c: 925.413.5196 | https://www.linkedin.com/in/innotolentino

Security Software Engineer

Job title: Security Software Engineer

Location: Foster City CA 94404

Duration: 6 months with high possibility of extension, likely extension or conversion depending on performance.

JOB SCOPE
This candidate will join Global Information Security and will help drive the successful adoption of Secure Software Development Lifecycle practices across Visa’s product development teams and help build foundational application security capabilities. The primary focus of the candidate is to help performing source code review using static testing tools such as Fortify on Visa's critical and highly rated application and help drive the successful rollout of the dynamic security testing suite - AppScan Enterprise within Visa.

• Help implement a pre-defined Secure Software Development Lifecycle practices for all Visa technology projects throughout the planning and delivery cycles that assure that investments in IT generate business value and mitigate the risks associated with information security
• Ensure end-to-end security of Visa products by hands on testing, helping development teams, remediating risks upfront
• Improve secure coding practices, application security requirements, automation, training, and metrics.
• Help build secure products and standards around emerging technologies and fields lacking existing standards and security practices
• Work with security testers on proper AppScan scan configurations and setups including activities such as manual explore, multi-step operations etc to provide solid application test coverage.
• Trouble shoot common and complicated AppScan issues such as network connectivity, login, performance and looping issues.
• Triage the AppScan reports. Work with development organizations to review and fix vulnerabilities according to Visa’s Secure Coding Standards.
• Act as a liaison to IBM technical support, maintain the records of PMRs; patch and upgrade the AppSan Visa system in a timely fashion.
• Build strong cross-organizational relationships and effectively influencing staff across the IT organization and broader enterprise
• Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals.
• Collaborate with product and solution teams to achieve Global Information Security software security program objectives. .
• Develop and optimize processes to improve software development efficiency in the consumption of security development practices.
• Maintain active understanding of industry practices for secure software development and incident response.
• Represent Visa in the software security community globally.
QUALIFICATIONS
• Undergraduate degree in Computer Science, Electrical Engineering or a related technical discipline; advanced degree preferred.
• Hands on experience with one or more of the following programming languages: C#, Java, JavaScript, Objective C, C, C++ and Ruby; Experience in building ENTERPRISE web applications preferred
• MUST have deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
• Excellent understanding of web applications, web servers, layer 7application technologies, frameworks and protocols with respect to application development and deployment
• Well versed in web application design, penetration testing, application risk assessment and risk categorization
• Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developers world
• Success in implementing effective Secure SDLC frameworks across a large corporation.
• Hands on experience with SAST testing tools such as AppScan, Web Inspect and burpsuit.
• Understanding of Mobile application and platform security; deep understanding of platforms, SDK’s and interaction with application layer PREFERRED
• Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models. Deep knowledge of/experience with the following:
• Agile SDLC processes and PMO reengineering Enterprise and application architecture
• SAST, DAST and fuzz testing tools
• Highly effective communicator; well honed influencing and negotiating skills
• Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution.
• Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams
• Demonstrated leadership qualities, flexibility, adaptability to changes in roles and responsibility as required.
• 2 to 5 years in technology, information security, and/or application development.
• Excellent operational skills; quality and results oriented
• Strategic thinker; visionary; innovative
• Strong client service orientation
• Bi/multi-lingual a plus.
Must have skills        
3-5 years in development (Java or .Net), 2 years in security – overall 5+ years / Bachelors /
Nice to have skills      
SAST, DAST and fuzz testing tools / CISSP or other security certifications

Mohammed Nikhat
Sr. Technical Recruiter | 650-249-3768

Principal Info Security Analyst

Client: Informatica
Job Title: Principal Info Security Analyst
Job ID: 6789697
Location: Redwood City, CA
Duration: Contract

Job Description:
  • Able to operationalize processes to drive a robust security architecture.
  • Work closely with IT, Product development and architecture teams to guide security direction and solutions in alignment with Industry best practices.
  • Hands on experience with deploying security solutions in on premise and public cloud environments.
  • Can architect, deploy, enhance, orchestrate, automate and operationalize information security capabilities for the enterprise network.
  • Perform detailed analysis of threats during the incident process, combining sound analytical skills with advanced knowledge of IT security and network threats.
  • Participate in knowledge sharing with other Analysts and writing technical articles for internal knowledge bases.
Must-Haves:
  • Strong in operational processes.
  • Security Operations Center experience a plus.
  • Strong scripting experience.
  • Experience in any of the public clouds – AWS, Azure, is a plus.
  • Proven leadership skills; communication, issue resolution and performance management.
  • Flexible to switch between tactical activities, and engineering initiatives.
  • Security certifications are a plus (CISSP, CISM, CISA, SANS, Security+, etc)

Juhi Dholakia
Technical Recruiter
Office: 510-338-9466

Cyber Threat Intelligence Analyst

Responsibilities
The Cyber Threat Intelligence Analyst Role is a position providing an opportunity to work in a fast paced collaborative environment defending Verizon from current and future cyber threats. This position plays a critical role in Verizon’s enterprise computing defense. Analysts must be agile, willing to learn, and able to think outside of the box in order to operate effectively in an ever changing threat landscape.
Responsibilities:
  •  Processes both internal and external Cyber Threat Intelligence for determination of impact, hunting to determine scope, and implementation of mitigations to defend Verizon’s enterprise
  •  Recommends new intel feeds and changes to current feed intake
  •  Process both internal and external Cyber Threat Intel for determination of potential threat and impact, hunting to determine potential scope, and implementation of mitigations to defend Verizon’s enterprise; this includes reports from law enforcement, security researchers, industry leaders and governmental agencies.
  •  Conduct pivoting analysis on Threat Intelligence to identify current impact or proactively process mitigations for defense through security technologies and proactive mitigations including zero-day patching identification, anomalous behavior, and recommendations of remediation action
  •  Develop, create, and drive current and new reporting methods of Intelligence analysis to peers and leadership teams for purposes of situational awareness and making Intelligence actionable
  •  Support junior team members in methods to process tactical mitigations based on results of analysis and determination of threat validity
  •  Drive support for the Threat Management Center during incident response and threat monitoring activities to include intelligence context and analysis support, provide industry expertise and recommend relevant remediation and countermeasures
  •  Conduct trending and correlation of cyber intelligence for the purposes of attribution and establish strategic countermeasures to increase Verizon’s defenses, including customized signatures, in-house identified indicators of compromise and behaviors associated with targeted behavior, with support from the Threat Monitoring team
Qualifications
Must have:
  • Associate’s degree or two or more years of work experience
  • Two or more years of relevant work experience
Ideally, you’ll also have:
  • Previous Information Assurance or Cyber Experience in the Telecommunications industry
  • Previous experience working in a Security Operations Center or Intelligence Function with focus on Computer Network Defense
  • Previous experience working with SIEM technologies (i.e. Splunk)
  • Previous experience working with hunting tools and technologies
  • Fundamentals of Mobile Platforms: Windows Phone, iOS, Android
  • Understanding of Networking (including the OSI Model, TCP/IP, DNS, HTTP, SMTP)
  • Previous experience with Malware Reverse Engineering
  • Previous experience with Threat Intelligence Tools and Platforms
  • Previous experience in Cyber Intelligence or related disciplines
  • Previous experience with Malware analysis (automated, static, and dynamic)
  • Demonstrates knowledge and understanding of cyber risks and threat intelligence related to cyber attackers
  • Strong communication and presentation skills along with the ability to work in a highly collaborative environment
  • Strong relationship skills and collaborative style to enable success across multiple partners
  • Demonstrates effective organizational and technical skills
  • Effective verbal and written communication skills
  • Ability to write intelligence and technical articles for knowledge sharing
  • Bachelor degree in a related discipline
  • Three or more years of professional experience. This job role is considered experienced, but still a learner with influencing responsibility on junior team members.
  • Related Certification (A+, Network+, and/or Security+) a plus
  • Ability to comply with any regulatory requirements
  • Manages multiple priorities in a high pressure environment
  • Exhibit initiative, follow-up and follow through with commitments

Principal Information Security Analyst



Job Title: Principal Information Security Analyst contract position

Company: Consultant Specialist, Inc.

Location: Redwood City, CA
W2 Only 
3-6 Months 

Principal Information Security Analyst 

High Level Responsibilities: 
• Able to operationalize processes to drive a robust security architecture. 
• Work closely with IT, Product development and architecture teams to guide security direction and solutions in alignment with Industry best practices. 
• Hands on experience with deploying security solutions in on-premise and public cloud environments. 
• Can architect, deploy, enhance, orchestrate, automate and operationalize information security capabilities for the enterprise network. 
• Perform detailed analysis of threats during the incident process, combining sound analytical skills with advanced knowledge of IT security and network threats. 
• Participate in knowledge sharing with other Analysts and writing technical articles for internal knowledge bases. 

Must-Haves: 
• Strong in operational processes. 
• Security Operations Center experience a plus. 
• Strong scripting experience. 
• Experience in any of the public clouds – AWS, Azure, is a plus. 
• Proven leadership skills; communication, issue resolution and performance management. 
• Flexible to switch between tactical activities, and engineering initiatives. 
• Security certifications are a plus (CISSP, CISM, CISA, SANS, Security+, etc) 

Jackie Felipe 
Sr. IT Technical Recruiter 
CSI 
jfelipe@csi-it.com