Tuesday, December 26, 2017

Security consultant

Job ID:        17-58612
Job Title:    Security consultant
Location:    Milpitas, CA
Duration:   12 Months Contract

·         It is generic Security consultant position.
·         Should have CISSP certification
·         15 plus years experience
·         Experience working with VISA preferable
·         Should be able to do security assessment for hardware, software and API Full stack experience so that he/she is able to check security vulnerability , Java vulnerability , API vulnerability.

Ashish Singh
Enterprise Solution Inc.
Desk: 408-318-6730
Cell: 408-702-2538

Friday, December 22, 2017

Information Security Assurance Analyst

Location: Information Security Assurance Analyst
Duration: 6 month Contract to Hire- Must be able to work for any employer in the US
The Information Security Assurance Analyst responds to vendor security questionnaires, performing vendor security due diligence and will be responsible for remediation of identified compliance and risk gaps. Performing quantitative and qualitative risk assessments. Maintain risk register and overall GRC application.
ESSENTIAL Job Duties & Responsibilities
* Responding to vendor security questionnaires (typically SIG)
* Performing the vendor information security management process
* Documenting gaps between vendor requirements and National MIs infrastructure
* Coordinate and execute IT security projects as it relates to Vendor Management
* Performing risk assessments (Quantitative and Qualitative)
* Maintain risk register with risk treatment plans
* Conduct research to keep abreast of latest security issues
* Prioritize remediation of gaps based on customer security due diligence assessments
* Keeps the GRC up to date with compliance frameworks and the evidence to validate compliance
* Evaluates information to determine compliance with laws, regulations, or standards
* 3-5 plus years related work experience
* Vendor audit and compliance experience, preferably with the SIG framework
* Strong experience with the Information Security Tools and Controls
* Solid understanding of networking concepts and system administration
* Knowledge of data compliance and privacy standards and regulations as they apply to insurance and banking industries
* Knowledge of Information Security Standards (ISO27001, NIST, etc)
* Ability to effectively prioritize and execute reporting tasks in a fast-paced, results-driven environment
* Extensive experience working in a team-oriented, collaborative environment with a diverse team of business and IT staff
* Bachelor's degree in Computer Science or Information Systems preferred; Professional certifications are an advantage
* Bachelors in Computer Science or related IT field and/or 5-10 years of experience working within a diverse IT environment with 3-5 of those years focusing on security
* Industry certifications related to this position a plus (CISSP, GIAC, SANS, etc)
* Valid Driver's License required for travel to job sites, client and vendor locations within the United States


Thursday, December 21, 2017

Network Engineer

Role : Network Engineer/ Architect
Location: Orange County, CA
Duration: 3+ Months CTH

We are looking for Cisco certified with strong competencies in route/switch. Security and wireless would be a plus. 
Job Details:
Must Have Skills

1.Cisco Switches and Routers
2.WAN accelerators, WAP, Proxies
3.Palo Alto Firewalls

Detailed Job Description:

•    Will be required to work as Network Architect and Admin interfacing with Customer constantly to discuss requirements and planning to implement Network IT migration and support.
•    Preferred knowledge Cisco Routers, Palo Alto firewall, WAN accelerators, WAP, proxies.
•    Will need to have indepth understanding of routing protocols and be able to provide solutions to common problems associated with IT network migrations.

Education/ Certifications (Required): BS or equivalent and CCNA preferred

Top 3 responsibilities you would expect the Subcon to shoulder and execute:
1.Interface with Customer and various third party vendors and gather requirements over multiple meetings and discussions
2.Communicate requirements, and be able to plan, migrate and implement Network IT migration along with offshore team as expected
3.Communicate requirements, and be able to plan, migrate and implement Network IT migration along with offshore team as expectedProvide Support for devices, including hands and feet support

Kriti Gakhar
Sr. Technical Recruiter
eTeam Inc 
ADDRESS: 77 City Center Dr, 
Mississauga - L5B 1M5
Office :- 905-461-3164 Ext :- 160               
E-Mail: kgakhar@eteaminc.com 

Wednesday, December 20, 2017

Security Analyst

Role:                           Security Analyst 
Location:                    Atlanta, Georgia
Duration:                    6 to 12+ Months
No of positions:         2
Client :                        Genpact 
Job Description:
The analyst would be responsible to work on security incidents, understand the impact and recommend remedial measures. Would be responsible for investigation of security incidents by analysing varied logs from security devices and SIEM like platforms. Ensure follow-up till remediation and write technical reports on root cause, source of infection, controls needed to prevent and or mitigate security threats.
Roles and Responsibilities:
·         Analyze customer data that resides in Kibana for malware/viruses generating high levels of traffic.
·         Good understanding of TCP/IP and network protocols with a robust understanding on known exploits and related mitigation techniques
·         Overall understanding on Information Security concepts and ethical hacking
·         Should be familiar with the working of most recent malware and what controls could be implemented to prevent and or mitigate them
·         In depth knowledge on Security Incident lifecycle and ability to work individually on closure of incidents
·         Ability to write detailed security investigation reports and present them to varied levels of hierarchy within the organization
·         Validate and follow up on remediation to ensure there are no residual security threats
·         Analytical ability to decipher varied log sources and information collated from SIEM or similar platforms and arrive at the root cause of security incidents.
·         Technical writing and communication skills to prepare key talking points for support personnel is a must
·         Ability to provide reports on Incidents worked upon, provide recommendation to improve security posture as per the different types of security devices and malware in the environment
·         Prepare detailed presentation and or assist with business cases to depict the cost savings and or potential impact to security of the organization
·         Preferred knowledge on Kibana or well-known SIEM platforms
Certifications: CISM, CISSP, GIAC is plus
·         Ability to converse and write technical reports for varied security incidents
·         Effective verbal and written communication skills
·         Ability to explain security terminologies to non-technical users and make them understand the need for security controls
·         At least 4-6 years of Information Security experience
Navneet Kumar
E-Solutions, Inc.
2 N. Market St., #400, San Jose, CA - 95113

Tuesday, December 19, 2017

IT Security Analyst

Position Title: IT Security Analyst
Position Number: 273362
Location: Concord, CA
Desired Skill Set:
Analysis, Analytical Skills, TCP/IP
Position Description:
Title: Sr Cyber Security Threat Analyst/Specialist
Location: Concord, CA 94518

• Bachelors in Computer Science, or related discipline, or equivalent experience.
• Certified Information Systems Security Professional (CISSP) certification.
• Experience in Information Technology (IT), 6yrs.
• Extensive experience in analyzing network packet capture data using tools such as Wireshark.
• Experience performing computer forensics and memory analysis using industry standard and open source tools.
• Desirable - Prior experience working in a 24x7 security operations center.

Keywords and experience in candidates resumes:
Prior SEIM experience – Security event and information management system, log aggregation and event notification Network packet analysis (PCAP analysis) – Analyzing network packet for malicious / suspicious activity Wireshark experience and WCNA ( a plus) - Open source network packet analysis tool , WCNA – wireshark certificate. Endpoint forensics – Ability to perform full investigation / forensics of endpoint / end user machine as a result of a security alert. Memory analysis – Ability to analyze physical memory collected from computer using open source or paid application Good analytical skills – ability to analyze and think out of the box when working a security event Experience with IBM QRadar a plus – IBM QRadar is the SEIM company has deployed and is using. Good networking knowledge – Good knowledge of TCP / IP protocols, ability to differentiate various layers in networking. Any GIAC certifications a plus – These are SANS (industry well known security course provider) certs such as GMON, GSEC, GCIH etc. Tools (for associate the below tools in their resume will be a huge plus, for career and above I expect to see at least one of these below IBM QRadar SEIM Encase – Forensics analysis tool ProofPoint IDS / IPS Palo Alto Firewalls Open source security tools such as Suricata, SANS SIFT workstation, Open source forensics tools – Volatility etc.

• Acts as a subject matter expert in area of field.
• Leads moderately to complex projects which may be cross functional.
• Analyzes complex malware/exploits through forensics, observation of network traffic and using other tools and resources to determine if systems are vulnerable.
• Leads development of framework for implementing tools and processes to improve quality and timeliness of reports.
• Expert in area of field and applies extensive knowledge of concepts, principles, and practices.
• Codes complex tasks that integrate systems, produce reports or provide output that can be leveraged by other team members or systems.
• Performs proficient forensic analysis using security tools and monitoring systems to discover the source of anomalous security events.
• Assists in performing basic research internally and externally.
• Performs complex system administration tasks (e.g. customization, cross-tool integration) for security tools.
• Develops a strategy to implement work in department.

Comments/Special Instructions
Manager is looking for good process documentation skill / experience. NERC access is required for this position
Santon Kumar
Associate Recruiter
Phone: (636) 812-4000, Ext.: 6794 | Fax: (636) 812-0078
E-mail: sykumar@roseIT.com

Monday, December 18, 2017

IT Security Operations Analyst

IT security Operations Analyst
Hayward CA
Long term contract
Locals preferred
Immediate joining
Dell secureworks highly preferred

Key Accountabilities

  •     Monitor, analyze, and respond to alerts from automated logging, monitoring tools, and other internal departments.
  •     Support daily administration of local and vendor managed security solutions.
  •     Analyze security threats, vulnerability assessments, and audit results to recommend security solutions that enable business objectives.
  •     Collaborate with other teams to support response efforts to security-related findings or concerns.
  •     Report on incident response metrics and provide assessment reports.
  •     Stay abreast of trends, best practices and regulations that apply to IT security and data privacy.
  •     Other duties and responsibilities as assigned.
Work Requirements
  •     Bachelor’s degree in Computer Science, IT, Engineering or a related discipline required       
  •     2-5 years of strong knowledge of incident response processes required.
  •     5-8 years of hands on experience with security systems, to include: IDS/IPS, SIEM, anti-virus, anti-spam, and other solutions required.
  •     0-2 years of experience managing security service providers to complete regular duties required.
Licenses and Certifications

    CISSP, CISM, CEH or other relevant Security Certifications preferred.

Talent Acquisition Specialist
408 617-5058- Direct 

Senior Application Security Engineer

Position: Senior Application Security Engineer
Location: Newark, CA
Type : Fulltime/Direct Hire

Ensuring web applications, APIs and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the Information Security Policy
Developing, implementing and monitoring enterprise information security architectures and solutions.
Designing and automating assessments through penetration testing and ethical hacking, then analyzing security risks and recommending mitigating and compensating security controls.
Working closely with the Security Operations Center to develop new incident response plans and playbooks related to web application security threats.
Working closely with engineering and QA to ensure security principles are enforced in all stages of the software development lifecycle.
Participating in source code reviews and providing assessments of changes to application design and architecture prior to release to production.
Working closely with cross functional teams to embed security, logging, auditing, and support all applications hosted within the corporate and cloud environments.
Performing assessments of security tools, vendors and solutions to support information security roadmap initiatives.
Help develop and deliver training around secure development lifecycle and secure coding practice.
Performing internal penetration testing working closely with the engineering team to assess and prioritize discovered security issues and vulnerabilities.
Maintain and support application security tools, including static and dynamic security analysis solutions, and develop related documentation.

Minimum 7+ years of experience in Information Security with an emphasis on application security.
At least one security related certification, such as CISSP, GIAC, CSSLP, required.  CISSP or CEH strongly preferred.
Experience with the development, deployment, and automation of application security solutions in an enterprise cloud based environment
Experience in DevOps environments and maintaining security in CI/CD processes highly desired.
Solid understanding of Microsoft Azure architecture and services
Deep understanding of OWASP Top 10 and CWE/SANS Top 25.
Demonstrated proficiency in ethical hacking and whitehat penetration testing techniques.
Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2
Hands-on technical proficiency with Burp Suite, Metasploit and Kali Linux highly preferred.
In-Depth knowledge of web application architecture, API development, and MVS frameworks required
Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
Experience in creating detailed solution design documents & diagrams
Demonstrated experience in investigating security issues related to web application exploits, credential stealing and authentication-based exploits
Demonstrated ability to facilitate automation and integration through scripting in Powershell, Python, Perl, etc, highly preferred.
Demonstrated proficiency in JavaScript, HTML, PHP or Python.  Programming experience in Java, C++ or C highly preferred.
Familiar with threat models for large, distributed systems and cloud-based SaaS infrastructure.

Chetan Gusain
Diligente Technologies | Santa Clara, CA | 95054
Direct: 408.689.2083 I Fax: 650.745.3257

Thursday, December 14, 2017

Certified Ethical Hacker

Role: Certified Ethical Hacker
Location: Auburn Hills, MI
Work Auth Type: Any
Type: FTE
Interview Process: Skype, Telephonic 

  • Welcome to L&T Technology Services, where you'll discover that our People truly are our biggest asset. It's the innovative spirit, quest for perfection, and passion to outperform that is ingrained in every employee that has become our driving force for sustained success.
Now, you too, can become part of the L&T Technology Services family. We are currently seeking a Certified Ethical Hacker to join our growing team in Auburn Hills, MI to support ongoing projects with FCA. In this role, you will be responsible for performing end-to-end testing for the TBM, Head Unit, Mobile & Web Portal Networks, and various systems related to the Connected Vehicle Services, including: Remote Door Lock / Remote Start / Remote Horns & Lights / Theft Alarm / On-board GPS / Theft Location Assistance / Driver Assist / Emergency Calls / SQDF / VHR / UAA / Local Search / Traffic Probe / Notificiations / Registration / Life-Cycle Management / Performance / In-Vehicle Assistance / Vehicle Finder / Head Unit Swap
Primary Responsibilities
    • Test interfaces with various system applications that support Connected Vehicle Services
    • Develop SOWs for Third Party Penetration Testing; regression, validation, verification of presence of security requirements
    • Perform connectivity / security validation based off global core security system levels
    • Review TPPT reports and create tracking dashboard to report across various platforms
    • Upload version-controlled reports in repository
    • Manage reviews with cyber-security team for penetration testing reports; create / close tickets
    • Perform Threat Assessments and Risk Assessments regarding identified vulnerabilities
    • Report on vulnerabilities to project management using prefabricated templates
    • Manage security tickets and manage ticket tracking system; update response received by 3rd Party Suppliers
    • Perform functional, performance, stability, and regression testing of new and existing connectivity enhancements
    • Identify vulnerabilities in Connected Services, UConnect and Vehicle Electrical Systems

  • Required Skills & Abilities
    • Bachelor's Degree in Electrical Engineering, Computer Engineering, Computer Science, or related field
    • Must have Certified Ethical Hacker (CEH) Certification
    • 5 years of experience in IT Security domain
    • 5 years of experience as Security Penetration Tester
    • 3 years of experience in Automotive Industry preferred
    • Demonstrated ability to identify exploits and vulnerabilities within Connected IoT devices, network infrastructure, web, mobile, and database systems
    • Hands-on experience executing vulnerability scans and penetration testing
    • Knowledgeable with regulatory and compliance requirements: PCI / HIPAA / SOX
    • Knowledgeable with information security frameworks: NIST / ISO / CoBIT
    • Knowledgeable with vehicle, mobile, web, and IT systems and related areas of vulnerability
Primary Skills:
CONNECTIVITY security test 
Secondary Skills:
Educational Qualifications

Jagan - AM
EROS Technologies Inc.
16192, Coastal Highway, Lewes, DE- 19958
Direct : 516-545-0711
E Mail: jagan@erostechnologies.com

Wednesday, December 13, 2017

Stroz Friedberg openings

Stroz Friedberg is part of Aon Cyber Solutions – a group that brings together cyber experts across Aon’s business units to help clients manage the financial and technical aspects of cyber risk holistically. As one of the largest brokers of cyber insurance in the world, Aon is a leader in risk quantification and transfer services. Stroz Friedberg offers the ability to react to cybersecurity incidents, proactively assess digital risk, and remediate technical vulnerabilities. Together, Aon Cyber Solutions is uniquely positioned in the market to provide a comprehensive set of services to assess, test, improve, quantify, transfer, and respond to cyber risks. 

Available Positions:
Sr. Consultant, Proactive Advisory Services
Locations: New York, Boston, Washington DC, Dallas, Los Angeles, San Francisco

Vice President, Digital Forensics & Incident Response
Locations: Washington DC, Los Angeles, San Francisco

Sr. Analyst, Threat Intel 
Locations: Remote or any US office

Full-Stack Software Developer
Locations: New York, Washington DC

Tuesday, December 12, 2017

Sr. AWS Security Architect

Sr. AWS Security Architect
Location:           Pleasanton, CA (1/2 mile from Metro)
Duration:           12 to 24+ months
Rate:                $85-125/HR DOE on C2C/1099

The recognized SaaS cloud based industry leader in its market is looking for a Sr. AWS Security Architect. The company has been in business for 20+ years, is public, earns $400+ million in revenue/year, $50+ million in net income/year, has $400+ million in cash reserves, is NOT VC funded, is cash flow positive and has 1,000+ employees. The company has been named to Glassdoor's 2017 Best Places to Work.

The Sr. AWS Security Architect will be solely responsible for leading the ground up design, build out and implementation of an enterprise AWS security infrastructure. The Sr. AWS Security Architect will initially perform an overall assessment of the company’s extremely high-volume SaaS products, the supporting platforms, 3 colocation data centers, existing private cloud, networks, data and web applications and the IT corporate infrastructure to gain an understanding of the environment as a basis for the design of the AWS Security Architecture.

More specifically, the Sr. AWS Security Architect will:
Perform security requirements gathering and controls reviews and then design, develop and execute the AWS Cloud Security initiatives and strategies
Have overall responsibility for the enterprise AWS cloud security architecture and, then, perform the deployment and operationalization of all AWS Security Services and AWS Security controls for cloud-based applications, across all cloud layers (including Infrastructure, Platform, and Software as a Service).
Implement AWS Security Services such as AWS Cloud HSM, Amazon Guard Duty, Amazon Inspector, AWS Key Management Service, Amazon Macie, AWS Shield, AWS Security Groups and any other necessary AWS Security Services
Research, design and implement AWS security measures necessary in order to address security issues related to public clouds such as hardware, network and software monitoring and controls, intrusion detection protection (i.e. VPC flow log, cloud trail, etc.), VPC for AWS, secure Amazon Route 53 DNS web services, the development of AWS Open API’s, etc.
Perform threat modeling and design reviews to assess security implications and requirements for introduction of new technologies into the AWS cloud
Partner closely with several levels of staff (C-Level to staff) and various departments (Network Engineering, Infrastructure, DevOps, Development staff, Data Engineers, Product Managers, etc.) to identify AWS Security risks and develop and deliver AWS security solutions
Design security and privacy controls for AWS cloud hosted applications.
Serve as a subject matter expert for AWS Security during development of AWS Cloud Security strategies and new AWS Service deployments.
Research, stay abreast of and implement all applicable new AWS Cloud Security Service provider offerings and industry emerging trends
The Sr. AWS Security Architect reports to the Director of Security

The company is currently operating a SaaS hybrid private and public cloud environment. The company is a large AWS user with 100+ AWS accounts in production utilizing AWS Services such as EC2: Elastic Load Balancing (ELB) and Launch Configurations, S3, Elastic Bean Stalk, Lambda and API Gateway, Route 53 DNS Service, VPC, CloudFront, CodePipeline and CloudFormation.

Must have 10+ years of progressive experience in information technology, information security and network engineering
Expert in Information Security
MUST HAVE experience in designing and securing at least one AWS Information Security architecture (experience must be proven and detailed in resume to be considered).
Should have experience designing and implementing one or more of the following AWS Security Services: AWS Cloud HSM, Amazon Guard Duty, Amazon Inspector, AWS Key Management Service, Amazon Macie, AWS Shield, AWS Security Groups or any other necessary AWS Security Services
Experience securing basic AWS Services such as EC2, S3, ELB, etc.
Experience identifying and implementing traditional security solutions and controls specifically for an AWS public cloud environment i.e. network controls, intrusion detection protection, VPC, network integration with public cloud, application development, etc.
Should come from a network engineering background or have a solid understanding of network engineering concepts and technologies (i.e. MPLS and BGP protocols, firewalls, encryption, virtualization)
Any knowledge and/or hands on experience with security tools including SIEM, IDS (Intrusion Detection Systems), IPS, Vulnerability Management Assessments, Network and Application Scanners, DLP/DLS, Network, Malware, DDoS and and/or security analysis tools is a plus

Al Karaptian
Phone:  310.937.3388

Information Analyst

Job Title: Information Analyst at San Francisco, CA 
Company: Pacific Gas and Electric Company 

Location: San Francisco, CA 
Duration: 6+ Months (Could be extended as per the client needs) 


Excellent verbal and written communication skills Able to embrace flexibility in assigned roles • Excellent follow-through Demonstrated ability to act independently, develop project plans and meet deadlines. • Ability to quickly gain knowledge and comprehension of new subject matter areas, Minimum of 1 year of experience if they have a Masters or advanced education * BA/BS Information Technology or equivalent experience • Demonstrated willingness to express constructive concerns or issues • Demonstrated success in process improvement initiatives * CCNA, CCNP, ACE and/or equivalent experience 

Providing excellent client and peer interaction using system analytic skills. Assist and support other business analysis on ad hoc requests. Work with the peer and clients to provide ad hoc cyber security services and approvals. Support existing implementation with providing helpdesk, systems support, palo alto firewalls to meet end user needs.

Deval Chaudhary

Security Analyst

Job Title: Security Analyst, Vulnerability Management 

Location: Menlo Park, CA 
Duration: 12 Months 

Triage incoming software, systems, and infrastructure vulnerabilities on a daily basis.
Research and reproduce vulnerabilities and the ideal way to mitigate them. 
Proactively update service and system owners of potential vulnerabilities and work with them on resolution. 
Configure internal tooling to automate repetitive manual process 
Create security tasks from different programs and work with security engineers and engineering teams to classify and fix security bugs. 
Capture metrics and use data to measure impact and drive internal improvements. 

Minimum Qualifications 
B.S. in Computer Science or equivalent experience. 
Basic understanding of information security principles. 
Experience with infrastructure technologies, system administration, vulnerability management and/or network security. 
Demonstrates strong analytical and problem-solving skills, detail oriented & organized approach, excellent communication, developed interpersonal skills. 
Ability to manage competing priorities and simultaneous projects in a fast paced environment. 
Preferred Qualifications 
Experience in a tech field and understanding of web application architectures 
Experience with security tools such as vulnerability scanners (Nessus, Qualys, Nexpose) 
Experience working in a web/tech company is highly desirable. 
Experience with query languages and data visualization tools (i.e. tableau) 

Faizan Shaikh 
135 West 26th Street, Suite 7B 
New York, NY 10001 
(720) 463-7001