Title/Role: Information Security Officer
Location: Santa Clara,, CA 95050
Duration: 12+ months contract to Hire.
· Work with one of Client’s prized clients in the heart of Silicon Valley by ensuring security for critical infrastructure.
· We are looking for a talented hands-on security professional that has deep technical knowledge also likes contributing to the strategic direction.
· In this role you will get to work with the full array of security solutions as well as support the security provisions throughout the environment’s infrastructure – networks, servers, desktops and applications.
· You will also contribute toward strategic planning based on risk assessments and analysis.
· Bachelor degree or higher in CS, CIS, MIS or equivalent
· Security Certification(s), such as CISSP, CISM, CGEIT, GSEC, CEH, MCSE: Security, and CCNP-Security certification
· 5-10 years hands-on security administration or engineering experience
· Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information..
· Client engagement soft skills are required
· The ability to present and explain security and risk information for business executives to understand
· The ability to lead people of various levels and technical expertise
· The ability to prioritize and persuade in order to move the security program forward amongst competing initiatives
· Experienced with security solutions (e.g. firewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC)
· Strong understanding of NIST 800-53 & CSF, risk assessment and incident response standards
· Strong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL, and Linux
· Strong understanding of protocols, such as IPsec, ESP, GRE, SSL/TLS, 802.1x, RADIUS/TACACS, HSRP, GSLB and WCCP
· Ability to perform and analyze packet captures
· Ability to analyze suspicious emails, URLs, and files to ascertain if they are malicious
· Knowledge of hacking techniques, vulnerability disclosures, and security analysis techniques
· Knowledge of malware families, botnets, threats by sector, attack campaigns and attack methods
· Scripting language such as PowerShell or PERL
· Familiarity with incident tracking, change management and project tracking systems like ServiceNow and Jira.
· Ownership of day to day security events, perform incident response using NIST SP 800-61 standards, and determine root causes
· Create and lead security initiatives that reduce risk as well as automate detection and protection mechanisms
· Identify needs and implement comprehensive security controls using multi-layered security and defense in depth
· Collaborate with all operations teams to ensure security controls and configurations are implemented and incorporated in their ongoing operations
· Server security through vulnerability management, system patching and secure configuration
· Network security through segmentation and firewall zoning and ACL policies, as well as secure configurations in firewalls, routers, switches, VPNs and load balancers
· Endpoint security management to prevent malware and insider threats
· Email security through Spam filtering and use of SPF & DMARC
· Application security based on OWASP Top 10
· Monitor SIEM, IPS, event logs and reports for indicators of attack and indicators of compromise
· Proactive client involvement in solving client challenges and business opportunities
· Contribute quarterly security advisories for the Security Awareness Program
· Keep security plans and documentation updated, such as the disaster recovery plans and security policies
· Continuously mature the GRC program
· Governance: Collaborate with client stakeholders and steering committees to ensure plans and identified solutions meet business needs and expectations.
· Risk: Working with stakeholders to perform risk management and ongoing assessments, and then selecting mitigating and corrective controls based on Pareto analysis
· Risk: Reviewing SOWs and RFP responses to assess risks
· Risk: Collect, analyze, and validate open source intelligence
· Ensure regulatory compliance with PCI-DSS, CJIS, and California Consumer Privacy Act of 2018 (AB-375)
· Communicate with Client team on a regular basis to provide timely and informative reports and related analysis and recommendations to maintain and improve service delivery
· Provide up-to-date information to clients in response to specific inquiries and meet all commitments ahead of due dates
· Monthly presentations to executives on current state of risks, status of security controls, and remediation timelines
· Monthly reports on security operations that provide current states of security controls
Arvind. C | Recruiter
Sunrise Systems Inc.
Sunrise Systems Inc.
Transforming Business. Enhancing Careers
105 Fieldcrest Ave Suite# 504, Edison, NJ 08837 USA
Desk: (732) 313 – 0249 | Fax: (732) - 692 - 8944