Tuesday, July 17, 2018

IT Security Engineer

Job Title:          Mid level IT Security Engineer
Duration:          6 Months to Hire
Location:          Irvine, CA
Start:                 ASAP
Pay Rate/Hr:    $50 - $60/hr; Salary: $90-100k/yr

Job Essential Function 1
Percent of Time: 30%

ADMINISTRATION OF IT SECURITY SYSTEMS
Perform as technical administrator for a variety of IT Security-related systems including: intrusion detection and prevention systems (IDS/IPS), network firewalls, site-to-site and client VPNs, network connection loggers, security information and event management (SIEM) systems, threat detection and identification (TDI) systems, vulnerability management systems, specialty authentication/authorization systems, multi-factor authentication, SSL certificate management service, email anti-virus/anti-spam/anti-phishing, privileged credential management, sensitive data scanning, advanced endpoint security, and central encryption and key services. Build and deploy new firewalls and VPNs, and help move existing networks behind firewalls. Ensure the uptime, reliability, and effectiveness of IT security systems. Provide after-hours support and on-call availability for critical services. Ensure customer service requests, break-fix incidents, and questions are addressed within the defined SLAs. Create scripts to automate common practices.

Job Essential Function 2
Percent of Time: 30%

IT SECURITY OPERATIONS
As part of the security operations center (SOC), monitor and analyze security events from multiple sources, detect, escalate, triage and resolve security incidents. Analyze the severity and risk classification of an incident and respond appropriately. As part of the incident response team, investigate the cause of and quickly mitigate potential information security breaches on campus. Perform basic forensics of systems involved in an incident and suggest remediation. Monitor news and respond to new and evolving threats reported in the industry and other higher-ed sources.

Job Essential Function 3
Percent of Time: 25%

IT SECURITY ENGINEERING
Work with customers and other IT administrators to plan and implement appropriate IT Security controls and integration with existing IT Security services. Provide direction on appropriate network segmentation based on risk. Research and propose new ideas and evaluate new IT Security solutions in accordance with the information security plan.

Job Essential Function 4
Percent of Time: 15%

COMMUNICATION, DOCUMENTATION, AND LEADERSHIP     
Review IT security requirements and communicate standards and best practices to campus affiliates. Communicate reports, alerts, and/or advisories to campus affiliates. Collect metrics to measure and communicate the effectiveness of services. Provide leadership, formal project planning, and communication of projects and services. Develop and maintain appropriate documentation for technical and non-technical audiences. Engage and collaborate with other system-wide groups on UC security initiatives. Continually work to improve processes and procedures.

SKILLS, KNOWLEDGE AND ABILITIES:

Required:
Three (3) to five (5) years with BA/BS OR one (1) to three (3) years with MA/MS or equivalent combination of education and experience.
Three (3) years of direct IT Security related work experience.
Strong working knowledge of Cisco ASA Firewall/VPN technologies, IOS, and ability to administer the full lifecycle of the devices.
Strong working knowledge of Palo Alto network intrusion detection and prevention systems (IDS/IPS) and firewall/VPN technologies.
Experience with SIEM or other proactive security event log alerting tools.
Experience performing network and web application vulnerability scanning.
Proven skills managing TCP/IP-based networking, and using common network troubleshooting tools and techniques.
Knowledge of various TCP/IP related attacks and common mitigation techniques.
Knowledge of IPv6 and NAT technologies and their security implications.
Strong knowledge of network segmentation best practices using a risk-based approach.
Experience performing basic digital forensics on Unix/Linux and Windows platforms.
Ability to work within Linux, Windows, and Mac environments.
Experience being a member of a security incident response team and working within a SOC.
Practical experience with common encryption and key management technologies.
Comfortable using regular expressions (regex) syntax.
Knowledge and implementation of IT Security fundamentals including the CIS Critical Security Controls ( SANS Top 20 ) and NIST Cybersecurity Framework.
Knowledge of ITIL and ITSM solutions. Experience using common project management, work tracking and reporting tools.
Experience working within formal SDLC and change management processes.
Experience with vendor software implementation, negotiation of contracts, and SOWs.
Excellent problem solving skills and the ability to rapidly learn and apply new highly technical skills.
Superb written and verbal communication skills and the ability to effectively communicate highly technical topics to a wide range of people.
Demonstrated strong interpersonal skills; consistent history of building strong relationships with technical and non-technical consumers of IT services provided.
Ability to work effectively with external vendors and all levels of technical staff, management, and stakeholders.
Strong collaborator and team player who is customer service oriented, with a proven track record of working across a large distributed enterprise.
Excellent planning, time management and organizational skills, ability to create effective project plans and timelines and present them in a group setting.
Ability to work independently, keeping track of a number of continuing problems, requests, and projects. Ability to work on several tasks concurrently.
Working knowledge of at least one high-level programming language, and skill in the design, writing, testing and debugging of computer programs or shell scripts. Examples: Perl, Python, Ruby, PHP, C, Java.

Desired:
Strong knowledge of ISO, NIST, FISMA and other and risk assessment frameworks.
Familiarity with web development and programming languages i.e. Java, .NET, PHP, XML, Perl and HTML.
Working knowledge of web application firewalls (WAF) such as F5 ASM.
Implementation of SIEM technologies.
Experience working with Argus and Netflow log collection.
Knowledge of email spam/virus/phishing mitigation at an enterprise level, including ClamAV, SpamAssassin, MailScanner.
Windows and/or Active Directory system administration skills.
Unix system administration skills, particularly in the Linux or Solaris environments.
Experience using ServiceNow as both a request tracking and project management tool.
Experience implementing technical security solutions in an AWS cloud environment.
Knowledge and understanding of wireless networking.
Working knowledge of authentication systems, such as Radius, LDAP, Duo Security Multi-Factor authentication, MIT Kerberos, etc.
Working knowledge of Microsoft Office and wiki software. Demonstrated experience creating spreadsheets, reports, charts, and presentations supporting project management, technical communications, etc.
Proven skills diagramming computer networks using diagramming software such as Visio.
Knowledge of State and Federal Regulations and Requirements for data security and privacy.
Knowledge of HIPAA, PCI-DSS, FERPA, GLBA, and other information and privacy compliance programs.
Relevant information security certifications (e.g., CISSP) preferred or the ability to gain a certification within 6 months of hire.
 

Andy Ballantyne
Sr Technical Recruiter
Calance
800-732-4680 x709

aballantyne@calance.com

Information Security Officer

Client: UNISYS
Position: Information Security Officer
Job ID: 1912200928
Location: 100% onsite in Santa Clara, CA
Duration: 6-12 months temp to perm for high performers.( Contract To Perm)

Pay : $68.30/hr. on W2

Qualifications:
·         Bachelor degree or higher in CS, CIS, MIS or equivalent
·         Security Certification(s), such as CISSP, CISM, CGEIT, GSEC, CEH, MCSE:Security, and CCNP-Security certification
·         5-10 years hands-on security administration or engineering experience
·         Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

US CITIZENSHIP REQUIRED.

Skills:
·         Client engagement soft skills are required
·         The ability to present and explain security and risk information for business executives to understand
·         The ability to lead people of various levels and technical expertise
·         The ability to prioritize and persuade in order to move the security program forward amongst competing initiatives
·         Experienced with security solutions (e.g. firewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC)
·         Strong understanding of NIST 800-53 & CSF, risk assessment and incident response standards
·         Strong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL, and Linux
·         Strong understanding of protocols, such as IPsec, ESP, GRE, SSL/TLS, 802.1x, RADIUS/TACACS, HSRP, GSLB and WCCP
·         Ability to perform and analyze packet captures
·         Ability to analyze suspicious emails, URLs, and files to ascertain if they are malicious
·         Knowledge of hacking techniques, vulnerability disclosures, and security analysis techniques
·         Knowledge of malware families, botnets, threats by sector, attack campaigns and attack methods
·         Scripting language such as PowerShell or PERL
·         Familiarity with incident tracking, change management and project tracking systems like ServiceNow and Jira.

Responsibilities:
·         Ownership of day to day security events, perform incident response using NIST SP 800-61 standards, and determine root causes
·         Create and lead security initiatives that reduce risk as well as automate detection and protection mechanisms
·         Identify needs and implement comprehensive security controls using multi-layered security and defense in depth
·         Collaborate with all operations teams to ensure security controls and configurations are implemented and incorporated in their ongoing operations
·         Server security through vulnerability management, system patching and secure configuration
·         Network security through segmentation and firewall zoning and ACL policies, as well as secure configurations in firewalls, routers, switches, VPNs and load balancers
·         Endpoint security management to prevent malware and insider threats
·         Email security through Spam filtering and use of SPF & DMARC
·         Application security based on OWASP Top 10
·         Monitor SIEM, IPS, event logs and reports for indicators of attack and indicators of compromise
·         Proactive client involvement in solving client challenges and business opportunities
·         Contribute quarterly security advisories for the Security Awareness Program
·         Keep security plans and documentation updated, such as the disaster recovery plans and security policies
·         Continuously mature the GRC program
·         Governance: Collaborate with client stakeholders and steering committees to ensure plans and identified solutions meet business needs and expectations.
·         Risk: Working with stakeholders to perform risk management and ongoing assessments, and then selecting mitigating and corrective controls based on Pareto analysis
·         Risk: Reviewing SOWs and RFP responses to assess risks
·         Risk: Collect, analyze, and validate open source intelligence

Compliance:
·         Ensure regulatory compliance with PCI-DSS, CJIS, and California Consumer Privacy Act of 2018 (AB-375)
·         Communicate with Unisys team on a regular basis to provide timely and informative reports and related analysis and recommendations to maintain and improve service delivery
·         Provide up-to-date information to clients in response to specific inquiries and meet all commitments ahead of due dates
·         Monthly presentations to executives on current state of risks, status of security controls, and remediation timelines
·         Monthly reports on security operations that provide current states of security controls


Zeeshan Shaikh
Associate Talent Acquisition
Ampcus Inc.
14900 Conference Center Dr.
Suite 500
Chantilly VA 20151
703-775-2240 (Direct)
703-822-4475 x 1269 (V)
703-956-6996 (Fax)

Wednesday, July 11, 2018

Security Architect

Security Architect 
Plano, TX
Duration :12+ Months
 
POSITION SUMMARY –
  • The Information Security Project Consultant (SPC) is responsible for providing security guidance to project teams responsible for delivering business solutions. The InfoSec Consultant will provide security guidance, identify and prioritize security-related requirements, promote secure-by-default designs and facilitate delivery of information security services.
  • The Security Project Consultant is measured on their ability to efficiently analyze system architectures to develop appropriate requirements which enforce Our Client policies and standards. Their ability to manage multiple simultaneous fast-paced projects is critical. They will also be expected to perform risk assessments of information systems and infrastructure, develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to IT project teams and management. Excellent communication and interpersonal skills are essential and will be measured critically in all performance measurements. Experience reviewing vendor contracts and ensuring contracts meet the Our Client information Security requirements is a plus. The InfoSec Consultant will be expected to work on multiple projects and tasks concurrently.
 
List the position Requirements:
  • Minimum 5 years previous experience as a Security Analyst, Security Architect or equivalent.
  • Experience as an information Security consultant/Architect in Banking and Financial services.
  • Familiarity with standard network security technology solutions: e.g. firewall, router, VPN, IDS
  • Additional familiarity with the use of standard security technology solutions and processes such as: access control, user provisioning, directory, vulnerability management, anti-virus, single sign on, auditing, encryption
  • Understanding of FFIEC, GLBA and SOX and their applicability to technologies and applications.
  • Excellent organization skills
  • Excellent written and verbal communication skills
  • CISSP certification
  • Needs to be Senior level and able to manage projects on their own with strong knowledge of Security and Technology Architecture
  • High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity
 
Must Haves:
  • Good interpersonal skills, Self-Starter, CISSP or other security certifications, Personal integrity, Prior experience (at least 5 years) with security tools and technologies.
  • Preferred/ Nice-to-haves: Experience in financial services
 
Sravan K C,
KAYGEN  
15420 Laguna Canyon Road, Suite 270, Irvine, CA 92618
O: (949) 203 5100 ext 116 |M: (949) 407 8040 | F: (949) 861 6500
sravan.c@kaygen.com I URL: www.kaygen.com |

Thursday, July 5, 2018

Security Manager

Security Manager- Napa, CA 
6 Months CTH
Responsible to coordinate with system owners to procure based on company policies, implement, test and produce audit evidence for all security configurations; coordinate and oversee regularly scheduled security assessments; coordinate remediation for all security assessment gaps in system configuration.  Maintain up to date knowledge of security threats, vulnerabilities, exploits, and trends in the security environment and their impact to the IT systems.  Maintain security certifications to demonstrate command of knowledge in the security industry.  Work closely with all Information Technology Infrastructure and Application Development staff to maintain high levels of security.  Contacts are employee at all levels, the Board of Governors and vendors.
Under general supervision, be responsible for the management and implementation of the IT Security Policy.  Responsibilities include review of security configuration for key IT systems within the scope of the Security Policy, including Servers, Workstations, Networks, Storage, Communications Systems, Operating Systems, Internet, Business and Third Party Applications.

Qualifications
•CISSP Required
•Five to Seven (5-7) years’ experience supporting technical environments.
•Five+ (5+) years’ experience maintaining and developing security policies in an IT organization.
•Comprehensive knowledge of TDC Technology platforms.  This will include items such as Microsoft Windows Platform, Office 365, Azure, IIS, virtual infrastructure, Internet technologies, networking, telephony and VOIP systems.
•Comprehensive knowledge of enterprise class security solutions.
•Comprehensive knowledge of hardware configuration and setup process
•Comprehensive knowledge of networking and network security configuration and setup process
•Comprehensive knowledge of security, vulnerability, exploits, forensics, incident response.
•Knowledge of virtualization technologies, including VMware, desirable.
•Broad knowledge of relevant IT industry concepts, practices, standards and procedures.
•Ability to prioritize multiple projects and meet deadlines.
•Excellent oral and written communication skills.
•Ability to work with diverse personalities.
•Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.  Ability to write reports, business correspondence, and technical procedure manuals.  Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.
•Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume.  Ability to apply concepts of basic algebra and geometry.
• Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and set variables
 
 
Priyank Kapil
Technical Recruiter , Net2Source Inc.
Board: 201.340.8700 Ext 429  | Direct: (201) 676-3195
Email Id: pkapil@net2source.com| Website: www.net2source.com
Address: 317 George St., Suite 220, New Brunswick, NJ 08901

Monday, July 2, 2018

GRC/Security Analyst

Position : GRC/Security Analyst
Location : San Jose , CA
Duration : 6 Months Contract
Rate : DOE
Interview mode : Phone and F2F interview or Skype

Responsibilities
8 or more years with IT security and audit experience with extensive knowledge of national/international security and risk management standards including NIST, PCI, CJIS, CMS, ISO, SOX, HIPAA, HITECH and other regulatory requirements .

Knowledge of GRC systems, security standards and progressive experience documenting and performing security assessments, and reviews.
1.    Assist the CJIS Program Manager/Administrator with the administration of the CJIS Security, Governance, Risk and Compliance (GRC) enterprise risk management processes.
2.    Engage and assist specific stakeholders/agencies with risk assessment processes, and identify gaps in security control environment and CJIS compliance requirements.
3.    Perform gap analysis of security requirements implemented within the business unit/agency application(s) and operations according to Corporate processes, statute, regulation, standards and CJIS policies.
4.    Provide guidance to staff with standard interpretation of CJIS/NIST/FedRAMP controls and other security statutory and regulatory requirements.
5.    Assist with policy/process/procedure development and documentation along with entering information into GRC systems to complete risk assessment, analysis and processes.  
6.    Assist with GRC volume of work for business units/agencies.
7.    Assist with establishing Cyber Security/Risk Management Frameworks. 
8.    Work with team in improving process.
9.    Other risk management/cyber security related tasks as assigned.

Skills & Ideal Experience

·         Information Technology Experience – Required – 6 Years
·         IT Security and/or Audit Experience – Required – 6 Years
·         PCI, NIST, FISMA, HIPPA, CJIS, or related experience – Required -  5 Years
·         Experience working in large, complex business and/or IT environments – Required – 6 Years
·         Bachelors or Masters Degree in Computer Science, MIS, Business, Accounting, or Engineering (or related) – Required – 4 Years
·         Technical skills: knowledge and experience in IT security statutes, regulations, and standards, experience in GRC tool(s). – Required – 5 Years
·         CISSP/CISM/CISA certifications – Preferred
·         AWS Cloud experience and certifications - Preferred
·         Practical experience with commercial and/or Federal Government Governance, Risk & Compliance platforms – Required – 3 Years
·         Practical experience working with business and IT/LOB stakeholders to complete Risk Assessments – Required – 3 Years
·         8-10 total years related experience, ideally in a fast-paced startup environment.
·         Experience building solid configuration management for rapid application deployment and pipeline environments.
·         Results-oriented, collaborative professional with ability to work successfully in a highly matrixed organization.
·         Clear communicator who is very conductive to working in a team environment and helps lift team spirit.
·         Grit, drive and a strong feeling of ownership.
·         Innovative professional with a bias towards action rather than simply maintaining status quo.


Manoj Kukreja
Technical Recruiter
Amiga Informatics Inc.
501, S. Broadway Hicksville, NY 11801
Direct - 516-666-8065  : Board - 516-531-9060 Ext -118

Systems Architect

+6 month consulting opportunity for a Data Communications Systems Architect with a Fortune 100 telecom company in Southlake, TX

*MUST BE ABLE TO WORK ON A W2 - NO 3RD PARTIES*
*ONSITE INTERVIEW REQUIRED*


RESPONSIBILITIES
 Responsible for day to day administration, disaster recovery, network design and project management
• Responsibilities associated with this position include application support, integration, network administration, desktop troubleshooting, hardware/software procurement and installation, and asset/license management
• Author functional specification or work with other engineers to provide guidance in creating functional specifications
• Participate and lead brainstorming discussions to arrive at optimal designs
• Work with architects and leads in other functional areas of the engineering team to cooperate on the complete system design and influence design decisions

REQUIRED SKILLS
• BS in CS, EE, Physics, Math is required
• Experience in providing server/desktop support both in Microsoft and Unix environments
• Development experience in C/C++ on UNIX (Linux or BSD) or embedded operation systems
• Experience in networking systems with recent emphasis on security and gateway appliances or software products: Windows NT/2000/2003/SBS/Unix servers, Microsoft Exchange 5.5/2000/2003, Windows 98/NT/2000/XP/Linux, and Microsoft Office 2000/2003
• Candidate must have strong problem solving and interpersonal skills. 10+ years of experience.
• Experience with Cisco routers, and firewalls, is preferred


Chris Liendo
Axelon Services Corporation
44 Wall Street 18th Floor
New York, NY 10005
(212) 488-5344
chris.liendo@axelon.com