Thursday, July 9, 2020

Application Security Tester

Job Title:-Application Security Tester

Job Location;- Bellevue WA

Long term Contract



- Extensive experience developing in Java Python JavaScript i.e. NodeJS AngularJS TypeScript variants i.e. Angular 2 and common scripting languages i.e. Bash .
- Deep experience working with XML and web services including SOAP and REST.
- Thorough understanding of coding concepts such as authentication mechanisms data serialization.
- Thorough understanding of application architectures such as n tier client and server API Postman microservices etc.
- Performs static dynamic code testing manual code inspection threat modeling design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
- Supports the implementation and enforcement of secure design principles according to policies standards and patterns of Information Security.
- Provide subject matter expertise and mentorship on architecture authentication and system security.
- Develops and implement manual and automated web application security testing of web applications to enforce security standards.
- Functional API Testing with Postman Newman and BlazeMeter
- Works with security product vendors and service providers to evaluate their security offerings.
- Must be familiar with the below Tool sets
- Fortify Web Inspect Expertise Advanced must be able to automate where possible
- Nessus
- Nmap
- Veracode
- Burp Suite
- ZED attack proxy
- Threat Modeling e.g. STRIDE
- Must be very well versed with OWASP Top 10 vulnerabilities and must demonstrate to exploit such vulnerabilities in mobile web and console applications.
- Understanding of both application and network layer security considerations and how to fix them such as buffer overflow ToC vs. ToU input validation encapsulation insecure protocols MITM attacks SQLi etc.
- Ability to work well both independently as well as within a team.
- Excellent verbal written and interpersonal communications skills.
- Ability to handle several tasks be organized make decisions and work efficiently effectively under deadlines.


- Bachelor of Science with 3 years of experience in cybersecurity


 Sandip Kumar

Noralogic Inc.

109 East 17th St, Cheyenne WY 82001

Call: 307-316-7223,964-393-6389


Wednesday, July 8, 2020

Cyber Security Analyst

Job Title: IT Security Analyst 3

Start Date: 06/23/20

Location: Dimondale, MI

End Date: 06/23/21


Monitor and advise on information security issues related to the systems and workflow at an agency to ensure the internal IT security controls for an agency are appropriate and operating as intended.


Member of the Michigan Security Operations Center (MiSOC) and will focus on Engineering supporting the following functional areas:


  • Vulnerability Management
  • Incident Response
  • Forensics
  • Security Operations
  • Threat Analytics
  • Configure, troubleshoot, upgrade and support security infrastructure devices
  • Support various security platforms, including but not limited to: Vulnerability Management platform (Tenable); Security Incident Event Management (SIEM) platform (IBM s QRadar); Content Filtering (WebSense); and various Symantec security platforms.
  • Identify and define system security requirements
  • Design computer security architecture and develop detailed cyber security designs
  • Prepare and document standard operating procedures and protocols
  • Engineer, implement and monitor security measures for the protection of computer systems, networks and information
  • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
  • Ensure that the company knows as much as possible, as quickly as possible about security incidents
  • Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement

Inderpal Singh

IDC Technologies Inc.


Monday, July 6, 2020

Information Security Engineer

Job Title : Information Security Engineer

Location : Media, PA

Duration : 6  Months contract


Job Summary: 

In consultation with the Information Security, Development and Infrastructure teams, the Security Engineer Contractor will help integrate information security requirements and controls as captured in security policies, standards and best practices into current and future architectures and designs. The Security Engineer will help in detecting and addressing (reactively and proactively) risks and vulnerabilities in Customer’s IT landscape. Play a key role in driving the evolution of Customer’s technical architectures and IT operations and ensure that security controls are embedded throughout future designs and plans.


Principal Duties:

1.      Engineer and implement security measures for the protection of computer systems, networks and information.

2.      Maintain awareness of information security policies, standards and requirements.  Stay current on information security trends and risks.

3.      Drive identification and definition of system security requirements.

4.      Develop and document cloud, automation, and API security requirements.

5.      Analyze, design, develop, and continually evolve modern software-defined infrastructure and application patterns.

6.      Analyze cloud architecture and application vulnerabilities using cloud-native tools.

7.      Continuously evaluate the organization's existing cloud infrastructure security practices and help to define, standardize and measure security-related activities.

8.      Support cloud certification activities such as system hardening, vulnerability testing and scanning.

9.      Work closely with development, infrastructure and information security teams in an agile workflow to promote and mature DevOps methodologies.

10.  Design computer security architecture and develop detailed cyber security designs (network, applications, software development, operating system, virtualization, cloud, automation, etc) with input from various stakeholders (Information Security, IT, etc) while working in a hybrid cloud/traditional data center environment.

11.  Prepare and document designs, architectures, configuration standards, standard operating procedures and protocols.

12.  Act as an advisor to internal teams enabling them to build and design products securely and efficiently.

13.  Develop technical solutions to help mitigate security vulnerabilities and automate repeatable tasks to reduce the risk of fraud, abuse and misuse.

14.  Communicate technical application security concepts to employees, including developers, architects, and managers.

15.  Assess the security posture, develop risk profiles, specify security requirements, and identify mitigation measures to safeguard public facing Web applications.

16.  Streamline usage of security technologies in a dynamic environment through automation and orchestration platforms.


Essential Functions:

1.      Ability to work well individually as well as in a team environment

2.      Excellent oral and written communication skills, including documentation skills specifically with the drafting and updating of process and procedures.

3.      Excellent customer service and interpersonal skills

4.      Ability to work with little or no supervision

5.      Detail oriented and strong organizational skills

6.      Strong analytical and problem-solving skills

7.      Ability to handle multiple projects simultaneously and independently

8.      Proven self-starter with demonstrated ability to make decisions

9.      Ability to learn new technologies quickly and independently


Basic Qualifications:

1.      Bachelor’s degree in Information Technology or a technical discipline (e.g., engineering) preferred, or technical certifications, or related experience

2.      Certified in one or more of the following preferred: CISSP, CISA, CISM, CEH, technology specific (proxy, data loss prevention, firewall, etc).

3.      Minimum of 7+ years working in Information Technology Security.

4.      Working knowledge of information security concepts and technologies such as: least privilege, networking, network segmentation, firewalls, IPS\IDS, network analyzers, encryption technologies, proxies, etc.

5.      Proven work experience as a system engineer or system security engineer

6.      Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols

7.      Cloud security (AWS - Azure) architecture, environment, and WAF experience

8.      Experience with container management and containerization technology.

9.      Experience on Authentication, Single Sign-On Infrastructure (AD, Azure AD, VDS, Ping Federate); Experience implementing multi-factor authentication, single sign-on, identity management or related technologies

10.  Extensive experience on authentication and authorization strategies using SAML/OpenID/OAuth;

11.  Extensive experience in usage related Identity & Access Management & defining standards around data at & data in transit - encryption, authorization, authentication, and security mechanisms, especially the foundational elements of the Public Key Infrastructure.

12.  Experience in building and maintaining security controls

13.  Detailed technical knowledge of application, network, database and operating system security

14.  Hands on experience in security systems, controls and concepts

15.  Experience with network security and networking technologies

16.  Working knowledge of sub netting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods

17.  Network and web related protocols (TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)

18.  Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication

19.  Thorough understanding of the latest security principles, techniques, and protocols


 Abhishek Singh                         

IDC Technologies, Inc

Mail to :

Phone: 408-648-2523

Senior ATG Developer

Job Title: Backend Engineer (ATG/Java)
Location: Sunnyvale, CA
Duration: 12 Months
Minimum Qualifications
Bachelor's Degree in Computer Science or related field and 6 years' experience building scalable e-commerce applications
ATG is mandatory
• 5+ years of experience with building scalable, high performing and robust Java applications
• Experience with big data methodologies involving Hive/Hadoop/ Spark;
• Experience with Hadoop workflow management using Azkaban, Oozie, Hamake or Cascading
• Hadoop stream processing using Storm/Spark
• Experience with no-sql technologies like Cassandra, couchbase, Flume or Hbase.
• Advanced scripting skills in at least one of the following: Python or Shell and willingness to learn new technologies
• Experience with Eclipse or other IDE development tools
• Experience with Continuous Integration and related tools (i.e. Jenkins, Hudson, Maven)
• Experience with Code Quality Governance related tools (Sonar, Gerrit, PMD, FindBugs, Checkstyle, Emma, Cobertura, etc)
• Experience with Source Code Management Tools (Github)
• Knowledge of standard tools for optimizing and testing code
• Ability to operate effectively and independently in a dynamic, fluid environment
Additional Preferred Qualifications
• Experience developing using J2EE technologies such as Servlet/JSP/Filters, JNDI, JDBC, JMS, JMX, RMI, Java Web Services or related skill
• Experience with Eclipse or other IDE development tools
• Experience developing with web/app containers such as Apache/Tomcat, Nginx
• Experience developing using relational databases such as Oracle or MySQL
Siva | Recruitment Specialist | (408) 731 6341
Amiseq, Inc. 1551, McCarthy Blvd, Milpitas, CA 95035

Tuesday, June 30, 2020

SOC Analyst

Title: SOC Analyst

Location: Atlanta, GA

Duration: Contract


Job Responsibilities:

Monitoring: monitoring email queue, ticket activity, alerts in SIEM, escalations from vendors, CTI teams, CSIRT and other teams. The purpose would be to ensure all esclations to L3 are quickly received, acknowledged, and actioned. The monitoring on the technical level would require reviewing alerts, activity, indications of infections and other security triggers to determine whether something malicious is occurring in the environment. This would require familiarity with various security products (e.g. SIEM, EDR, Proxies, Firewalls, etc.) as well as familiarity with attack methodologies.

Investigation & Analysis: the candidate should be versed in malware analysis, should know how malware is written (essential building blocks of how malware code is engineered and what it usually contains), its manner of execution, its lifecycle (across various MAF tactics  & techniques) and how it escalates. Should know sand boxing concepts thoroughly and should have at minimal intro level understanding of reverse engineering concepts. This means the candidate should know import tables, libraries function calls, persistence, lateral movement methods, etc. The candidate should also be familiar with Windows System Internals (how the Windows OS functions)

Threat Hunting:
The candidate should have a general investigative mindset and think like an investigator- asking the deeper questions to draw context, purpose, rationale, logic as to why the author/payload performed its operation. The candidate should know how to search & parse/sort through data sets such as process executions, dns calls, network connections, services installed, registry changes made on system and know how to hunt for those particular datasets  - whether those are event logs, DC logs, authentication logs, netflow logs, sysmon logs, etc. The hunter should be able to form hypothesis as to what a particular event(s) may indicate and know how to prove/disprove the hypothesis, know how to pivot and reestablish consequential hypothesis from the results.

The candidate should have good communications skills, write clearly and to the point, be able to deliver content based on the audience it is intended for, have a generally good command of the English language.

The candidate should have a generally positive attitude, be driven, be a team player, seek creative ways to contribute to team and effort, be available, resourceful and independent thinker for the most part.

Priyanshu Kumar

IDC Technologies Inc.
Desk: 408-290-6336

Text:  315-933-4046


Wednesday, June 24, 2020

Cyber Security Forensic Analyst

Title: Cyber Security Forensic Analyst
Location: Austin, Tx (with current situation, initially they will start remote)
Duration: 6 Months

Job Description:
IBM is seeking a Cyber Security Forensic Analyst professional to work on the Cyber Security Incident Response team (CSIRT) This position requires a strong technical security professional, who will be responsible for conducting highly technical and confidential investigations.  (e.g. data loss, advanced persistent threats, malware analysis etc)  
The role will be responsible for conducting forensic investigations and analysis in support of cyber incidents that are reported into the CSIRT team.  This role will require the ability to triage and conduct thorough examinations of all types of digital media within a heterogeneous environment, the ability to determine containment and/or remediation activities that may be required as well as identify potential threats.  Reporting and collaborating with the different areas of Business will be required, as well as providing relevant lesson learned output that can be fed into the IBM threat landscape.


• At least 5 years of experience in IT Security Digital Forensics
• At least 2 years of experience in Incident Response in a global corporate enterprise

Required Knowledge, Skills and Abilities
• Demonstrated computer forensic investigations experience.
• Expert-level knowledge of common attack vectors and penetration techniques.
• Solid working knowledge of networking technology and tools, firewalls, proxies, IDS/IPS, encryption.
• Demonstrated knowledge of forensic tools such as Encase, FTK, Axiom, Black Bag, SIFT.
• Experience with malware analysis (reverse engineering).
• Excellent technical writing and presentation skills.
• Excellent general writing skills in presenting information in a non-technical manner; Business Case construction, Proposals, and Plans.
• Ability to successfully lead and facilitate information gathering meetings with client senior-level employees.
• Event analysis and correlation.
• Experience managing large and small scale cyber security incidents.
• Ability to coach and training junior level analysts in industry best practices and methodologies.
• An ability to understand and correlate strategic decisions/methodologies into their practical application at an operational level.
• Demonstrated understanding of database structures and SQl
• Experience with Linux operating systems

Essential Duties and Responsibilities
• Conduct examination of digital media (hard drives, network traffic, mobile phones, etc.).
• Capture / analyze network traffic for indications of compromise.
• Review log-based data, both in raw form and utilizing SIEM or aggregation tools.
• Employ best practices and forensically sound principals such as evidence handling and chain of custody.
• Perform live network assessments using leading packet capture and analysis software tools.
• Establish timelines and patterns of activity based on multiple data sources.
• Identify, document and prepare reports on relevant findings.
• Utilize varied forensic software such as FTK, Encase, IEF, etc.
• Effectively communicate with clients to establish timelines, manage expectations, and report findings.

• Strong understanding of networking protocols.
• Experience in fast-paced investigations. 
• Experience with programming or scripting languages.
• Familiar with Q-Rader SIEM tool is a plus
• Demonstrated system administration skills.
• Ability to present highly technical information to non-technical audiences

Sachin Bhardwaj
Technical Recruiter
HMG America LLC



Wednesday, June 17, 2020

Network Security

Title:                 Network Security Palo Alto Contractor: SVBJP00002837
Location:         Remote, Tempe, AZ
Duration:        6+ Months
Job Responsibilities:
This role will report to the Network Security Manager. Their primary focus will be to work through operational tasks and project teams on firewall change needs.
Job Duties:
Audit firewall rules base and identifies specific remediation actions based on the following criteria:
- Ensure that firewall request adhere to policy and standards
- Complete business firewall request within the department's service level agreements (SLA's)
- Complete URL request within the department's service level agreements (SLA's)
- Help provide firewall subject matter expertise with project teams
- Help with implementing firewall upgrades and occasional weeknight and weekend firewall changes.
- Plan, coordinate, and execute modifications to the Client's firewall rule base in a production environment without causing adverse impact to the enterprise.
- Work with internal teams to validate the proposed changes, coordinate testing, and ensure that our rules are configured to permit the least privilege.
- Utilize our internal firewall policy management and logging tools to ensure our risk scores improve, and our changes are non-impactful.
This individual should have expertise working with Palo Alto firewalls and preferably Zscaler. They will be responsible for adhering to Client change control advisory process and work well with little to no supervision.

Ajay Thakur
Sr. Technical Recruiter
Shimento Inc
1700 N Broadway, San Jose, CA 97596
Phone: (510) 679-3320 Ext.121