Pay rate:$ DOE
Contract W2, 6 months
Location: San Mateo, CA
You are in search of a career in the information security field, with broad interests ranging from application security to compliance. As a self-sufficient and high motivated individual, you are comfortable working with minimal direction. You have a solid understanding of information security, yet understand that some risks must be taken in order to advance the business. While process-oriented, you are tolerant of change and volatility. Finally, you enjoy a challenge and your interpersonal skills are exceptional.
About the Position
The information security team is responsible for ensuring security policy compliance for various business units spanning the Americas. We are seeking an individual contributor-level team member to support our efforts around vulnerability management as well as governance and compliance. This requires one to function in a governance-oriented capacity, providing guidance in the areas of desktop, server, and network security while depending on other information technology teams to actually implementation these best practices. However, select aspects of the job are very hands-on; specifically in the areas of vulnerability management and threat validation. The position is quite diverse in that the breadth of coverage spans practically all domains of information security.
- Oversee the setup and general administration of vulnerability scanning activities.
- Periodic review of desktop, server, and network security to ensure adherence to security policy.
- Supervise outsourced penetration testing efforts around all new web development projects.
- Continuously monitor consolidated Syslog and NetFlow events within SIEM system.
- Work in concert with other teams to eradicate desktop, server, and network-level threats.
- Collect and compile metrics around inventory, vulnerabilities, and other security measurements.
- Comprehend technical issues, and then articulate them in a high-level and risk-oriented fashion.
- Maintain data loss prevention (DLP) system and associated signatures.
- Provide expert advice around common technology practices such as cloud computing and BYOD.
- Hands-on experience with vulnerability scanning tools; preferably in larger environments
- Familiarity with ISO27000 series security standards
- In-depth understanding of Microsoft Windows and Active Directory technologies
- Comfortable navigating the Linux operating system
- Detailed understanding of core Internet applications, including SMTP, DNS, DHCP, et al.
- Knowledgeable in web application security with emphasis in OWASP Top 10 vulnerabilities
- Well-versed in network engineering topics such as the OSI model, routing, and switching
- Considerable past experience with enterprise-class firewalls
- Basic understanding of various cryptographic methods and associated key management types
- Rudimentary grasp of project management and SDLC concepts
- Ability and willingness to familiarize oneself with general business functions
- Any experience in software development is a significant plus
- Bachelor’s degree in technology-related discipline or equivalent experience
- Tenure of at least five years within a dedicated information technology capacity
- Desirable certifications include:
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- Certificate of Cloud Security Knowledge (CCSK)
- Microsoft Certified Solutions Expert (MCSE)