Friday, September 28, 2018

Senior Security Analyst

Title: Senior Security Analyst

Type: 3+ month contract
Location: San Jose, CA
Rate: DOE
Start: ASAP

Day to Day:
  • Drive Corporate Security Program based on the NIST CSF – Identify, Detect, Protect,Respond and Recover.
  • Identify and Monitor the Corporate Networks to determine if there have been any attacks.
  • Analyze network traffic to identify anomalies and test information security controls for weaknesses.
  • Design and implement safeguards to protect the system with the help of network engineers and other members of the Technology Services team.
  • Respond to threats by taking mitigating actions to contain the activity and minimize damage
  • Participate in risk assessments and breach readiness exercises for incident management.
  • Facilitate forensics analysis to determine the source of the threat. Document lessons learned as well as identify process improvements.
  • Communicate security issues to management via reports, dashboards. Provide weekly metrics on overall security posture.
  • Research emerging threats and work with the Security Operations Center (SOC).
  • Drive the Vendor Security Program including annual self-assessments.
  • Participate in the security toll-gates on SSDLC projects.

Must Haves:
  • Knowledge of software development, computer networks and Internet threat activity.
  • Knowledge of Security Incident and Event Management (SIEM) tools (Splunk, Qualys).
  • Previous enterprise or platform/cloud vulnerability management experience.
  • Previous experience leading an information security program in large, national or international enterprise a plus.
  • Excellent written and verbal communication skills, including experience engaging with executive and technical audiences.
  • Must be able to work in a fast paced, high profile environment.
Nice to haves:
  • Industry Certifications – Network Security or Certified Information System Security Professional (CISSP) with professional experience in Network Security.

Yasaman Eskandani 
Phone: (415) 418-7389    Email: yasaman.eskandani@mondo.com    Website: mondo.com
Address: 250 Montgomery St Suite 610 San Francisco CA 94104 

IT Security Engineer

Role: IT Security Analyst Role
Location: Foster city, CA.
Duration: Long-term

Skill Set:

•         Infra/Network Vulnerability assessment experience
•         Expertise in manual assessments, identifying root cause & fix recommendations.
•         Primary expertise tool Nexpose (Secondary tools - Nessus/Qualys)
•         Appropriate security certifications, such as CEH, GIAC, CISSP
•         Expertise in identifying & recommendations to fix SAN 25 & other real time threats.

Roles/Responsibilities

•         Performing Vulnerability Scans, Scan Functions / configuration, Creating Profiles, Host Discovery & Mapping Function, Scheduling regular /Adhoc Scans.
•         Conduct and report vulnerability assessments against the Equipment and Software using the following tools - Nexpose
•         Prepare and coordinate vulnerability risk assessments for proposed changes to the Equipment, Software and related Services.
•         Support Third Party Vendors appointed by client to conduct periodic reviews and vulnerability risk assessments of the Equipment, Software, processes and practices.
•         User management & Reports
•         Automatic Host Scans, Risk Mitigation
•         Recommendation on VM reports, Reporting
•         Exposure to SOC environment
•         Exposure to ITSM ticketing tools
•         Good problem solving skills, coordination between teams and telephone etiquette.
•         Knowledge of multiple desktop programs, configuration and debugging techniques.
•         Experience providing superior customer service and support.
•         Experience working effectively in a team environment, communicating effectively, resolving issues efficiently, and contributing to the improvement of the IT Services and infrastructure.

Darren Parker
Technical Recruiter
Net2source Inc.
Corp. HQ’s : 317 George St., Suite 220, New Brunswick, NJ 08901

Tel: (201)-479-3296  EXT:473| Fax: (201) 221-8131
E-mail:- Darren@net2source.com

Security Business Analyst

Job Title: Security Business Analyst
Location: Mountain View, CA 
Duration: 6 Months
 
Job Description - Key Responsibilities:
  • Will lead requirements gathering and management through workshop facilitation, product backlog grooming and continuous feedback loops with the internal teams.
  • Demonstrable experience in ITIL and NIST frameworks
  • Lead requirements gathering activities, ensuring all parties agree on the plan to deliver the minimal viable solution and subsequent releases.
  • Assist in regular grooming of the backlog to ensure appropriate level of detail is captured at the right time.
  • Agile – Assist in the planning and facilitation of the various Agile meetings and artifacts, including sprint planning, reviews & retrospectives, daily stand-ups & planning poke
  • Development of user stories related to the project, with the aim of driving these through to relevant test scripts and management of delivery of the requirements through to production.
  • Working with key stakeholders including the Product (Business) Owner to identify the solutions that meet their needs
  • Advising stakeholders including the Product (Business) Owner on options, risks, and aligning of priorities
  • Defining user stories and acceptance criteria
  • Functionally decompose complex problems into simple, straightforward solutions and ability to present recommended solutions to all levels of the organization
  • Obtaining stakeholder sign off
  • Assist in team management – Assist in team development while holding teams accountable for their commitments, helping removing roadblocks to their work; leveraging organizational resources to improve capacity for project work; and mentoring and developing other team members
  • Proven Business Analysis skills, with 5 to 7 years’ experience
  • Minimum of 5 years’ experience working in Cyber Security
  • Experience in development lifecycle under the agile umbrella
  • Either certified scrum master and or product owner
  • Certified PMI Professional Business Analysis (PMI-PBA) or Certified Business Analysis Professional (CBAP) or equivalent
 
Preferred Skills & Experience:
  • Able to demonstrate ability to undertake the above responsibilities
  • Upstanding of project management in both Agile and DevOps
  • Strong facilitation skills
  • Proven technical writing skills
  • Outstanding communication, interpersonal and team working skills
  • Excellent organizational skills
  • Experience of user acceptance testing of security controls
  • Commitment to ongoing personal development and willingness to learn new skills
  • Resilient and able to cope with conflicting demands
  • Excellent Time Management
  • Able to demonstrate initiative and a proactive approach
  • Methodical, accurate and consistent attention to detail
  • Flexible attitude
  • Able to manage sensitive and sometimes confidential information
  • Able to build good relationships at all levels, internally and externally
 
Edwin Joseph
Ph: 732-961-5648 (call and text) 
1001 Durham Avenue, Suite 201
South Plainfield, NJ 07080

Email: pedwin@eteaminc.com || Web: www.eteaminc.com

Sr. Security Solutions Architect

Job Title: Sr. Security Solutions Architect
Location: Mountain View, CA 
Duration: 6 Months
 
Job Description:
  • The Senior Security Architect in GSO will assume responsibility for providing expert security guidance in shaping solution architecture ensuring seamless development, implementation and operationalization of Client Initiatives.
  • Reporting into the Chief Security Architect, the GSO security Architecture team hold ultimate responsibility for shaping enterprise security architecture and directing out IT counterparts to build intrinsically secure solutions.
 
Key Responsibilities:
  • Be part of transformative security change
  • Serve as the point of contact for the GSO Security Architecture team at Client location.
  • Responsible for working in all aspects of maintaining and managing day to day security architecture tasks.
  • Working with lines of business to research technical challenges that have potential impacts on the business and its products.
  • Manage internal and external security assessments of Client software and hardware
  • Establish credibility as a trusted advisor to stakeholders including customers, executives, peers, and employees.
  • Understand Client’s engineering culture and be a change agent for Security.
  • Maintain strong knowledge of ongoing security threats, remediation and operational best practices.
  • Provide guidance on work product and acting as an influencer representing GSO office
  • Provide security input for business procedures, and new projects.
  • Evaluate security controls to ensure effectiveness, including managing the security control remediation efforts.
  • Participate in internal security assessments.
  • Stay current on security industry trends, attack techniques, mitigation techniques, and security technologies by attending conferences, networking with peers, and other educational opportunities.
  • Champion ‘new ways of working’ aligning to GSO’s Security Transformation agenda
  • Author Enterprise Security Architecture artifacts to enable business to build inherently secure solutions.
  • Have extensive experience (10 years +) in multiple disciplines across the security domain
  • Possess experience working with senior leadership who have excellent communication skills
  • Experience managing the implementation or enhancement of security controls across a diverse business.
  • Strong problem-solving skills, including the ability to develop innovative risk mitigation solutions that address core issues.
  • Well-versed in enterprise risk assessment methodologies.
  • Exceptional understanding of security vulnerabilities and common software engineering flaws.
  • Exceptional document authoring experience
  • Sound experience in Executive level stakeholder management
  • Sound experience working across multiple initiatives Experience in participation with security control assessments or audits.
  • Experience in a highly regulated industry requiring protection of sensitive information.
  • Cloud Security knowledge and experience is a plus.
  • Ability to work independently and in ambiguous situation.
  • Deadline driven and detail-oriented.

Edwin Joseph
e-Team Inc 
Ph: 732-961-5648 (call and text) 
1001 Durham Avenue, Suite 201
South Plainfield, NJ 07080

Email: pedwin@eteaminc.com || Web: www.eteaminc.com

Project Manager

Project Manager
18-12809
Metropolitan Water District, State of CA
700 North Alameda Street Los Angeles, CA 90012

Onsite Contract job

Background:
Metropolitan is in the process of improving the organizations cybersecurity posture through a series of technological and service improvements and implementations in order to keep pace with constantly evolving cyber-threats.

Overview:
Metropolitan will engage a consultant to function as both a business and technical analysts to conduct the following tasks:
  1. Develop an initial analysis of the capital and operations expenditures and develop two spending plans based on the cybersecurity upgrade phase 2 requirements
  2. Conduct analysis of cybersecurity technologies that meet the cybersecurity upgrade phase 2 project requirements and determine feasibility for implementation of these technologies into the complex Metropolitan working environment.
  3. Coordinate with Project Management team to develop RFQs where required to analyze products that fill similar capabilities
  4. Develop the specific language for the December Board Letter for appropriation of Cybersecurity Upgrade Phase 2 funding.
  5. Conduct business and operational analysis of the feasibility of Metropolitan implementing SOC services versus engaging third party vendor for 24x7x365 cybersecurity threat monitoring and analysis services.
Qualifications:
Candidate must have the following knowledge, skills and abilities:
  1. Understanding of public sector procurement practices.
  2. Experienced with vendor management and public sector procurement vehicles
  3. Knowledge of cybersecurity principles such as defense-in-depth, identity and access management, and risk assessment
  4. Knowledge of cybersecurity specific technologies such as SIEM, GRC, IDS/IPS, ATP, Next Generation Firewalls, and 2FA/MFA
  5. Knowledge of Security Operations Center Management and integration with network operations services.

Yachna Narang
E TalentNetwork
http://etalentnetwork.com
8251 Greensboro Drive, Suite 250
Mclean, VA
yachnan@etalentnetwork.com
(877) 733-3555 Ext.396

Wednesday, September 26, 2018

Senior Security Analyst

Title:  Senior Security Analyst
Type: 3+ month contract
Location: San Jose, CA
Rate: DOE
Start: ASAP

Day to Day:
  • Drive Corporate Security Program based on the NIST CSF – Identify, Detect, Protect,Respond and Recover.
  •  Identify and Monitor the Corporate Networks to determine if there have been any attacks. 
  • Analyze network traffic to identify anomalies and test information security controls for weaknesses.
  • Design and implement safeguards to protect the system with the help of network engineers and other members of the Technology Services team.
  •  Respond to threats by taking mitigating actions to contain the activity and minimize damage
  • Participate in risk assessments and breach readiness exercises for incident management.
  • Facilitate forensics analysis to determine the source of the threat. Document lessons learned as well as identify process improvements.
  • Communicate security issues to management via reports, dashboards. Provide weekly metrics on overall security posture.
  • Research emerging threats and work with the Security Operations Center (SOC).
  • Drive the Vendor Security Program including annual self-assessments.
  • Participate in the security toll-gates on SSDLC projects.

Must Haves:
  • Knowledge of software development, computer networks and Internet threat activity.
  • Knowledge of Security Incident and Event Management (SIEM) tools (Splunk, Qualys).
  • Previous enterprise or platform/cloud vulnerability management experience.
  • Previous experience leading an information security program in large, national or international enterprise a plus.
  • Excellent written and verbal communication skills, including experience engaging with executive and technical audiences.
  • Must be able to work in a fast paced, high profile environment.
Nice to haves: 
  • Industry Certifications – Network Security or Certified Information System Security Professional (CISSP) with professional experience in Network Security.

Amanda Ricci 
Phone: (415) 800-1694    Email: Amanda.Ricci@mondo.com    Website: mondo.com
Address: 250 Montgomery St Suite 610 San Francisco CA 94104 

Security Controls Assessor

IT - Cyber Security Controls Assessor - Expert - 18-02358
 
  • LocationSan Francisco, CA
  • Position TypeContract
Our client in San Francisco, CA is looking for a Cyber Security Controls Expert to join their team.

Responsibilities:

  • Leads technology assessments to understand capabilities of required systems or networks
  • Identifies and recommends cyber strategies for technology development based on stakeholder requirements
  • Drives security reviews, identifies gaps in security architecture and designs and recommends necessary security controls to be integrated within the development lifecycle
  • Develops and recommends security controls, identifies key security objectives to maximize software and system security while minimizing disruption to plans and schedules
  • Leads translation of security controls into technical specifications and guidance to stakeholders to ensure common understanding across the stakeholders and enable adequate implementation
  • Actively recommends engineering solutions in collaboration with Cybersecurity Architects and product owners to remediate inherent cyber security risks Provides peer review and support for organizational deliverables 
Qualifications:
  • B.S. degree in Computer Science, Information Systems or other related field, or equivalent year work experience
  • Minimum of 6 years of experience in IT, critical infrastructure, intelligence, and/or cybersecurity information security
  • Ability to travel up to 10%
  • Major security industry standard certification (i.e. CISSP, CISA, CISM, CRISC, etc.)
  • Demonstrated experience with risk management frameworks, security controls, and regulatory compliance (i.e. NIST, COBIT, SOX, HIPAA, ISO etc.)
  • Prior consulting experience working with project based efforts and project teams
Nice to Have:
  • Master’s Degree in Computer Science or job-related discipline or equivalent experience
  • Understanding of computer networking concepts and protocols, and network security methodologies
  • Demonstrated problem analysis and decision-making skills
  • Ability to communicate and convey complex IT/OT technical security related concepts to business and technology teams
  • Ability to influence and work with and across all levels within the business Excellent written and verbal communication skills required

Taylor Peraner, Technical Recruiter
Global Technical Talent, Inc. - All current GTT Openings!

233 Vaughan Street, Suite 102
Join me on Linkedin
Ph:  603.610.6233 / Fax:  800.775.3135

tperaner@gttit.com / www.gttit.com

Firewall Expert

Information Security- Firewall Expert
Atlanta, GA || Long Island, NY

FTE

RESPONSIBILITY

MAJOR TASKS, RESPONSIBILITES AND KEY ACCOUNTABILITIES
10% – Planning & Analysis
  • Uses critical thinking to approach problems and create solutions
    Collaborates with senior leaders on assignments 

80% – Delivery & Support
  • Strong command line skills on the Juniper firewall SRX 3400,3600,1400,5800. Palo alto 7050s.
  • Strong routing /switching skills.
  • Proactively creates and maintains tools for monitoring and support
    and reporting across multiple efforts
  • Configuration, debugging, and support for infrastructure
  • Drives the stand up of necessary system software, hardware, and equipment (physical or virtual) to meet changing infrastructure need.
  • Collaborates with product and project teams to understand needs and enable them with infrastructure
  • Leverages tooling and custom applications to monitor the operational status of applications, infrastructure, networks, databases, and security; optimizes and tunes performance as appropriate
  • Drives root cause analysis, debugging, support, and post-mortem analysis for security incidents and service interruptions
  • Maintains, upgrades, and supports existing systems and infrastructure to ensure operational stability
  • Opens and manages vendor problem tickets to resolution
  • Drives the production of in-house documentation around solutions
  • Provides application support for software running in production
  • Creates scripts and tools that drive automation and enable product teams and end users to move towards self service.
10% - Learning:
  • Keeps abreast of innovations and industry trends as well as changes to internal systems and determines how they impacts tools, training, and support necessary to keep systems up, running, and secure.
  • Participates in and contributes to learning activities around modern systems engineering core practices (communities of practice).
  • Proactively views articles, tutorials, and videos to learn about new technologies and best practices being used within other technology organizations.
 
Ashwani S Goyal
eTeam Inc
(732) 983-5625
1001 Durham Avenue Suite 201
South Plainfield, NJ, 07080

Monday, September 24, 2018

Security Risk Analyst

Title: IT - Cyber Security Technology Business Risk Advisor/Analyst - Expert
Req : 10434
Duration: 12 months
Location: San Francisco, CA
 
Qualifications:
• Technical capabilities
• Ability to work in an agile environment
• Understanding of best practices in cybersecurity
 
Minimum:
• B.S. degree in Computer Science, Information Systems or other related field, or equivalent year work experience
• Minimum of 6 years of experience in IT, critical infrastructure, intelligence, and/or cybersecurity information security
•Ability to travel up to 10% to meet the needs of the business
 
Desired:
•Master's Degree in Computer Science or job-related discipline or equivalent experience
•Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent
• Knowledge of Cybersecurity best practices and standards (e.g. NIST, ISO, etc.)
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or equivalent
• Understanding of computer networking concepts and protocols, and network security methodologies
•Demonstrated problem analysis and decision-making skills
• Ability to communicate and convey complex technical security-related concepts to business and technology teams
• Ability to influence and work with and across all levels within the business
• Excellent written and verbal communication skills required .
 
Responsibilities:
For this particular position, technical design and architecture skills take priority over governance and assessment skills. You will collaborate with other Cybersecurity groups, Information Technology partners, and business experts to identify threats to CLIENT's key cyber-assets. You will then create innovative strategies to better protect those assets, deploy technologies and processes to put those strategies into action, and evaluate the technologies and processes to demonstrate that improvements have been made. In this role, you will also engage with project teams to support the delivery of business and operational technologies in the core lines of business at CLIENT, getting a front-row view into a real-life version of the Internet of Things. You will also contribute to a rapidly growing team, with extensive leadership support, to strategically manage risk and proactively adapt to evolving threats and business needs. Risk assessment, project development, and technology deployment skills are all important. You will also be able to grow design and architectural expertise through working with our affiliated architecture group to design, develop, and implement technical solutions to meet the challenges presented by adversaries seeking to attack CLIENT's systems and compromise CLIENT's data. Specific responsibilities include: • • Leads technology assessments to understand capabilities of required systems or networks. • Identifies and recommends cyber strategies for technology development based on stakeholder requirements. • Drives security reviews, identifies gaps in security architecture and designs and recommends necessary security controls to be integrated within the development lifecycle. • Develops and recommends security controls, identifies key security objectives to maximize software and system security while minimizing disruption to plans and schedules. • Leads translation of security controls into technical specifications and guidance to stakeholders to ensure common understanding across the stakeholders and enable adequate implementation. • Actively recommends engineering solutions in collaboration with Cybersecurity Architects and product owners to remediate inherent cyber security risks. • Provides peer review and support for organizational deliverables.
 

Harshith D P

Senior Technical Recruiter – Staffing  
Intelliswift Software Inc.
39600, Balentine Dr, Suite 200, Newark CA 94560
Email : Harshith.p@intelliswift.com  Work : 510-964-3611

Website:-www.intelliswift.com

Security Engineer

Security Engineer
Research Triangle Park , NC and San Jose, CA
Long Term


Technical Expertise:
Network/Infrastructure Security technologies (Firewall, access control, intrusion detection, intrusion prevention, administrative access control).
Data governance solutions for data in development, test, staging and production environments. Demonstrated experience with Secure SDLC.
Strong Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data protection.
Technical knowledge of access control mechanisms, federated authentication schemes, encryption, digital certificates and trust-based authentication
Proven experience implementing and leading information risk management programs with regard to legislation, regulation and guidance including SOX, HIPAA, GLB, PCI.
Identity and access management solutions.
Industry-specific certifications, including one or more of the following: CCIE (Security), CISSP, CISA, CISM, GCIH, ISSAP, ISSMP, CCSP, or GCFA.

Non-Technical Requirements:
Track record of thought-leadership in the area of information risk management such as participation in industry forums, publication and contribution to legislative and regulatory process of value.
Proven ability to communicate threat and risk profiles to executives and individual contributors and facilitate progress towards required improvements
Full commitment to customer satisfaction and the highest ethical standards
Core expertise to include design concepts, architectural mindset, IT analysis/analytical thinking, innovation management, enterprise perspective and process knowledge.
Analyzes opportunities with a broad, strategic view; integrates business and technology requirements to achieve cross-domain solutions that work across the enterprise; applies methodologies that are appropriate for multiple users / technology platforms.
Identifies, invents, incorporates, and advances innovations in Cisco products, services, solutions, technology, and processes.
Client-facing skills to include cross-functional influence, external and internal consulting/partnering.
High-level, out-of-the-box thinking, analytical reasoning, and creative problem solving skills.
Ability to shift from high-level thinking to realistic and pragmatic execution is essential.

Experience/Skills:
Typically requires a Masters degree (MA/MS) (BS/BA with additional experience will be considered).
Strong internal consulting skills are a requirement for this position as this position will work with internal customers in driving their architecture needs and will routinely deliver presentations to stakeholders.


Andy Davis
E TalentNetwork
http://etalentnetwork.com
8251 Greensboro Drive Suite 250
McLeanVA
andyd@etalentnetwork.com
(877) 733-3555 Ext.726

IT Security Generalist

Client Name: Dell/EMC
Title: IT Security Generalist
Location: Palo Alto, CA
Duration: 6 months contract

The team is looking for a Security Analyst. A typical day would involve working with the Information Security Senior Manager on achieving Governance, Risk and Compliance goals.

Required Skills / Experiences 
Collaborate with sales and business teams to respond to customer RFP’s and security questionnaire
Perform security reviews on third-party vendors
Ability to document business processes through flowcharts and diagrams
Security Generalist with a basic understanding of information security concepts and practices
Working knowledge of Google Apps (sheets, docs, drive etc) and Microsoft Office (Excel, Word, PowerPoint etc) on a Mac

Desired Skills / Experiences 
Possess strong verbal and written communication skills
Ability to work and build strong relationships with different stakeholders across the company
Ability to drive assigned security project tasks to a closure
Quick learner while enjoying the challenge of analyzing and solving difficult problems
Be able to multitask and prioritize among competing demands

Paul Walker
Sr. Technical Recruiter
714-333-1364
pwalker@millennium-consulting.com
http://www.millennium-consulting.com

Friday, September 21, 2018

Web Application Security Test Engineer

Title:                       Web Application Security Test Engineer
Work Location:     Pleasanton, CA
 
Job Description:
 
Scope of Work (SOW) - Web Application Security Test Engineer
  
  
  • The scope of duties for the Web Application Security Test Engineer include, but is not limited to, the following:
  • Acquire complete understanding of SCIF's technology and information systems.
  • Capture and define the security test requirements.
  • Plan, research, and design robust security architecture test strategy for any IT project.
  • Perform vulnerability testing, risk analysis, and security assessments.
  • Research security standards, security systems and authentication protocols with SCIF.
  • Apply testing methodologies and tools to complex applications for finding weaknesses and security vulnerabilities early in the SDLC process.
  • Understanding of Application security principles, risks, attacks, OWASP security guidelines and best practices to perform SAST - Static Application Security Testing, DAST - Dynamic Application Security Testing and IAST - Interactive Application Security Testing.
  • Develop test requirements for Web Applications Security Testing for all releases using automated tools and manual testing.
  • Design test plans for DAST, OWASP Top 10 Most Critical Web Application Security Risks, public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures.
  • Proficiency in Applications Security testing tools like Acunetix Web Vulnerability Scanner / Burp Suite / Fortify WebInspect, Nessus, Nmap and other open source tools.
  • Define, implement and maintain Corporate or Enterprise security policies and procedures
  • Oversee security awareness programs and educational efforts
  • Respond immediately to security-related incidents and provide a thorough post-event analysis.
  • Define all entry points to the system, such as: files, sockets, hypertext transfer protocol (HTTP) requests, named pipes, pluggable activities, protocol handlers, malicious server responses and so on.
Analyze potential threats and risk analysis based on the entry points defined. Example of threats and the methods to analyze them. 

Technical and Demonstrable Skills

The Consultant resource(s) shall possess most of the following skills:
  • At least 5 years' experience doing web application security testing.
  • Exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
  • Ability to flow from black box to gray box to white box tests dependent on client needs.
  • Ability to test a variety of client form factors and technologies based on scopes of work
  • Ability to solve complex technical problems and articulate to non-IT personnel.
  • Ability to effectively provide technical risk assessment of technologies in networks, applications, wireless, social engineering, code reviews and war dialing.
  • Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source tools.
  • Perform, review and analyze security vulnerability data to identify applicability and false positives.
  • Research and develop testing tools, techniques, and process improvements.
  • Create risk based security code reviews (static & dynamic).
  • Conduct penetration testing in line with Open Web application Security project
  • Mentor junior engineers to build their skills and contribution levels
  • Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
  • Support company through the testing and evaluation of new technologies and security controls.
  • Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments.
  • May require the performance of other essential functions depending upon work location or assignment.
  • Experience with dev ops and SIEM tools (ie. Chef, Splunk and Vagrant)
  • Experience with scripting languages (e.g. python, PERL, SQL) a plus
  • Ability to perform below tasks:
    • Dynamic Application Security Testing (DAST)
    • Static Application Security Testing (SAST)
    • Interactive Application Security Testing (IAST)
    • Web Application Penetration Testing
    • Product Security Testing
    • Cloud Application Security Testing
    • Web Services Security Testing
    • Security Code Review
    • Network Security Assessment
  • Security Testing Tools: IBM Appscan, Burp Suite, Tamper Data, Live http Headers, Client Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus

Knowledge
The Consultant resource(s) shall be knowledgeable in most of the following areas:
  • Knowledge and understanding of basic information security principles (eg. OWASP Top Ten)
  • Knowledge of security best practice guidelines (ISO 17799, NIST, etc.)
  • Relevant professional experience including working knowledge of the Penetration Testing.
    • OSI Layers and application protocols
    • TCP/IP networking including IP classes, subnets, multicast, NAT
    • WINS, DNS, and DHCP, Network troubleshooting
    • Microsoft OS and Server technologies
    • Remote access methods
    • Backup and disaster recovery methodologies
    • Patch management technologies and processes
    • Wireless protocols and services
    • Network analysis tools
    • Familiarity with UNIX a plus
  • Application Security and IS certifications is preferred
    • GIAC Certified Web Application Defender (GWEB)
    • Offensive Security Web Expert (OSWE)
    • CISSP, CISM, CISA, CEH, CEPT, GIAC, OSCP
  • Preferred Certifications: 
    * GIAC Certified Web Application Defender (GWEB) 
    * Offensive Security Web Expert (OSWE)

Himesh Gond
Lancesoft Inc
13454 Sunrise Valley Drive, Suite 120, Herndon, VA 20171
Direct:(703) 889-6535 | Fax:(703) 935-0339
HimeshG@LanceSoft.com | www.LanceSoft.com