Thursday, October 4, 2018

Information Security Officer

Title/Role: Information Security Officer
Location: Santa Clara,, CA 95050
Duration:  12+ months contract to Hire.

Job Description:
·         Work with one of Client’s prized clients in the heart of Silicon Valley by ensuring security for critical infrastructure.
·         We are looking for a talented hands-on security professional that has deep technical knowledge also likes contributing to the strategic direction.
·         In this role you will get to work with the full array of security solutions as well as support the security provisions throughout the environment’s infrastructure – networks, servers, desktops and applications.
·         You will also contribute toward strategic planning based on risk assessments and analysis.
·         Bachelor degree or higher in CS, CIS, MIS or equivalent
·         Security Certification(s), such as CISSP, CISM, CGEIT, GSEC, CEH, MCSE: Security, and CCNP-Security certification
·         5-10 years hands-on security administration or engineering experience
·         Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information..
·         Client engagement soft skills are required
·         The ability to present and explain security and risk information for business executives to understand
·         The ability to lead people of various levels and technical expertise
·         The ability to prioritize and persuade in order to move the security program forward amongst competing initiatives
·         Experienced with security solutions (e.g. firewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC)
·         Strong understanding of NIST 800-53 & CSF, risk assessment and incident response standards
·         Strong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL, and Linux
·         Strong understanding of protocols, such as IPsec, ESP, GRE, SSL/TLS, 802.1x, RADIUS/TACACS, HSRP, GSLB and WCCP
·         Ability to perform and analyze packet captures
·         Ability to analyze suspicious emails, URLs, and files to ascertain if they are malicious
·         Knowledge of hacking techniques, vulnerability disclosures, and security analysis techniques
·         Knowledge of malware families, botnets, threats by sector, attack campaigns and attack methods
·         Scripting language such as PowerShell or PERL
·         Familiarity with incident tracking, change management and project tracking systems like ServiceNow and Jira.
·         Ownership of day to day security events, perform incident response using NIST SP 800-61 standards, and determine root causes
·         Create and lead security initiatives that reduce risk as well as automate detection and protection mechanisms
·         Identify needs and implement comprehensive security controls using multi-layered security and defense in depth
·         Collaborate with all operations teams to ensure security controls and configurations are implemented and incorporated in their ongoing operations
·         Server security through vulnerability management, system patching and secure configuration
·         Network security through segmentation and firewall zoning and ACL policies, as well as secure configurations in firewalls, routers, switches, VPNs and load balancers
·         Endpoint security management to prevent malware and insider threats
·         Email security through Spam filtering and use of SPF & DMARC
·         Application security based on OWASP Top 10
·         Monitor SIEM, IPS, event logs and reports for indicators of attack and indicators of compromise
·         Proactive client involvement in solving client challenges and business opportunities
·         Contribute quarterly security advisories for the Security Awareness Program
·         Keep security plans and documentation updated, such as the disaster recovery plans and security policies
·         Continuously mature the GRC program
·         Governance: Collaborate with client stakeholders and steering committees to ensure plans and identified solutions meet business needs and expectations.
·         Risk: Working with stakeholders to perform risk management and ongoing assessments, and then selecting mitigating and corrective controls based on Pareto analysis
·         Risk: Reviewing SOWs and RFP responses to assess risks
·         Risk: Collect, analyze, and validate open source intelligence
·         Ensure regulatory compliance with PCI-DSS, CJIS, and California Consumer Privacy Act of 2018 (AB-375)
·         Communicate with Client team on a regular basis to provide timely and informative reports and related analysis and recommendations to maintain and improve service delivery
·         Provide up-to-date information to clients in response to specific inquiries and meet all commitments ahead of due dates
·         Monthly presentations to executives on current state of risks, status of security controls, and remediation timelines
·         Monthly reports on security operations that provide current states of security controls

Arvind. C | Recruiter
Sunrise Systems Inc.
Transforming Business. Enhancing Careers
105 Fieldcrest Ave Suite# 504, Edison, NJ 08837 USA
Desk: (732) 313 – 0249 | Fax: (732) - 692 - 8944