Wednesday, August 16, 2017

Security Consultant positions

Security Architect
Location : US-CA-San Francisco
More information about this job:
Summary:
The Sr Principal Security Architect develops and maintains an information security strategy for Esurance, ensures the strategy is in line with industry best practices, and ensures information security is prioritized across the company for all applications and processes. The Sr Principal Security Architect develops relationships with internal and external experts in the field of Information Security.
Responsibilities:
  • Develops and drives implementation of the Information Security strategy.
  • Defines Information Security project roadmap and assists in security project prioritization.
  • Functions as the lead internal security expert, and provides cross functional view of security for all teams.
  • Ensures information security is addressed as a business issue across the company and provides overall coordination and management of all security activities within the company.
  • Develops and maintains relationships with business partner and external organizations to understand their business requirements and offer security solutions.
  • Develops and maintains relationships with other industry experts, and participates in public security forums.
  • Develops and implements a framework for security processes, roles, and responsibilities throughout the organization.
  • Participates in the system development cycle to ensure that security issues are taken into account and addressed early.
  • Leads information security training strategy for employees, contractors, partners, and other third parties as appropriate.
  • Monitors compliance with the organization's information security policies and procedures among employees, contractors, partners, and other third parties; resolves potential issues as needed.
  • Performs information security risk assessments.
  • Serves as a resource cross-functionally to share security insights and best practices with teams across the company.
  • Monitors changes in legislation and accreditation standards that affect the Information Security program.
  • Mentors and guides the work of technical security staff.
Qualifications:
  • Expert in the principles and techniques of security risk analysis and demonstrated understanding of the management issues involved in implementing security processes and a security-aware culture in a corporate environment
  • Participates in Information Security public forums and contributes to industry best practices.
  • Hands on experience with broad range of information security technology (network, infrastructure, end-point, monitoring, vulnerability management, and application).
  • Excellent communications (verbal and written), change management skills and ability to operate effectively in a fast-paced environment
  • Experience with M&A and track record of rapidly integrating acquired businesses in a secure manner
  • Knowledge of security regulatory requirements for insurance industry as well as PCI DSS
  • Knowledge of SEI's CMMI (http:
    //www.sei.cmu.edu/cmmi/) model for secure software development
  • Proven ability to effectively lead and meet business objectives in a highly global, collaborative and high performance work environment
  • Ability to influence others where there is no direct authority.
  • Background and style that elicits respect in the organization through management style, technical depth, customer service and results.
  • Strong business/relevant industry acumen with the ability to quickly articulate alternative methods to secure business that does not overly constrain the ability to be competitive in a rapidly changing business climate
  • Hands on leadership style and ability to balance the need to expand business into new markets and ensure appropriate security controls are in place.
  • Ability to ?roll up sleeves? and perform wide variety of information security tasks.
  • Excellent leadership skills and ability to lead organization through rapid change.

    Experience / Education:
  • BS degree in computer science, engineering or related field required, MBA desirable
  • Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM)
  • Minimum 13 years experience implementing security solutions and processes
  • Minimum 11 years experience with Network Security technologies
  • 5+ years previous management role in information security organization

Senior Security Engineer
Location : US-CA-San Francisco
More information about this job:
Summary:
Esurance is hiring a Senior Security Engineer to join our Info Sec team in our San Francisco, CA Corporate office.  As the Senior Security Engineer you will be a member of the IT Security team and will maintain the security posture of Esurance applications, services and infrastructure in order to protect against security threats including intrusions, malware, system-level breaches, unauthorized access, insider attacks and loss of proprietary information. As the Senior Security Engineer you will be on call for off-hour support as part of an on-call rotation and will be required to travel within the continental Unites States as needed.
Responsibilities:
  • Proactively works with IT and the business to identify security risks and implement practices that meet standards for information security.
  • Security Architecture - Architects security solutions and technically leads their implementation from end to end.
  • Security Incident Response - Oversees threat management and security incident handling, including the coordination of investigations and reporting of security incidents to management, in alignment with business needs and regulatory requirements.
  • Implementation of Security Controls ? Designs and implements controls to meet Esurance security and compliance needs.
  • Log Review - Reviews consolidated system logs and other audit trails on a regular basis for indications of attacks.
  • Vulnerability Management ? Works with Esurance development and infrastructure teams to identify and remediate application- and infrastructure-related vulnerabilities.
  • Security Expertise ? Serves as a resource cross-functionally to share security insight and best practices with teams across the company.
  • Security Governance - Develops Information Security Policies, Standards, Procedures and best practices to support Esurance?s security control framework
  • Security Due Diligence - Ensures that security is factored into the evaluation, selection, and configuration of hardware, applications and software.
  • Security Assessments - Conducts third party security assessments as required.
  • Compliance - Ensures compliance to Esurance control framework and best practices through continuous monitoring and gap analysis. Provides support and guidance for legal and regulatory compliance efforts, including audit support.
  • Security Awareness - Promotes information security awareness and develops information security as a core competency throughout the company.
  • Security Monitoring - Ensures audit trails, systems logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
  • Evolution and Skill Enhancement - Stays current with security technologies and threats by monitoring vendor and industry publications and attending training.
Qualifications:
  • Security engineering experience, including experience implementing encryption, intrusion detection, network security, multiple operating systems (Windows, Linux, etc.), directory services (Active Directory, LDAP), Virtualization Security, Security Information and Event Management (SIEM) tools and log management, web application and network vulnerability scanning, etc.
  • Experience with Network Security technologies including Firewalls, IDS/IPS system, cryptographic systems, identity management systems, RADIUS, and TACACS
  • Ability to work independently as well as a member of a team
  • Ability to articulate security issues in terms of business risk
  • Analytical skill, technical knowledge and practical application of information security at a business and technical level
  • Experience in the Financial Services industry and solid understating of ISO 27001, SOX and Payment Card Industry (PCI) Data Security Standards (PCI DSS) as well as experience in the implementation of controls to mitigate PCI issues
  • CISSP certification is highly desirable

Experience / Education:
  • Bachelor's degree (B.S.) in Computer Science or equivalent job experience
  • Minimum 7 years experience implementing security solutions and processes
  • Minimum 9 years experience with Network Security technologies
Security Engineer
Location : US-CA-San Francisco
More information about this job:
Summary:
The Security Engineer coordinates security responses with and trains engineers from other groups within the IT Function such as the MIS team, the NOCC, Network Engineering and the Production Support organization. This role requires availability for off-hour support and travel within the continental Unites States as needed.
Responsibilities:
  • The primary responsibility of the Security Engineer is information security incident management. This includes:
  • Responds to information security incidents in a quick, effective and orderly manner
  • Monitors systems, alerts and vulnerabilities
  • Collects evidence for administrative follow-up or legal action
  • Conducts postmortems, enhancing controls and training others
  • Analyzes security incidents and reports finding to management
  • Documents and maintains the following types of procedures:
  • Recovery procedures that address specific classes of security incidents such as malicious code, denial of service attacks, breaches of confidentiality and internal misuse of information systems
  • Contingency plans for system recovery that identify the cause of an incident, detail how to contain the threat and identify corrective action for preserving live systems data
  • Guidance on how to collect forensic evidence for civil or criminal proceedings
  • Emergency actions and control procedures that will reduce the likelihood of recurrence
Qualifications:
  • Familiarity with Unix/Linux, Windows Active Directory, OWASP, Network protocols and how to secure them.
  • Familiarity with with Netscreen, , Palo Alto, Checkpoint or other Firewall tecnologies, various IDS/IPS and SEIM systems. Experience implementing information security controls
  • Knowledge of other Security systems such as DLP, Application scanning, or Vulnerability assessment.
  • Demonstrated flexibility in approach and in developing solutions
  • Demonstrated ability to work independently as well as a member of a team
  • Demonstrated analytical skill, technical knowledge and practical application of information security at a business aware and technical level
  • Ability to explain complex IT concepts in non-technical terms
  • Demonstrated flexibility in approach and in developing solutions
  • Experience in the Financial Services industry and solid understating of SOX, PCI and SDP compliance requirement
  • Take charge personality, and the ability to drive a plan to completion
  • CISSP certification is highly desirable. Other industry standard certifications such as MCSE, CCSE, CCNA, CEH, Security+ or SANS also desirable.

    Experience / Education:
  • Bachelor's degree (B.S.) in Computer Science or equivalent job experience
  • Minimum 6 years security experience in implementing security solutions and processes
  • Minimum 10 years experience of implementation and maintenance some of the following IT systems, with a security focus; Windows 2008, 2012 server, Remote Access solutions, SSL/IPSEC VPN services, border routers security, firewalls, IP/VoIP network, DNS, WINS, IP network, TCP/IP, SSL certificates and Intrusion Detection System (IDS), IDS Alerts, and IDS signature upgrades, local and wide area networks

    Physical Demands and Work Environment: Representative of those that must be met by an employee to successfully perform the essential functions of this job. Must be able to operate a PC and sit for extended periods of time. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

ravikirangantela@gmail.com