Tuesday, July 18, 2017

Information Security Specialist

Job title: Information Security Specialist
Location: Foster City CA 94404
Duration: One year, manager is looking for this to be a 2 year role for the right candidate.

Must have skills        
Learning new things – raw ability is prized over experience. We are doing things nobody else has done / Software security – OWASP top 10, CWE, etc. / experience in C and C++ / System administration & interoperability tasks – i.e. able to quickly learn how to use different operating systems, terminal clients, etc.
Nice to have skills     
Experience with mainframes / Static analysis tools / Porting software, especially C/C++ code – or writing cross-platform C/C++ code / Cross-compilation experience / Consulting style experience – that is, going into engagements knowing nothing about the environment, and not panicking because you know you can learn on the fly – booking meetings, interviewing key people, and finding out what you need to learn.
Information Security Specialist, focus on Card Network Processing

We are looking for a security engineer to work in our Foster City office to support Visa’s (Credit Card) Network Processing and Debit Processing Systems.

Visa has a large number of extremely complex systems that process credit and debit cards that represent the core of the business. Some of them are very large, some of them are very old, and some of them are on platforms you probably haven’t learned about or in languages you don’t yet know. However they need to be reviewed for security vulnerabilities, just like everything else, especially as we are exposing them to the outside world more. We are pioneering new techniques for doing automated analysis on these platforms and languages, and might be the first in the world.

I am looking for someone with an attention to detail, methodical, who keeps track of numerous projects well, and can be given a task of reviewing a new platform, language and code-base for security problems and can self-study to learn to do it without needing much direction. You will experience some concern from time-to-time that you will not be able to learn something, and be willing to keep doing it until it succumbs because you will be doing some things that nobody has done before.

You will be doing one or more of these tasks, with a goal of learning to do all of them:
1)         Handling the scoping calls and initial triage of security assessments
2)         Performing architecture documentation reviews, or manual reviews of source code
3)         Onboarding systems for automated scans
4)         Analyzing the results of the automated scans (vuln triage)
5)         Developing techniques for automating analysis of unusual platforms and languages

You’re good at:
1)         Learning new things – raw ability is prized over experience. We are doing things nobody else has done.
2)         Software security – OWASP top 10, CWE, etc.
3)         C and C++
4)         System administration & interoperability tasks – i.e. able to quickly learn how to use different operating systems, terminal clients, etc.

Extra credit:
1)         Experience with mainframes
2)         Static analysis tools
3)         Porting software, especially C/C++ code – or writing cross-platform C/C++ code
4)         Cross-compilation experience
5)         Consulting style experience – that is, going into engagements knowing nothing about the environment, and not panicking because you know you can learn on the fly – booking meetings, interviewing key people, and finding out what you need to learn.


Mohammed Nikhat
Sr. Technical Recruiter | 650-249-3768