Thursday, July 19, 2018

Information Security Officer

ROLE: Information Security Officer
DURATION: 6-12 months temp to perm for high performers 
LOCATION: Santa Clara, CA, 95050 

Job description: 
Key qualifications managers will look for in resumes: 
2. Experience collecting, analyzing, and implementing security best techniques (NIST) on systems and networks 
3. Experience proposing and keeping security policies updated 
4. Understanding of cybersecurity risks and incident response standards 
5. Background in SIEM - it's key to this position. 
Position Overview: 
• Work with one of Unisys’s prized clients in the heart of Silicon Valley by ensuring security for critical infrastructure. 
• We are looking for a talented hands-on security professional that has deep technical knowledge also likes contributing to the strategic direction. 
• In this role you will get to work with the full array of security solutions as well as support the security provisions throughout the environment’s infrastructure – networks, servers, desktops and applications. 
• You will also contribute toward strategic planning based on risk assessments and analysis. 
• Bachelor degree or higher in CS, CIS, MIS or equivalent 
• Security Certification(s), such as CISSP, CISM, CGEIT, GSEC, CEH, MCSE:Security, and CCNP-Security certification 
• 5-10 years hands-on security administration or engineering experience 
• Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. 
• Client engagement soft skills are required 
• The ability to present and explain security and risk information for business executives to understand 
• The ability to lead people of various levels and technical expertise 
• The ability to prioritize and persuade in order to move the security program forward amongst competing initiatives 
• Experienced with security solutions (e.g. firewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC) 
• Strong understanding of NIST 800-53 & CSF, risk assessment and incident response standards 
• Strong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL, and Linux 
• Strong understanding of protocols, such as IPsec, ESP, GRE, SSL/TLS, 802.1x, RADIUS/TACACS, HSRP, GSLB and WCCP 
• Ability to perform and analyze packet captures 
• Ability to analyze suspicious emails, URLs, and files to ascertain if they are malicious 
• Knowledge of hacking techniques, vulnerability disclosures, and security analysis techniques 
• Knowledge of malware families, botnets, threats by sector, attack campaigns and attack methods 
• Scripting language such as PowerShell or PERL 
• Familiarity with incident tracking, change management and project tracking systems like ServiceNow and Jira. 
• Ownership of day to day security events, perform incident response using NIST SP 800-61 standards, and determine root causes 
• Create and lead security initiatives that reduce risk as well as automate detection and protection mechanisms 
• Identify needs and implement comprehensive security controls using multi-layered security and defense in depth 
• Collaborate with all operations teams to ensure security controls and configurations are implemented and incorporated in their ongoing operations 
• Server security through vulnerability management, system patching and secure configuration 
• Network security through segmentation and firewall zoning and ACL policies, as well as secure configurations in firewalls, routers, switches, VPNs and load balancers 
• Endpoint security management to prevent malware and insider threats 
• Email security through Spam filtering and use of SPF & DMARC 
• Application security based on OWASP Top 10 
• Monitor SIEM, IPS, event logs and reports for indicators of attack and indicators of compromise 
• Proactive client involvement in solving client challenges and business opportunities
• Contribute quarterly security advisories for the Security Awareness Program 
• Keep security plans and documentation updated, such as the disaster recovery plans and security policies 
• Continuously mature the GRC program 
• Governance: Collaborate with client stakeholders and steering committees to ensure plans and identified solutions meet business needs and expectations. 
• Risk: Working with stakeholders to perform risk management and ongoing assessments, and then selecting mitigating and corrective controls based on Pareto analysis 
• Risk: Reviewing SOWs and RFP responses to assess risks 
• Risk: Collect, analyze, and validate open source intelligence 
• Ensure regulatory compliance with PCI-DSS, CJIS, and California Consumer Privacy Act of 2018 (AB-375) 
• Communicate with Unisys team on a regular basis to provide timely and informative reports and related analysis and recommendations to maintain and improve service delivery 
• Provide up-to-date information to clients in response to specific inquiries and meet all commitments ahead of due dates 
• Monthly presentations to executives on current state of risks, status of security controls, and remediation timelines 
• Monthly reports on security operations that provide current states of security controls 

To further discuss this opportunity, please call me at 703-889-6815. Send us a copy of your most latest Word formatted resume with current contact information and the preferred means of communicating with you. Also, fill out the questionnaire below and send it to us, this will assist us in understanding you profile in depth before we have a technical discussion on this opportunity. 
· What is your full legal name? 
· Are you currently on a project? If yes, how soon can you start? 
· Have you ever submitted your resume to our client in last 1 month? 
· Any other Interviews/Offers in Pipeline? 
· How soon will you be available for Phone/in-person interview with the client? 
· Would you prefer to work as a Salaried or Hourly employee? What is your pay expectation? 
· Are you open to relocation? If yes, what locations? 
· Contact Info: 
· Phone # 
· Alternate Contact# 
· Email ID: 
Also, be aware that our client conducts a criminal background check/ Test for Drug of Abuse on candidates who are extended offers for employment. Therefore, please let us know if you have anything in your background that could possibly prevent you from working with our client. 
About LanceSoft: 
Headquartered in Herndon, Virginia, LanceSoft is one of the fastest growing IT services Company. We are geographically spread to cover all the 50 states in the US and our global software development centers have the capability and capacity to cater to our global client’s requirements in the most efficient manner. We have experienced exponential growth over the last few years and anticipate continuing to do so in the future as well. We have won numerous national, regional and state awards for being one of the fastest growing companies in the US. Our prestigious client base comprises of a number of Fortune 500 companies. LanceSoft’s dynamic work environment and culture constantly nurtures innovation, strategic thinking, and creativity and is complemented by strict process controls across our delivery centers globally. With attractive compensation packages, positive and productive work environments and challenging assignments to offer, LanceSoft is committed to being the employer of choice. We are committed not only to attracting and hiring top talent in the industry, but also developing and maintaining long-term relationships. LanceSoft recognizes true potential and provides people with the right opportunities. We offer a complete range of benefit packages to our employees which includes but is not limited to paid vacations, holidays, personal days, medical, dental and vision insurance, 401K savings plan, life insurance, disability insurance and many other attractive benefits. 
I look forward to work with you and encourage you to visit our website to learn more about LanceSoft as an organization 

Kush Porwal 
Contingent Workforce | Back Office Services | Enterprise Solutions 
Direct: 703-889-6815 | Fax: 703-935-0339 | |