Connectors Club member Sam Chin is currently looking for 5 cybersecurity/compliance analysts for two of his clients, which are both large Fortune 500 companies. Ideally, applicants will have at least 3 years of experience. Analytics will be working at the client’s offices. If interested in any of these roles, please submit to Jacques Ngue by email: firstname.lastname@example.org
Click more to see the open roles!
1) Information Security Compliance Analyst – San Francisco, CA
We are looking for a seasoned engineer who believes that security is essential while also believing that supporting business goals is critical. Leads the development of PCI Governance program and demonstrates competency in complex IT Security concepts and their application in achieving PCI compliance requirements. At the same time, an individual who is flexible taking on additional security responsibilities in between delivering PCI milestones.
- Develop, document and implement new data protection policies, standards and processes to align with a desired security compliance framework
- Develop, document and implement internal controls testing and evidence documentation
- Assist with audits and contribute to the enhancement of the audit program and processes
- Support the vendor security risk management function and assessment of current and potential vendors for security risks
- Develop and perform periodic monitoring over various compliance processes throughout the company
- Other responsibilities as identified and assigned
- Advance knowledge of PCI DSS v3.2 compliance requirements and their implementation
- Managing the development and use of techniques, procedures, and utilities for assessing risks to the company’s sensitive information systems
- Conducts vulnerability assessments, penetration testing, malware analysis, and reverse engineering
- Bachelor’s in Information Security, Computer Science, Engineering or similar desired, with 4+ years of professional experience working to secure consumer websites, mobile applications, or large corporate infrastructure a must
- Demonstrated ability to manage complex security environments with multi-site WAN, LAN and WLAN infrastructure
- Experience identifying Information Protection needs and defining System Security Requirements; designing System Security Architecture; developing detailed Security Designs–all while understanding business impact.
- Prior technical and operational Networking experience with FWs, VPNs, load balancers, IDS, web applications, application proxies, SSL
- Knowledge of vulnerabilities in Linux, Mac OS, and Windows operating systems, databases, and networks, about hardening, configuration, deployment, and administration
- Knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers
- Knowledge and experience working with PCI DSS requirements mandatory–and with security standards and frameworks like ISO 27001 or SSAE16 is desirable
- Experience managing Vulnerability Scanning and Network Penetration testing programs
- Active member of IT Security user groups with security certification (CISSP, CEH, GWAPT, GPEN, OSCP, etc.) will be an added advantage
- Demonstrated experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resulting security risk analysis.
- Strong experience with a broad range of security technologies, including next-generation firewalls, DLP, FIM, CASBY, NAC, IDS/ IPS, IdAM, SIEM, Endpoint Protection, Anti-malware
- Effective communication skills, both written and verbal
- Highly self-motivated with the ability to tackle challenges without supervision
- Exceptional organizational skills; detail-oriented
- Strong time management skills; ability to juggle priorities; nimble
- Personable and flexible with demands and changes in the extremely fast-moving business environment; ability to quickly and seamlessly switch between strategic and tactical/execution tasks.
- Knowledge and understanding of application or software security such as web application penetration testing, secure code review, secure static code analysis
- Knowledge of Palo Alto Networks, Fortinet or similar network security platforms
- Experience with security in cloud provider ecosystems, including Amazon AWS, Microsoft Azure, and OpenStack.
2) Information Security Analyst L2 – San Francisco, CA
The L2 Analyst (Security Operation Center), Cyber Security Response Operations needs to be well organized, reliable, a strong communicator, detail oriented, demonstrate good judgment, be confident working in a team or independently, and comfortable in the handling of confidential information. The role involves regular interaction with various groups and leadership within the organization to accomplish job responsibilities.
- Responsible for working in a 24×7 Security Operation Center (SOC) environment
- Provide analysis and trending of security log data from a large number of heterogeneous security devices.
- Provide Incident Response (IR) support when analysis confirms the actionable incident.
- Experience managing and working with MSSP and SIEM technology. Directing MSSP to build SOC platform to alerts and detects threats that are relevant.
- Ability to interpret Windows, Linux, Firewall, VPN, SSO, and other security log files.
- Provide threat and vulnerability analysis as well as security advisory services.
- Analyze and respond to previously undisclosed software and hardware vulnerabilities
- Investigate, document, and report on information security issues and emerging trends.
- Integrate and share information with other analysts and other teams.
- Other tasks and responsibilities as assigned.
- Bachelor’s degree in a related field.
- 3+ years’ experience as a Security/Network Administrator or equivalent knowledge.
- Knowledge of various security methodologies and processes, and technical security solutions (firewall and intrusion detection systems).
- Knowledge of TCP/IP Protocols, network analysis, and network/security applications.
- Knowledge of common Internet protocols and applications.
- GCIA, GCIH, or other related certifications (preferred)
- Drive innovation by analyzing and interpreting data to test and inform a new initiative or approach.
- Accountable for the successful completion of multiple, individual projects simultaneously.
- Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences.
- Manage change and demonstrate adaptability by embracing change and adjusting priorities or processes and approach as needs dictate.
- Take responsibility for successes and failures related to individual and team-based project work assignments; actively presents suggestions for solution(s), if objectives not met.
3) Sr. Cloud Security Engineer – Boston, MA
- Design, integrate, and test tools for security and regulatory compliance management of multitenant private and public cloud application services
Establish a comprehensive security program to manage threats
- Recommend configuration changes to improve the performance, usability, and value of cyber analysis tools
- Understanding of pillars of security and educate the organization on pillars of security
- Assist with product studies, perform requirements analysis, and develop security software architectures to meet requirements
- Create technical proposals and white papers, write functional and design specifications
- Measure compliance against standards
- Assess the overall cloud security posture. Redesign or evolve the posture as necessary to meet the needs of security
- Provide technical expertise relevant to the development, implementation, and updates to cloud security policies, procedures, guidelines to ensure company compliance
- Determine security requirements by evaluating business strategies, risk assessment, architecture platform, and integration issues
- Implement security and disaster recovery measures and drive automation in the cloud architecture to effectively manage security within multi-tenant space
- Implement security analytics, reporting, and metrics program and to support security incidents and analysis with technical expertise
- Maintain and improve processes, tools, and documentation to support production security requirements in the best manner possible
- Perform periodic technical reviews of Cloud Infrastructure
- 5-7 years’ experience in a hands-on security engineering role. The majority of this should have been within a Cloud or IT security team, with a focus on standards and regulatory compliance
- Requires a specific understanding of applications and operating systems hardening, penetration testing/vulnerability assessments, security audits, IPS, firewalls, routers, threat management, F5, SIEM, disaster recovery testing, privilege user management, and wireless security.
- Must be experienced with design, deploy and configure network and enterprise security solutions
Special Skills & Knowledge
- Knowledge in information security or IT risk management
- Knowledge of global and domestic regulations and standards
- Experience with security management of cloud-based services(SaaS) in a fast-paced Agile environment.
- Experience architecting, deploying and managing a suite of security management tools
- Hands-on experience with security management of virtual machines, containers, and applications.
- Excellent oral and written communication skills
- Strong knowledge of public key cryptography, web services SSO strategies, CVSS scoring
- Direct experience implementing AWS/cloud security services
Strategic • Assist in the planning of security roadmaps and lifecycle management
Operational • Security incident management
4) Cyber Security PM/Tech Lead – Boston, MA
Senior IT Project Manager-Technical Lead – Cyber Security Program
Senior IT Project Manager-Technical Lead who will be responsible for managing, planning and organizing all operational and development activities for large, new or complex IT audit projects including remediation efforts in addition to reporting of such activities to the PMO and various levels of management. The incumbent will provide project leadership in support of our security program initiatives across multiple work streams that include PCI compliance, information security operational improvements and remediation activities. The person will advise on payment card industry and information security best practices and compliance and will proactively advocate for the adoption of these practices organization-wide. The scope of services that may be managed encompasses three focus areas:
Active Directory Remediation Services
Network Security Remediation Services
Technical Validation of Results
This individual will work very closely with the Information Security team and interact with all levels of the organization across multiple technical and business functions. The person must be able to adapt, thrive, navigate, and succeed in a large, multi-dimensional environment, and not be hindered by ambiguity or competing priorities. Candidate must have security program management experience and a proven track record of successful vendor and stakeholder management.
- Coordinate, manage and report on project priorities, detailed task plans, and schedules;
- Facilitate the scheduling of interviews and workshops with key stakeholders;
Assist with obtaining data and documents required by vendor/s to carry out engagement;
- Coordinate results discussions;
- Notify stakeholders in writing of any project or performance issues;
- Assist in resolving project issues that may arise; and
- Assist in the escalation of issues upon notification of such situations by vendor/s
- Minimum of 10 years Project Management experience with five years in IT Security or related field
- BS/MS in Computer Science/Computer Engineering or related degree
- Knowledge of Basic application, operational and infrastructure security principles and guidelines
- Excellent written, verbal and presentation skills are required
- Strong analytical and organizational skills are essential and required
- Appropriate behavior when handling sensitive and confidential situations
- Proven experience in vendor management in a large, complex project.
- Proven experience in negotiating and organizing project deliverables and timing within a complex business environment to manage stakeholder’s expectations.
- Excellent customer relationship management, communication, and interpersonal skills.
- Ability to deliver Project Plan, Risk log, Issues log, Status Reports, Resource Plans, Project Team meetings, and other project related activities
- Ability to resolve conflicts between security and business objectives
- Ability to present/participate in executive meetings to discuss project status and drive decision making to deliver the project on time and budget
- IT security consulting/advisory experience a plus
- PMP and CSM Certification helpful but not required.
- Deep knowledge of external risk and control frameworks such as COBIT, ISO27001, NIST Cybersecurity Framework, PCI DSS, and IT related internal controls
- CISSP, CISA, CISM or comparable industry certification preferred
- Progressive experience with IT Audit, Information Technology, Finance or Accounting
- Knowledge of and prior experience with state and local government entities.
Demonstrated experience with various SDLC methodologies from Waterfall to Agile/Scrum.
If interested in any of these roles, please submit to Jacques Ngue by email: email@example.com and mention that you heard of the job posting from the Shapr Connectors Club Spotlight Board. Jacques and Sam are both Shapr users!