Friday, September 21, 2018

Web Application Security Test Engineer

Title:                       Web Application Security Test Engineer
Work Location:     Pleasanton, CA
 
Job Description:
 
Scope of Work (SOW) - Web Application Security Test Engineer
  
  
  • The scope of duties for the Web Application Security Test Engineer include, but is not limited to, the following:
  • Acquire complete understanding of SCIF's technology and information systems.
  • Capture and define the security test requirements.
  • Plan, research, and design robust security architecture test strategy for any IT project.
  • Perform vulnerability testing, risk analysis, and security assessments.
  • Research security standards, security systems and authentication protocols with SCIF.
  • Apply testing methodologies and tools to complex applications for finding weaknesses and security vulnerabilities early in the SDLC process.
  • Understanding of Application security principles, risks, attacks, OWASP security guidelines and best practices to perform SAST - Static Application Security Testing, DAST - Dynamic Application Security Testing and IAST - Interactive Application Security Testing.
  • Develop test requirements for Web Applications Security Testing for all releases using automated tools and manual testing.
  • Design test plans for DAST, OWASP Top 10 Most Critical Web Application Security Risks, public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures.
  • Proficiency in Applications Security testing tools like Acunetix Web Vulnerability Scanner / Burp Suite / Fortify WebInspect, Nessus, Nmap and other open source tools.
  • Define, implement and maintain Corporate or Enterprise security policies and procedures
  • Oversee security awareness programs and educational efforts
  • Respond immediately to security-related incidents and provide a thorough post-event analysis.
  • Define all entry points to the system, such as: files, sockets, hypertext transfer protocol (HTTP) requests, named pipes, pluggable activities, protocol handlers, malicious server responses and so on.
Analyze potential threats and risk analysis based on the entry points defined. Example of threats and the methods to analyze them. 

Technical and Demonstrable Skills

The Consultant resource(s) shall possess most of the following skills:
  • At least 5 years' experience doing web application security testing.
  • Exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
  • Ability to flow from black box to gray box to white box tests dependent on client needs.
  • Ability to test a variety of client form factors and technologies based on scopes of work
  • Ability to solve complex technical problems and articulate to non-IT personnel.
  • Ability to effectively provide technical risk assessment of technologies in networks, applications, wireless, social engineering, code reviews and war dialing.
  • Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source tools.
  • Perform, review and analyze security vulnerability data to identify applicability and false positives.
  • Research and develop testing tools, techniques, and process improvements.
  • Create risk based security code reviews (static & dynamic).
  • Conduct penetration testing in line with Open Web application Security project
  • Mentor junior engineers to build their skills and contribution levels
  • Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
  • Support company through the testing and evaluation of new technologies and security controls.
  • Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments.
  • May require the performance of other essential functions depending upon work location or assignment.
  • Experience with dev ops and SIEM tools (ie. Chef, Splunk and Vagrant)
  • Experience with scripting languages (e.g. python, PERL, SQL) a plus
  • Ability to perform below tasks:
    • Dynamic Application Security Testing (DAST)
    • Static Application Security Testing (SAST)
    • Interactive Application Security Testing (IAST)
    • Web Application Penetration Testing
    • Product Security Testing
    • Cloud Application Security Testing
    • Web Services Security Testing
    • Security Code Review
    • Network Security Assessment
  • Security Testing Tools: IBM Appscan, Burp Suite, Tamper Data, Live http Headers, Client Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus

Knowledge
The Consultant resource(s) shall be knowledgeable in most of the following areas:
  • Knowledge and understanding of basic information security principles (eg. OWASP Top Ten)
  • Knowledge of security best practice guidelines (ISO 17799, NIST, etc.)
  • Relevant professional experience including working knowledge of the Penetration Testing.
    • OSI Layers and application protocols
    • TCP/IP networking including IP classes, subnets, multicast, NAT
    • WINS, DNS, and DHCP, Network troubleshooting
    • Microsoft OS and Server technologies
    • Remote access methods
    • Backup and disaster recovery methodologies
    • Patch management technologies and processes
    • Wireless protocols and services
    • Network analysis tools
    • Familiarity with UNIX a plus
  • Application Security and IS certifications is preferred
    • GIAC Certified Web Application Defender (GWEB)
    • Offensive Security Web Expert (OSWE)
    • CISSP, CISM, CISA, CEH, CEPT, GIAC, OSCP
  • Preferred Certifications: 
    * GIAC Certified Web Application Defender (GWEB) 
    * Offensive Security Web Expert (OSWE)

Himesh Gond
Lancesoft Inc
13454 Sunrise Valley Drive, Suite 120, Herndon, VA 20171
Direct:(703) 889-6535 | Fax:(703) 935-0339
HimeshG@LanceSoft.com | www.LanceSoft.com

Firmware engineers

Job title: Firmware engineers/Developers                                           
Location: Milpitas, CA, Irvine, CA & Longmont, CO
Duration: Long Term
 

Positions: 25

Please find JD on the 30 FW positions from customer below:

Your new responsibilities will include, but are not limited to:
  • Identifying and define new innovative product concepts and SSD architectures
  • Maintaining strong technical engineering relationships with ASIC system architects and key technologists to identify and define new innovative memory products
  • Working with Micron technologists, design engineers, and engineering teams to ensure successful implementation and feasibility demonstration of new product concepts
  • Developing new product/Firmware architecture specifications
  • Identifying key industry technical trends and competitive landscapes; Stay abreast of new advanced technology and architecture trends in the market
  • Modeling and analysis of Performance, Power and host driven workloads.
  • Generating Firmware Architecture specifications. 
  • Successful candidates for this position will have:

A Bachelor's or Master’s degree in Engineering, Electrical/Electronics/Computer and 8+ years in design, product, test, system engineering experience

Systems experience, including:
  • Experience in SSD and or HDD architecture, Design or analysis and/or troubleshooting Operating systems: Linux, Windows, VMware Device drivers & Firmware Storage devices
  • Working knowledge of SATA, SAS or PCIe interfaces

Technical Skills, including: 
  • Detailed knowledge of NAND Flash, Solid State drives
  • Storage protocols: SATA/ATA, and NVMe
  • NAND interfaces: ONFI, toggle, etc NAND Management: error detection and correction
  • Storage Systems : RAID systems, Blades and Workstations
  • Demonstrated problem solving and troubleshooting skills.
  • Excellent verbal and written communications skills
  • Highly organized, self-motivated, and disciplined abilities
  • Ability to work with other engineers across multiple disciplines, as well as customers of various positions

Ramy Goldz
Team Lead Recruitments
Tel: 425-368-3436

Thursday, September 20, 2018

Information Security Risk Analyst

Title: Information Security Risk Analyst
Location: San Francisco, CA  94105
Duration: 06 months’ contract with possible extension.
Note: NO C2C and H1B
 
Job Description:
  • Familiar with NIST 800 special publications, ISO 27000, COBIT 5, and FedRAMP.
  • Industry Certifications such as CISA, CISM, CCSK, and/or CCSP.

    Responsibilities:
  • Knowledge of the roles and responsibilities of the Client's IT organizations, National Information Technology Operations (NITOs), and other FRS support organizations.
  • Broad understanding of the FRS' businesses and business goals.
  • Demonstrated understanding of compliance, audit process and ability to adhere/manage various risk controls.
  • Essential responsibilities: Help support identify risks in the Bank's processes and technologies, and lead improvement initiatives to minimize risk. The ideal candidate for this role will have the ability to blend and utilize their technical, organizational, business, and cyber security skill-sets.
  • Support and ensure compliance with Bank and FRS security controls, policies and procedures.
  • Lead project work of varying complexity and priority.
  • Lead multiple projects simultaneously and to work in a highly dynamic, rapidly changing environment. Requirements:
  • Must be a U.S. Citizen or a Green Card holder with the intent to become a U.S. Citizen
  • Bachelor degree in Information Technology/Computer Science/MIS, or related disciplines and/or equivalent work experience.
  • 7+ years of work experience within related information technology field, which include 3 years of experience in the security aspects of multiple platforms, operating systems, communications, and network protocols.
  • Experience with risk-based control assessment methodologies.
  • Excellent interpersonal, communication, organizational, and analytical skills.
  • Excellent consultative skills and the proven ability to work effectively with business partners, internal management and staff, vendors and consultants.
  • Proven ability to communicate technical issues to technical and non-technical business partners.
  • Strong critical thinking, analytic and problem-solving skills required.
  • CISSP certified or the ability to work towards obtaining the certification

Adnan Siddiqui
Senior Technical Recruiter
Intelliswift Software Inc.,
39610 Balentine Drive, Newark, CA 94560
Phone: 510 370 4533
Email: adnan.siddiqui@intelliswift.com

Security Analyst

Position with SCIF State Compensation Insurance Fund - Security Analyst, Pleasanton, CA
Job description:
The tasks for the Security Analyst include, but are not limited to, the following:
  1. Act as a Lead Consultant/Subject Matter Expert/domain champion
  2. Work on development of Information Security plan (ISP) and performing gap analyses
  3. Assist in updating/developing ISP, policies, training materials, website, procedures, controls, etc.
  4. Assist with audit remediation validation for compliance to security policies/standards
  5. Assist in the evaluation of security risk assessments and gap analysis
  6. Knowledge transfer to and training of State Fund employees
  7. Assist in updating/developing policies, training materials, website, procedures, controls, etc.
  8. Assist in creating policy compliance procedures including compliance measurement reports/dashboard
  9. Assist with audit remediation validation for compliance to security policies/standards
  10. Assist with the implementation of the various security tools
  11. Knowledge transfer to and training of State Fund employees
  12. Attend meetings/Represent Enterprise Security as a Senior Lead for all security matters
  13. Act as Lead/Co-Lead/Backup on assigned Enterprise Security project
  14. Knowledge transfer to and training of State Fund employees  

Technical Knowledge and Skills:
  • Hardware: network switches, routers, load balancers, servers, storage systems
  • Operating Systems: UNIX, Linux, Windows
  • Network: LAN, WAN, Internet, Proxy/Filtering, Firewall, VPN, DMZ
  • Network Protocols such as TCP/IP, SNMP, SMTP, NTP, DNS, LDAP,  NFS, Samba, etc
  • Active Directory
  • Vulnerability Assessments
  • Penetration Testing
  • Security
  • Mainframe DB2
  • Oracle databases
  • Best Practices Standards: ISO 27001/27002, PCI:DSS v3; GLBA; HIPPA/HITECH; NIST 800-53; California State Administrative Manual.
  • Excellent communication, technical writing, and customer service skills
Professional Skills:
  • 5-15+ Years’ experience in information security, Audit, and Security/Audit Compliance.
  • CISSP Required.  Other highly desirable security certifications may be substituted for CISSP (for e.g., CISM, CISA, etc.)
  • Extensive experiencing conducting ISO 27k gap assessment preferred but not required
  • Should have extensive experience in leading IT security/compliance/audit projects.

Ruchika Sinha| Resource Manager
48531 Warm Springs Blvd # 405 Fremont, CA 94539
Mobile: 510-378-1964 | Fax: (775)201-9919
Email: ruchikas@caspex.com
Web: www.caspex.com

Security Officer

Job Title: Junior Client Facing Security Officer 
Company: US Tech Solutions 

Position: Junior Client Facing Security Officer 
Location: Richmond VA 
Duration: 6 months with possible extension 

Skills Required: 
• Minimum Bachelor’s Degree (Specialization in Info Security is a big plus) of equivalent experience 
• 6+ years of proven experience in Information Security domain 
• Must have experience reporting to CISO/senior security leadership. 
• Adept at understanding the overall security/threat landscape and proposing solutions to mitigate risks from this environment. 
• Must have excellent understanding of tools and processes used for strengthening information security posture (Infrastructure Security devices – IDS/IPS, FW, VPN etc; Vulnerability Scanning tools, host based security systems, ISO 27001 controls etc.) 
• This is a client facing role - Excellent oral, written and presentation skills in English.
• Ability to work with the virtual teams 
• Must have good understanding of IT infrastructure architecture. 
• Must be an intelligent, articulate and persuasive individual who can serve as an effective advisor to the senior client security leadership. 
• Should be able to communicate security-related concepts to a broad range of technical and non-technical staff and drive security across multiple teams 
• Security certifications desired – CISA, CISM, CISSP, ISO 27001 - LA, LI, CGEIT etc. 
Security Management: 
• The CFSO is the central hub for all security related issues and concerns across the various towers that exist – Client engagement. 
• These issues and concerns, whether raised by the client , will be evaluated and handled appropriately, which involves communication between all involved parties. 
• Clear definitions of major and minor security threats for the specific solution are determined during the initial phases of the project, together with planned remediation, resulting in a project security threat matrix. 
• The CFSO is directly involved in documenting and resolving all major security events and incidents by investigating and assisting the operations teams as needed.
• For minor events like a single infected computer, operations staff may handle the remediation of the event. 
• The CFSO maintains the reports and records of security events and makes them available to appropriate personnel (such as forensics staff) as and when required. 
• The CFSO is the direct communications link between the client’s Information Security representative(s) 
• If so directed in the contract, the CFSO will notify the client’s Information Security representative(s) of any emerging information security threats or trends that may impact either the services that is providing or the operations of the customer. 
• This may take the form or direct emails, periodic newsletters, meetings etc. 
• The CFSO is part of the security tower (to ensure a standard approach) and works directly with the client’s Information Security representative. 
• Contractual requirements may require adherence to specific client policies and procedures by or some type of alignment of policies and procedures between the two organizations. 
• The CFSO will review the client policies and procedures that are provided (initially and from time to time) and make recommendations or changes to ensure that will fulfill these requirements within the recommended standards determined by the Security Tower. 
• This will usually involve working with the client’s Information Security representative and the Account manager 
• The CFSO will coordinate various information security activities within the client environment, such as vulnerability scans, access control audits and security awareness and training. 
• These activities and any deliverable reports are based on the contractual requirements and the standards determined by the Security Tower. 
• Some of these information security activities will also be a part of the client’s internal security regimen. 
• It is the CFSO’s responsibility to review reports from these activities as they relate to the client’s environment and recommend appropriate action when needed. 
• The CFSO will work with client auditors and regulatory authorities as required. 
• As information security gaps are detected by either the CFSO, the client, auditors or the service delivery team, the CFSO will take steps to ensure that each gap is either closed (within the standards determined by the Security Tower) or, if the gap cannot be closed, then the CFSO will work with the client’s Information Security representative to mitigate the risks and ensure that the client understands and acknowledges the residual risks. 
• The CFSO will develop, as needed, and distribute various security documents that are used by the service delivery team or are required by contract. 
• Examples of these documents are reports and forms such as Incident Reports and Access Control Reports as well as BeATo (proprietary tool) reports. 
• Some of these items may be only needed for internal purposes while others may be needed to fulfill a deliverable requirement. 
• The CFSO will ensure the client facing delivery environment is periodically assessed for risks through a formal risk assessment process followed. 
• The activity and results are combined with the risk assessment activity carried out for the rest of operations in that location. 
• The CFSO holds periodic Review Meetings with the client’s Information Security representative as part of the contract’s governance processes. 
• The CFSO will inform the client of our own security assessments (BeATo results) and takes note of improvement or corrective actions as observed by the client; and implement them. 
• Launch Vulnerability test, Launch Compliancy test, Audit follow up, Launch internal audit ( Password compliancy…), Security incident management, Security risk management (risk register follow up ), Weekly meeting with Client CSO, Biweekly meeting with RMIS (security team of ST), Weekly PMO meeting ( internal ), Monthly Virus summary reporting, Review of daily attack, new virus detection, correlation SEP and Trend. 
• BCP DRP review, Follow up of Ongoing actions, launched, and proposal. 
• Follow up of Virus remediation action (left alone and CMS servers) 
• Assessment of new proposal or improvement and new design of security solution proposed.

sumit.s@ustechsolutionsinc.com 
415-662-0537.

Thursday, September 6, 2018

Information Security Officer

Title:                       Information Security Officer
Work Location:     Santa Clara, CA
Contract to Hire: Yes - based upon performance
 
Position Overview:

  • We are looking for a talented hands-on security professional that has deep technical knowledge also likes contributing to the strategic direction.
  • In this role you will get to work with the full array of security solutions as well as support the security provisions throughout the environment’s infrastructure – networks, servers, desktops and applications.
  • You will also contribute toward strategic planning based on risk assessments and analysis.
Qualifications:
  • Bachelor degree or higher in CS, CIS, MIS or equivalent
  • Security Certification(s), such as CISSP, CISM, CGEIT, GSEC, CEH, MCSE:Security, and CCNP-Security certification
  • 5-10 years hands-on security administration or engineering experience
  • Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
Skills:
  • Client engagement soft skills are required
  • The ability to present and explain security and risk information for business executives to understand
  • The ability to lead people of various levels and technical expertise
  • The ability to prioritize and persuade in order to move the security program forward amongst competing initiatives
  • Experienced with security solutions (e.g. firewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC)
  • Strong understanding of NIST 800-53 & CSF, risk assessment and incident response standards
  • Strong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL, and Linux
  • Strong understanding of protocols, such as IPsec, ESP, GRE, SSL/TLS, 802.1x, RADIUS/TACACS, HSRP, GSLB and WCCP
  • Ability to perform and analyze packet captures
  • Ability to analyze suspicious emails, URLs, and files to ascertain if they are malicious
  • Knowledge of hacking techniques, vulnerability disclosures, and security analysis techniques
  • Knowledge of malware families, botnets, threats by sector, attack campaigns and attack methods
  • Scripting language such as PowerShell or PERL
  • Familiarity with incident tracking, change management and project tracking systems like ServiceNow and Jira.

Diksha Ranout
Lancesoft Inc
 Herndon, VA 20171
Direct:(703) 889-6574
DikshaR@LanceSoft.com

Wednesday, September 5, 2018

Security Analyst

Position: Security Analyst
Location: Menomonee falls, WI
Duration: Full-Time (Onsite Position)
 
No C2C/C2H, No Sponsorship, No Remote/Telecommute.   
 
Job Responsibilities
• Lead security assurance engagements and responsible for application (Web, Mobile) 
• Analyse application security architecture and understand security threats
• Help the offshore team members with the required details to kick-off testing
•  Knowledge in network vulnerability assessment, application penetration testing and security code reviews
• Closely working with Development teams and help them to understand the vulnerabilities and fix them.
• Draw Data Flow Diagrams (DFD), prepare threat models, identify threats and suggest mitigation steps
• Scan the code using Chekmarx and eliminate false positives and report defects to team.
• Identify scope for security testing
• Perform estimation for identified scope
• Assist in building security testing competency
• Mentor and provide technical guidance to team members in executing test cases.
• Mobile security exp(Both device level and app level)
• Mobile apps development exp/knowing complete sdlc for mobile apps will be an add-on.
• Retail exp.
• Closely work with SSG and share the monthly vulnerability reports and good at Jira tool.
• Skills Required: 
• Good knowledge of network & application security vulnerabilities
• Must be familiar with OWASP, SANS, CERT, WASC standards/frameworks for security testing and security code reviews. OSSTMM for network penetration testing
• Experience in performing threat modelling and identify attack vectors. Must be familiarity with STRIDE and DREAD concepts.
• Good Hands-on WebInspect,Checkmarx,Burp and open source tools.
• Must be able to handle tasks/activities with competing priorities
• Must be able to work independently & guide team
• Excellent analytical ability
• Good communication skills
 
Aman Rawat
Enterprise Solution Inc.

Naperville, IL
Cell: 408-216-7831

Skype ID: Mannrawat23
Email ID: amanrawat@enterprisesolutioninc.com
LinkedIn: https://www.linkedin.com/in/aman-rawat-36392aa4/