Monday, July 31, 2017

Security and Risk Analyst

Job Title: Security and Risk Analyst III -3600
Location: Foster City, CA
Duration: 2+ Months

Need an experience SIEM engineer who is experienced with creating and tuning content in HPE ArcSight.

·         Manages an area of the IT Security and Risk Management Program that impacts multiple departments internal and external to IT, sets goals and objectives, tracks and communicates status, acts as spokesperson to business partners and colleagues on program subject area.
·         Identifies security processes and standards across IT that would benefit from improvement.
·         Proposes new standards, tools, policies and procedures to improve security, compliance and risk management activities. Benchmarks innovative solutions as a method of monitoring progression to ensure value is being created and is consistent with organizational goals, objectives and standards.
·         Leads the security design of projects that entail large risk and wide spread implications to the business Reports status on activities, issues, projects, etc to senior IT management, including the effectiveness and efficiency of security activities Works with IT, Quality Assurance, and business colleagues to ensure audit readiness, and to prepare for internal and external audits Reviews security documents and project artifacts for complex situations Assesses and manages compliance risks across the organization, escalating to senior management as necessary.


Rohit Varma
Technical  Recruiter
PT Systems
Phone: 650-200-1235

Friday, July 28, 2017

Security Engineer

CLIENT is currently seeking an Security Engineer, to join our CLIENT Technology Organization.

Montvale, NJ
NYC
St. Louis
Dallas
Seal Beach, CA
Grand Rapids
Tyson Tower, VA

Responsibilities:
  • Define security monitoring use cases and develop and tune supporting content for security tools (e.g. dashboards, alerts, reports, rules), including but not limited to the configuration and monitor security information and event management (SIEM) platform and endpoint detection tools for security alerts
  • Provide support to CSIRT, as needed, to assist analysts with detection and response to IT security incidents
  • Support all phases of incident response life cycle: analysis, containment, eradication, remediation, recovery through development of content / automation tools
  • Monitor for external threats, assessing risk to the CLIENT environment and support risk mitigation and response activities
  • Evaluate external threat intelligence sources related to zero day attacks, exploit kits and malware to determine organizational risk and improve threat detection rules
  • Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace, as well as evolving threats
 
Qualifications:
  • Minimum of three years of security monitoring experience utilizing scripting, Unix and open source security tools in an enterprise environment
  • Bachelor's degree from an accredited college or university
  • Functional knowledge in shell/bash scripting and/or Python
  • Understanding of network and system intrusion and detection methods and mitigation techniques
  • Hands on network and systems administration skills with Linux and Windows, including Active Directory competence; Splunk experience a plus
 
Conor
............................

Princeton Information
100 Harborside Financial Center, 11th Floor
Jersey City, NJ 07311
201-604-9900

Thursday, July 27, 2017

IT Security Analyst

Job Title: Rose Opening # : 262301 - Job Title : IT Security Analyst 
Company: Rose International 

Position Title: IT Security Analyst 
Position Number: 262301 
Location: San Francisco, CA 
Desired Skill Set: 
CISSP, DNS, Firewall, Risk Management, Security 
Position Description: 
Location: San Francisco, CA 94103 
Duration: 12 months 

Information Security Analyst – Intermediate 
***Top 5 qualifications: 
- CISSP Certified 
- Experience in vendor security risk assessments and/or security compliance 
- Self-directed 
- Sees security as a business enabler and can work well in support of our business objectives 

Position Overview: 
Seeking an Information Security Specialist - Security Risk Assessments (SRA). This position is accountable for conducting risk assessments, project consulting, documenting security patterns and supporting the implementation of security solutions to protect the Corporation, across the global IT environment. This Information Security Specialist will also support the implementation and ongoing maintenance of the Information Security Policy & Compliance program. The Policy & Compliance function provides oversight of IT regulatory requirements, manages the policy governance landscape, interfaces with senior members and leaders across organizations, performs project consulting, and assists in information risk management. 

What You Will Do: 
• Perform Risk Assessments, Vendor Assessments, and documentation of recommendations. 
• Partnering with other IT and Business Teams to ensure understanding of and alignment with their business goals. 
• Drive collaboration with other IT and global functions. 
• Documentation of security patterns, design packages, risk assessments, standards, etc. 
• Ability to execute on a strategy, meet timeline deliverables, and ensure implementation and transition to operational support. 

Basic Qualifications: 
• CISSP or equivalent experience 
• Knowledge and/or experience with at least 3 of the following technologies: Firewalls, Intrusion Prevention, Vulnerability Scanning, Data Loss Prevention, Email Security, Endpoint Security, DNS, Web Content Filtering, SEIM, AV, Certificate Authority, encryption, and application security tools. 
• Knowledge and experience with Risk Assessment methodologies. 
• Strong foundational knowledge of all domains of security 

Preferred Qualifications: 
• Applied knowledge of 3rd party security architecture models and assessment models 
• Applied experience with information security policy and standard development and enforcement. 


Abhishek Kumar 
Recruiter 
Phone: (636) 812-4000, Ext.: 6557 | Fax: (636) 812-0078 
E-mail: abskumar@roseint.com 
www.roseIT.com 

Tuesday, July 25, 2017

SIEM Engineer

Job Req #: 17-06833
Job Description: SIEM Engineer
Location: Foster City, CA
Position Type: Contract


***U.S. Citizens, Green Card Holders, and those authorized to work in the U.S. for any employer will be considered.  We are unable to sponsor or transfer visas at this time.***

Pharmaceutical company needs an experience SIEM Engineer who is experienced with creating and tuning content in HPE ArcSight.

Description:

  • Manages an area of the IT Security and Risk Management Program that impacts multiple departments internal and external to IT, sets goals and objectives, tracks and communicates status, acts as spokesperson to business partners and colleagues on program subject area.
  • Identifies security processes and standards across IT that would benefit from improvement.
  • Proposes new standards, tools, policies and procedures to improve security, compliance and risk management activities.
  • Benchmarks innovative solutions as a method of monitoring progression to ensure value is being created and is consistent with organizational goals, objectives and standards.
  • Leads the security design of projects that entail large risk and widespread implications to the business.
  • Reports status on activities, issues, projects, etc to senior IT management, including the effectiveness and efficiency of security activities.
  • Works with IT, Quality Assurance, and business colleagues to ensure audit readiness, and to prepare for internal and external audits. Reviews security documents and project artifacts for complex situations.
  • Assesses and manages compliance risks across the organization, escalating to senior management as necessary.

Jeannette Odiorne
Recruiter

Ascent 
Linking Talent with Opportunity

Direct: (303) 694-5498
Cell:
Email: jodiorne@ascentsg.com

8055 E Tufts Ave Suite 100
Denver, CO  80237

Lead Information Security Engineer

Location: San Luis Obispo, California

Duration: Permanent Role
Position: Lead Information Security Engineer

Compensation Range: $100K - $140K Base with %10 Bonus

Relocation: Will Relocate
Job Description:       
Our client is looking for a Lead Information Security Engineer out of San Luis Obispo, California. The candidate would have the opportunity to join a team and enjoyable place to work with competitive benefits, a healthy work/life balance, and a friendly, casual culture.
How You'll Contribute
  • Analyzing, troubleshooting, and investigating security-related, system issues on security platform reporting, network traffic, log files, host-based and automated security alerts.
  • Maintaining, configuring, and analyzing network and host-based security platforms.
  • Identify security issues and risks, and develop mitigation plans.
  • Implement, support, and evaluate security-focused tools and services including project leadership roles.
  • Mentor junior members of the team.
  • Participate in security compliance efforts (e.g., PCI, DSS, SOX)
  • Acquisition and vendor risk assessment due diligence.
  • Evaluate and recommend new and emerging security products and technologies.
  • Participate in tier 2 and tier 3 security operations support.
  • Participate in incident handling.
  • Participate in projects that develop new intellectual property.
  • Evangelize security within Company and be an advocate for customer trust.
  • Maintain and update relevant system and process documentation and develop ad-hoc reports as needed.
  • Provide reoccurring reports for network and host-based security solutions.
  • Experienced with the development of security tool requirements, trials, and evaluations, as well as security operations procedures and processes.
  • Provide off-hours support on an infrequent, but as needed basis.
  • Successfully manage time and technical responsibilities, set accurate expectations and meet deliverable deadlines while working in a team environment.
Strategy&Planning:
  • Evaluate documented resolutions and analyze trends for ways to prevent future problems.
  • Research and recommend innovative, and where possible, automated approaches for system administration tasks.
  • Identify approaches to solutions that leverage our resources and provide economies of scale.
  • Keep current with the latest technologies.
What You'll Bring
  • A minimum of 3-5 years IT experience; at least three of those years focused on IT security, infrastructure or application level vulnerability testing and auditing, and/or network security.
  • Experience with some or all of the following: TCP/IP | OSI Model, system logs (WMI, syslog, etc.), antivirus, IDS/IPS, packet analysis, configuration standards, Group Policy, Vulnerability analysis, Event Correlation, Forensics, IDS/IPS rule sets and signature creation, web application security, pen-testing, reverse engineering, Honeypots, IOC, advanced threat detection, code analysis. Data Loss Prevention (DLP), Log Indexing and Correlation platform, Network Access Control (NAC), Physical access control systems.
  • Experience using Microsoft Office and Visio to create documents, presentations, and detailed drawings.
  • Comfortable working on both Linux-based, MS Windows-based and OSX-based system platforms with a strong IT technical understanding and aptitude for analytical problem solving.
  • Strong understanding of enterprise, network, system and application level security issues.
  • Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks.
  • Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
  • Understanding of the system hardening processes, tools, guidelines and benchmarks.
  • Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security - Basic knowledge of Linux, Windows, OSX systems
  • Knowledge of Networking fundamentals.
  • Working knowledge of a range of diagnostic utilities.
  • Exceptional written and oral communication skills.
  • Exceptional interpersonal skills, with a focus on rapport-building, listening, and questioning skills.
  • Strong documentation skills.
  • Experience integrating Windows services with Unix/Linux environments is strongly desired.
  • Bachelor’s degree in Computer Science, Information Technology or related field or a combination of education and experience.
  • Network and Security related certifications highly desired.
Other skills:
  • Ability to conduct research into a wide range of computing issues as required. 
  • Ability to absorb and retain information quickly.
  • Ability to present ideas in user-friendly language.
  • Highly self-motivated and directed.
  • Keen attention to detail.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Exceptional customer service orientation.
  • Experience working in a team-oriented, collaborative environment.
  • Have a strong desire to learn continually and grow professionally.
Qualifications:
What We Offer
This is an exciting time in our history. With investments in our people, technology and new business markets, we are redefining the role and purpose of a credit bureau. We are acquiring new businesses, launching new products, and expanding our services to businesses and consumers worldwide.
The future has never looked brighter for our associates. We work hard to offer our team members meaningful work experiences to promote professional growth, and to provide an enjoyable place to work with competitive benefits, a healthy work/life balance, and a friendly, casual culture.


Adam Kemp

Friday, July 21, 2017

Security Analyst

Security Analyst 
Foster City, CA
Contract

Need an experienced SIEM engineer who is experienced with creating and tuning content in HPE ArcSight.

·         Manages an area of the IT Security and Risk Management Program that impacts multiple departments internal and external to IT, sets goals and objectives, tracks and communicates status, acts as spokesperson to business partners and colleagues on program subject area.
·         Identifies security processes and standards across IT that would benefit from improvement.
·         Benchmarks innovative solutions as a method of monitoring progression to ensure value is being created and is consistent with organizational goals, objectives and standards.
·         Leads the security design of projects that entail large risk and widespread implications to the business
·         Reports status on activities, issues, projects, etc to senior IT management, including the effectiveness and efficiency of security activities
·         Works with IT, Quality Assurance, and business colleagues to ensure audit readiness, and to prepare for internal and external audits
·         Reviews security documents and project artifacts for complex situations
·         Assesses and manages compliance risks across the organization, escalating to senior management as necessary.



Tulika Sharma
Netpace, Inc
A Certified MBE Company

Wednesday, July 19, 2017

Java Developer

Fortune 500 Company
9 month contract, can be extended
Java Developer

no corp. to corp.


MUST HAVE: 
Recent client EXPERIENCE as JAVA DEVELOPER. 

RECENT EXPERIENCE WITH
J2EE AND RELATED TECH. 
JAVA JDK, 
JENKINS, 
JMETER, 
MAVEN, 
REST, 
UNIX & UNIX - ALL VARIETIES, 
UNIX SHELL SCRIPTING,
Docker
Open Source Experience

EXPERIENCE IN 
• Testing – Writing Unit and Regression Test Cases to check REST SERVICES 
• Performance Testing (Writing JMeter tests and parsing results
• Release Management (Doing deployments and releases using Jenkins and Maven and maintaining the documentation)
• Continuous Integration and Continuous Deployment (Maintain and upgrade Jenkins jobs to continuously build and deploy and test whenever code changes are made and also on a periodic schedule, this involves bash scripting and a good knowledge of Unix commands.

PREFERRED SKILLS: 
• Kubernetes
• Camunda 
• Software Manager (SWM)
 

Christina Partap
Recruiter
Axelon Services Corporation
44 Wall Street 18th Floor

New York, NY 10005
Phone: (212) 306-0128
Fax  : (212) 306-0191
christina.partap@axelon.com

Sr. Information Security

JOB DESCRIPTION:
Tittle: Sr. Information Security
Location: McLean, VA
Duration: Full-time

SKILLS:
• 5-7 years of professional IT experience, with at least 3 years of information security experience
• The role will require strong system administration experience along with knowledge of management and support of identity and access management infrastructure.
• Experience with Security products in a senior role including experience with policy configuration, application integration and firmware deployment
• Exceptional organizational skills with an ability to manage multiple priorities in a fast-paced dynamic environment.
• Must have a good working knowledge of Java and ability to fix issues identified in logs and other error messages.
• Possess in-depth knowledge of Linux and other Unix like operating systems.
• Intermediate to advance knowledge on scripting such as Perl and Unix shell.
• Intermediate to advance knowledge on database query languages such as PL SQL, MS SQL.
• Experience with Web Logic, Tomcat, Apache administration.


Lokesh Reddy

Tuesday, July 18, 2017

Security Engineer

Physical Security Engineer with SQL backend experience.
Client: WWT
San Francisco, CA

Responsible for the working on various physical security systems and working with vendors to implement and test SQL scripting.  Primary responsibilities will be to work with Physical security vendors on back office SQL scripting and patching of various physical security systems.
 Modification to systems using SQL scripts from the vendor and working with the vendors.
  • Vendors will produce SQL scripts and this person will implement, test, move to production and provide troubleshooting and escalate to various vendors.
Requirements
  • 5+ years of recent experience working with physical security principles and/or access control/intrusion detection and CCTV surveillance systems. 
  • Experience with one or more of the following – AMAG, Quantium, Genetec
  • Experience working with product vendors on SQL back office scripting.
  • Implementation and testing of SQL scripting



Pranshu shukla
e-Solutions Inc.
2 N. Market St., #400, San Jose, CA, 95113
Tel (US): 408-722-9428

Senior Incident Response Analyst

Key Responsibilities:
Senior Incident Response Analyst
Shift is Wednesday-Saturday
Candidate will work during the 2nd Shift, which operates 2PM-12AM

Job Description

A Security Analyst participates in monitoring and response activities and is directly responsible for responding to security events. He/She provides a front line during security incidents, establishing the extent of the threat, business impacts and then advising and performing the most suitable course of action to contain and remedy the incident. A Security Analyst maintains a good knowledge of the threat landscape, helps enhance current capabilities and provides support in the identification of new methods of detecting threats. He/She performs initial analysis and triage of security events using analytical skills and advanced knowledge of IT security and network threats.

The candidate will work during the 2nd Shift, which operates 2PM-12AM
Must be open to 2nd and 3rd Shift work

Qualifications
Minimum two years of IT security experience or 4 years of related college degree
Excellent oral and written communication skills
Ability to be on-call on a recurring basis
Ability to take initiative and ownership of incidents from reporting to resolution
Ability to understand business impact

Responsibilities
Building a threat portal
Responsible for taking action on alerts, events, and incidents.
Triages incidents, their priority and the need for escalation.
Investigates potential escalations regarding various attack types
Monitoring for emerging threat patterns and vulnerabilities.
Assists with patching recommendations and workarounds for zero-day threats.
Coordinates with other external stakeholders.
Communicates with management on incident updates.
Able to run down an incident from start to finish if low to medium priority without supervision.

Skills and Experience
Experienced in performing basic- and medium-level forensic analysis on Windows and UNIX systems.
Identify and evaluate malware-related compromise artifacts.
Possesses understanding of the areas of network systems engineering, computing systems and software applications.
Demonstrates prior experience using network analysis tools, scripting languages including UNIX command line utilities, software vulnerabilities, exploits and malware.
Experience working in a high volume and results-oriented operational environment.
Ability to mitigate command and control attempts by recommending defensive technology configurations.
Interacting with vendors to support proof of concepts.

One or more of the following certifications:
GIAC Security Essentials (GSEC)
GIAC Certified Intrusion Analyst (GCIA)
EC-Council Certified Ethical Hacker (CEH)
Systems Security Certified Practitioner (SSCP)
Security+


Timothy Wyse
DIVERSANT LLC
Technical Recruiter
5555 Glenridge Connector Suite 825
Atlanta, GA 30342
twyse@diversant.com
(470) 233-7518

Information Security Specialist

Job title: Information Security Specialist
Location: Foster City CA 94404
Duration: One year, manager is looking for this to be a 2 year role for the right candidate.

Must have skills        
Learning new things – raw ability is prized over experience. We are doing things nobody else has done / Software security – OWASP top 10, CWE, etc. / experience in C and C++ / System administration & interoperability tasks – i.e. able to quickly learn how to use different operating systems, terminal clients, etc.
Nice to have skills     
Experience with mainframes / Static analysis tools / Porting software, especially C/C++ code – or writing cross-platform C/C++ code / Cross-compilation experience / Consulting style experience – that is, going into engagements knowing nothing about the environment, and not panicking because you know you can learn on the fly – booking meetings, interviewing key people, and finding out what you need to learn.
Information Security Specialist, focus on Card Network Processing

We are looking for a security engineer to work in our Foster City office to support Visa’s (Credit Card) Network Processing and Debit Processing Systems.

Visa has a large number of extremely complex systems that process credit and debit cards that represent the core of the business. Some of them are very large, some of them are very old, and some of them are on platforms you probably haven’t learned about or in languages you don’t yet know. However they need to be reviewed for security vulnerabilities, just like everything else, especially as we are exposing them to the outside world more. We are pioneering new techniques for doing automated analysis on these platforms and languages, and might be the first in the world.

I am looking for someone with an attention to detail, methodical, who keeps track of numerous projects well, and can be given a task of reviewing a new platform, language and code-base for security problems and can self-study to learn to do it without needing much direction. You will experience some concern from time-to-time that you will not be able to learn something, and be willing to keep doing it until it succumbs because you will be doing some things that nobody has done before.

You will be doing one or more of these tasks, with a goal of learning to do all of them:
1)         Handling the scoping calls and initial triage of security assessments
2)         Performing architecture documentation reviews, or manual reviews of source code
3)         Onboarding systems for automated scans
4)         Analyzing the results of the automated scans (vuln triage)
5)         Developing techniques for automating analysis of unusual platforms and languages

You’re good at:
1)         Learning new things – raw ability is prized over experience. We are doing things nobody else has done.
2)         Software security – OWASP top 10, CWE, etc.
3)         C and C++
4)         System administration & interoperability tasks – i.e. able to quickly learn how to use different operating systems, terminal clients, etc.

Extra credit:
1)         Experience with mainframes
2)         Static analysis tools
3)         Porting software, especially C/C++ code – or writing cross-platform C/C++ code
4)         Cross-compilation experience
5)         Consulting style experience – that is, going into engagements knowing nothing about the environment, and not panicking because you know you can learn on the fly – booking meetings, interviewing key people, and finding out what you need to learn.


Mohammed Nikhat
Sr. Technical Recruiter | 650-249-3768

Monday, July 17, 2017

Network Engineer

Job Title: Network Engineer
Location: Washington, DC, United States
Duration: Full Time

Job Description:
  • HP ArcSight Administration
  • SIEM Operations
  • HP ArcSight Content development  corelation rules and policy orchestartion
  • QualysGuard Vulnerability management
  • Qualysguard administration
  • VA operations, scan rules etc.
  • Genereal Role and Responsibilities
  • Use Case Requirement gathering,
  • Dataset and Datafield mapping
  • Anomaly identification
  • Maintaining and managing the threat intelligence platform
  • Threat briefings to Client
  • Incident Response
  • Management and configuration of Vulnerability Management (VM) platform
  • Scheduling and running Infrastructure
  • Preparing security advisories and defining the severity levels for the vulnerabilities
  • Scanning, validation and reporting of vulnerabilities on daily and monthly basis
  • Preparing monthly security reports for the management

ArcSight Content Development:
  • Log Sanity and Operational Assessment
  • Development of Fraud Monitoring rules
  • Development of Cloud Monitoring rules
  • Generate and Schedule Adhoc reports
  • Development of use cases for security monitoring
  • Fine tuning the use cases and improve on the alerting mechanism
  • Participate in new integrations with ArcSight and determine effective ways for ingesting the logs in SIEM.
 
Rohit Kumar Singh
 
eTeam Inc
1001 Durham Avenue Suite 201
South Plainfieldnjnjnj, NJ, 07080

Thursday, July 13, 2017

Sr. Security Engineer

Job Title: Sr. Security Engineer
Location: Bellevue WA
Duration: 15 Months
Client: TMobile

Sr. Security Engineer
Project/Team:
This team ultimately falls within the CIS division, under their Security Engineering org. This team of 6 engineers will work exclusively on the Universe 2.0 project (Largest project in T-Mobile history). Typically security engineers consult on a wide variety of projects across the organization, but for this project this is the only project they will be focused on for 15 months. They will be able to build relationships with the business and occasionally sit with them to build rapport. 

They will consult with the U2 teams to make sure they are following security best practices, evangelize security, and that they are compliant to guidelines- PCI, NIST, etc. 
They need engineers in the following skill sets: 

Front end- Applications, Care, UI, POS, retailers, IDM
Middleware- Tibco, MicroServices, IAM, Apigee, Active Directory (needs someone super technical with cutting edge technologies) 
Back Office- Payments, customer financing, Accounting, Commissions
Team Lead (Principal level)- This person will work with Ericsson and SAP. 

Other skill sets or areas they would like: Cloud, Big Data, Telco Network security.

SR. SECURITY ENGINEER SKILLS & RESPONSIBILITIES
* Act as a trusted technical advisor with key security stakeholders at all levels of the organization for a variety of information security projects that arise from current business and technological developments
* Hands-on experience supporting network, operating system, database, application & data layers across multiple platforms and technologies
* Ability to assess risks and provide innovative countermeasures and solutions that appropriately balance security and business requirements
* Ability to step into an uncontrolled space and bring security structure
* Provide guidance to security analysts, PMs, business partners and IT leadership when new projects are introduced to the business or new risks are identified

Sr Security Engineer
* Ability to consult internally with Sr. Engineers (Application, Network, DevOps) to apply security principles and best practices that meet business objectives
* Experience controlling the threat surface area, identifying attack vectors, vulnerabilities and establishing appropriate controls. Can build a threat model
* Evaluation & assessment of compliance to a regulation, law or policy using industry standard methodologies (ISO27001, COBIT, NIST, etc.) in an enterprise environment

INTERNAL TOOLS
* Evaluate, recommend, and implement commercial hardware and software security products to augment and enhance the Company enterprise security program
* Hands-on experience installing, configuring, and supporting security related hardware and software such as Certificate Management, Remote Connection, Network Protection, Data Loss Prevention, File Integrity Monitoring, Security Auditing & Logging, and Vulnerability Management
* Ability to learn a new technology and drive it from ideation through deployment and integration to fully automated and operationalized
* Ability to automate basic integration, data collection, scripting and reporting tasks via secure coding standards
TEAMMATE
* Ability to work on multiple tasks simultaneously, set priorities, communicate delivery expectations, and meet deadlines
* Innovative, collaborative and able to solve problems independently
* Able to work within the team to build measurable, repeatable processes
* Strong verbal and written communication skills


Hussain
(BDM)
34405 W 12 Mile Rd, Suite #137, Farmington Hills, MI 48331.