IT Security Jobs

Application Security Engineer

APPLICATION SECURITY ENGINEER *We are unable to sponsor as this is a permanent full time role* RESPONSIBILITIES * Conduct application security reviews, vulnerability analyses, and risk assessments; identify integration issues. Recommend best practices and integrate mitigation strategies using Web Application Firewalls and the OWASP framework. * Use technical knowledge of current attacks to identify flaws and weaknesses in the composition and design of networks, remote access schemes, systems, and applications to specify solutions, verify the solutions that have been implemented, and rapidly adjust designs based on new threat and attack information as acquired. * Provide engineering support, troubleshooting, and evaluation of preventative and detective security technologies such as: * Serve as technical and project lead on IT Security initiatives; partner with System Engineers, Application Development teams, and Architects. * Maintain security posture by monitoring and ensuring IT Security compliance to standards, policies, and procedures; conduct incident response analyses; develop and deliver training programs to team members. * Enhance existing architecture and design through planning delivery of solutions; answering technical and procedural questions for team members; teaching improved processes; and mentoring team members. * Generate and document operational processes, procedures, and incident response plans where necessary. * Support the Company’s diversity and inclusion strategy by following policies and procedures that ensure opportunities for employees and diverse business partners. QUALIFICATIONS * 5+ years of experience designing, deploying, configuring, supporting, troubleshooting, debugging, and administering Network Security Products (Firewalls, Proxy, Intrusion Detection Systems/Intrusion Prevention Systems, etc.). * 5+ years of experience practicing Change, Problem, and Incident management processes utilizing ITIL in an enterprise environment. * 5+ years of experience implementing and troubleshooting F5 BIG-IP solutions (APM, ASM) * Ability to analyze, use, and configure large enterprise networks. * Understanding of malware, emerging threats, attacks, and vulnerability management. * Thorough understanding of network protocols such as TCP/IP and web protocols (HTTP/HTTPS). * Working knowledge of Firewall technologies. * Fundamental knowledge of different operating systems (Sun Solaris, Linux, Windows, etc.). * Ability to initiate and complete assignments accurately and on time, with minimal supervision. * Ability to work effectively with vendor technical support channels. * Comprehensive understanding of the terminology, principles, and application of fault tolerance high availability and disaster recovery preparedness. * Working knowledge of data security controls, protocols, and methods. * Bachelor’s degree in a technical field * Ability to effectively lead and influence others without direct managerial authority within an inclusive work environment, using collaboration, coordination, and self-motivation. * Ability to listen and integrate ideas from diverse groups of individuals, build and maintain respectful relationships, collaborate with others, and resolve conflicts constructively. * Experience supporting IT service delivery in a highly-regulated and audited environment preferred. If this is an opportunity that you’re interested in please email your resume to: (see below)

IT Threat Analyst (O365 & Teams)

IT Threat Analyst (O365 & Teams)

About the Job

Duration: Long term renewable contract
Location: Jacksonville, Florida (Remote during Covid-19)
Pay rate:Hourly
Job ID: 4660-1

This position will begin as a remote position during Covid-19 and then transition to an onsite role.

This is a Full Time W2 position, no subcontracting or C2C, unable to provide sponsorship for this position at this time.

Overview
Pursuing IT Threat Analyst resource to support cloud, O365 and TEAMs initiatives.

The IT Security Threat Analyst independently develops, maintains, and implements comprehensive information security monitoring programs including defining security policies, processes and standards for large and complex environments. Perform comprehensive threat analysis and recommends appropriate course of action, mitigation, and remediation. Provide consultative guidance on the development of information security strategies and programs through demonstrated expertise and knowledge of industry trends and changes with respect to advanced and sophisticated cyberattacks and threats.

Responsibilities

Independently, proactively and automatically correlates and analyzes threat data from various sources specifically from Microsoft TEAMS and 0365 deployments
Subject matter expert in the detection and identification of cyberattack signatures, tactics, techniques and procedures associated with advanced threats
Leads assessments and development of cyber threat profiles of current events based on collection, research and analysis of open source information
Leads root cause analysis of any monitoring alerts and threats identified by third-party vendor, or internal systems and workforce. Once root cause is determined, proposes and leads cross-departmental efforts, if required, to implement appropriate security controls and solutions that will mitigate risk and vulnerabilities, as well as safeguard our systems and data
Independently and proactively prepares detailed technical papers, presentations, recommendations, and findings for Management and other Technology Leaders
Develops and maintains documentation for security monitoring procedures and security diagrams
Leads the development of proposed design, configuration, and implementation of security monitoring architecture
Serve as a subject matter expert for team members, specializing in network security monitoring, host analysis, and log analysis
Creates and leads initiatives to improve security monitoring operations center processes
Leads improvements discussions with third-party vendor regarding security monitoring functions
Proactively identifies company-wide program opportunities and works to implement solutions. Guides the direction of the overall information security monitoring and threat analysis program

Qualifications

Related Bachelor’s degree or additional related equivalent work experience IT related field
6+ years related work experience in IT Security
3-5 years of Security Operations Center Threat Analysis experience
Experience using Agile methodology
Experience with identifying threats from Microsoft TEAMS and/or 0365 deployments and cloud (Azure, AWS) architectures.
Strong technical knowledge of security architecture, tools and controls with specific demonstrated experience in proactive detection, mitigation, and resolution of advanced cyberattacks and/or threats
Strong technical knowledge of security infrastructure including security firewalls, data loss prevention, encryption, and end point protection appliances
In-depth knowledge of information threat analysis and detection concepts and principles and impact

Preferred Qualifications

CISSP – Cert Information Systems Security Prof Or CEH, CISM, CRISC, etc

About our Company
DataSoft Technologies is a highly recognized provider of professional IT Consulting services in the US. Founded in 1994, DataSoft Technologies, Inc. provides staff augmentation services for Information Technology and Automotive Services. Our team memberbenefits include:

Paid Holidays/Paid Time Off (PTO)
Medical/Dental Insurance
Vision Insurance
Short Term/Long Term Disability
Life Insurance
401 (K)

20-00522

PKI Engineer, Managed Services, Portland, OR

PKI Engineer, Managed Services, Portland, OR

Our client, a leading provider of Information Security solutions is seeking a PKI Support Specialist, for its Managed PKI and Certificate Authorities service offerings. This is a position will be based in the metro Portland, OR region and will support remote Enterprise, Service Provider and Government Managed Services customers. This role will manage customers PKI and CA deployments remotely as a PKI-as-a-Service offering. Strong preference for candidates experienced in digital certificate management processes, and leading practices, or infrastructure IT background in some or all of the following disciplines: Systems Administration (Windows, Unix OS), Network administration, Active Directory and/or Virtualization

This is a full-time, direct-hire position NOT a contract position.

US Citizens only.

Responsibilities:

Work with customers on Managed PKI and Microsoft Certificate Authorities projects including deployment, migrations, user and admin training, as well as continuing product and service support.
Participate in projects to deploy new PKI applications and services.
Implement all changes to the PKI infrastructure in accordance with standard procedures and change control policies and procedures
Assisting architects in specifying and documenting the needs for the project.
Become the subject matter expert of the firm’s and competitors’ products and cryptographic technology.
Develop plans for projects utilizing the firm’s standards and methodology
Training and presentation of firm’s products or services to customers and staff
Produce necessary deliverables
Assisting the sales teams in development of project opportunities into properly documented projects and deliverables
Liaising with Professional Services and Sales teams,

Education, Experience and Skills requirements:

Bachelor’s degree, or equivalent experience technical discipline, or 3+ years of professional work experience in a related field such as Public Key Infrastructure, Infrastructure IT (Systems Administration, Network Administration Windows/Linux OS, Network Administration, Active Directory and/or Virtualization)

5+ years of experience in working in a highly-technical customer-facing role (i.e.: product support, professional services, sales engineer, technical consultant, or similar) with a security technology vendor, Value-Added Reseller, professional services or consulting firm.

Experience in working with PKI (public key infrastructure), Microsoft Active Directory Certificate Services, digital signature, data communication and other cryptographic systems.

Candidates with exceptional ADCS (Microsoft Active Directory Certificate Services) and PKI skills are encouraged to apply, with a special emphasis on MS-ADCS security components such as Certificate Enrollment Web Services, Certification Authority, Online Responder, Network Device Enrollment Services.

Specific knowledge of Entrust’s family of products particularly desired

Hands-On experience with implementing, configuring and optimizing Hardware Security Modules (HSMs) from leading vendors such as Utimaco, Thales, Gemalto, nCipher or Futurex highly desired.

Suggested Certifications (some NOT ALL of the following): CompTIA Security +, CompTIA Net+, CompTIA A+, CPTE – Certified Penetration Testing Engineer, CEH – Certified Ethical Hacker, IBM DB2, Oracle and MS SQL Server, Java, JavaScript, SQL, Linux, Windows, SSL and HTML/CSS, Certified Information System Security Professional (CISSP)

Hands-On experience with implementing, configuring and optimizing Hardware Security Modules (HSMs) from leading vendors such as Utimaco, Thales, Gemalto, nCipher or Futurex highly desired.

Experience in project management and knowledge of standardized project management techniques

Strong Foundation of common OS (Linux, Solaris, AIX, HP/UX, MS Windows)

Strong working knowledge of fundamental information technology security concepts

Basic programming skills in common programming languages (e.g. Java, C#, C/C++)

Exceptional written and verbal communication skills. Must be independent and self-directed, high-performance, low-maintenance employee.

Experience in training customers with Information Security products

Solid networking skills and the ability to troubleshoot TCP/IP networks, Internet of Things (IoT), mobile security.

IT Security Officer (IAM)

High Profile mid-sized Asset Management Company seeks IT Security Officer with a strong IAM background. This is a direct hire full-time role with a company that offers competitive compensation in addition to a phenomenal benefits package. Working in the IT Group (NOT the Information Security Group) you will be responsible for creating, reactivating, amending, and deleting user IDs and mailboxes for all employees; handling all activities related to the Identity and Access Management (IAM) process. This will include: Provisioning, de-provisioning of user entitlements Maintenance of IAM technology infrastructure, providing guidance for the IAM architecture in order to align IAM initiatives to business processes Managing application and user-store integration Enforce policies and standards Monitor and maintain controls for regulatory compliance including: Remote Access users Unauthorized access users to the systems Super Users activities in the systems Performing SQL database monitoring activities including performing entitlement reviews on SQL databases, monitoring various logs and/or other sources Initiating and managing periodic entitlement certification reviews Act as a liaison for controlling all systems User ID Management that reside with outside vendors Define user roles Define access controls necessary for application usage and data access Decide how best to use the IAM infrastructure tools for overall business success Requirements include: Strong understanding of multiple systems platforms (Windows Active Directory, LINUX, UNIX, AS400…) Firm understanding of Cyber Security initiatives, Risk Management, Privilege Access Management, and how they apply to access provisioning IAM experience with solutions like: SailPoint, NETIQ, Hitachi ID/HIPAM Identity Management – provisioning and workflow processes Access Management – authentication and entitlements Data security and privacy – database access Experience with LDAP, Role Base Access Controls, implementing IDM solutions and Identity Management Provisioning IT experience including IT Security Administration with ability to provide complex problem analysis Regulatory Compliance knowledge (SOX, FFIEC, PCI,…) with understanding of how to balance customer service with regulatory requirements Completed Bachelor’s Degree in Computer Science or related course of study Security related certifications preferred (ITIL, CISSP, CISA or CISM,…)

PKI Support Specialist, Portland, OR

PKI Support Specialist, Portland, OR

Our client, a leading provider of Information Security solutions is seeking a PKI Support Specialist, for its Managed PKI and Certificate Authorities service offerings. This is a position will be based in the metro Portland, OR region and will support remote Enterprise, Service Provider and Government Managed Services customers. Strong preference for candidates experienced in digital certificate management processes, and leading practices, or infrastructure IT background in some or all of the following disciplines: Systems Administration (Windows, Unix OS), Network administration, Active Directory and/or Virtualization

This is a full-time, direct-hire position NOT a contract position.

US Citizens only.

Responsibilities:

Work with customers on Managed PKI and Microsoft Certificate Authorities projects including deployment, migrations, user and admin training, as well as continuing product and service support.
Participate in projects to deploy new PKI applications and services.
Implement all changes to the PKI infrastructure in accordance with standard procedures and change control policies and procedures
Assisting architects in specifying and documenting the needs for the project.
Become the subject matter expert of the firm’s and competitors’ products and cryptographic technology.
Develop plans for projects utilizing the firm’s standards and methodology
Training and presentation of firm’s products or services to customers and staff
Produce necessary deliverables
Assisting the sales teams in development of project opportunities into properly documented projects and deliverables
Liaising with Professional Services and Sales teams,

Education, Experience and Skills requirements:

Bachelor’s degree, or equivalent experience technical discipline, or 3+ years of professional work experience in a related field such as Public Key Infrastructure, Infrastructure IT (Systems Administration, Network Administration Windows/Linux OS, Network Administration, Active Directory and/or Virtualization)

5+ years of experience in working in a highly-technical customer-facing role (i.e.: product support, professional services, sales engineer, technical consultant, or similar) with a security technology vendor, Value-Added Reseller, professional services or consulting firm.

Experience in working with PKI (public key infrastructure), Microsoft Active Directory Certificate Services, digital signature, data communication and other cryptographic systems.

Candidates with exceptional ADCS (Microsoft Active Directory Certificate Services) and PKI skills are encouraged to apply, with a special emphasis on MS-ADCS security components such as Certificate Enrollment Web Services, Certification Authority, Online Responder, Network Device Enrollment Services.

Specific knowledge of Entrust’s family of products particularly desired

Hands-On experience with implementing, configuring and optimizing Hardware Security Modules (HSMs) from leading vendors such as Utimaco, Thales, Gemalto, nCipher or Futurex highly desired.

Suggested Certifications (some NOT ALL of the following): CompTIA Security +, CompTIA Net+, CompTIA A+, CPTE – Certified Penetration Testing Engineer, CEH – Certified Ethical Hacker, IBM DB2, Oracle and MS SQL Server, Java, JavaScript, SQL, Linux, Windows, SSL and HTML/CSS, Certified Information System Security Professional (CISSP)

Hands-On experience with implementing, configuring and optimizing Hardware Security Modules (HSMs) from leading vendors such as Utimaco, Thales, Gemalto, nCipher or Futurex highly desired.

Experience in project management and knowledge of standardized project management techniques

Strong Foundation of common OS (Linux, Solaris, AIX, HP/UX, MS Windows)

Strong working knowledge of fundamental information technology security concepts

Basic programming skills in common programming languages (e.g. Java, C#, C/C++)

Exceptional written and verbal communication skills. Must be independent and self-directed, high-performance, low-maintenance employee.

Experience in training customers with Information Security products

Solid networking skills and the ability to troubleshoot TCP/IP networks, Internet of Things (IoT), mobile security.

Governance Risk and Compliance Senior Consultant

Location: Remote  75 % of travel required to client side 

Description:

Client Security Advisory Services is seeking a Governance, Risk and Compliance (GRC) consultant to work on GRC consulting projects for commercial customers.
We are seeking an innovative and motivated consultant who under general direction with a high level of autonomy, uses extensive knowledge and skills obtained through education and experience to perform the necessary assessment, analysis and consulting tasks related to specific regulations, industry standards and/or a customer’s unique requirements. 
Client Security Advisory Services aspires to be a strategic partner in helping our more than 1,000 business and government clients in 90 countries better serve their customers and citizens.
We work to overcome their IT challenges, collaborating to make technology work for them, anytime and anywhere.
To make it matter, so they can achieve more.
With a dedication to quality and innovation, we deliver IT consulting, systems integration, and applications development.
Enterprises can also outsource IT functions and management to us in areas like infrastructure and business processes.
These efforts enable organizations to take the best advantage of cloud computing, information optimization and enhanced security measures to achieve their goals. 
 

Responsibilities:

Analyze complex, enterprise environments from an information security perspective.
Develop comprehensive information security documentation Policies, Standards, Guidelines, Procedures Conduct risk assessments of business processes and supporting environments; including the determination of risk evaluating the existence of controls that help reduce risk determine residual risk and risk treatment plans.
Evaluate organizations against multiple best practice control frameworks, vertical specific requirements, or federal regulations ISO 27001/2 HIPAA COBIT NERC/CIP FISMA/NIST FFIEC PCI/DSS.
7+ years of experience with Governance Risk and Compliance within Information Security Bachelors’ degree in related field preferred Extensive experience with risk assessment frameworks/methodologies such as OCTAVE, CRAMM, NIST SP 800-37, ISAM, ISRM, ISO 27000, COBIT Deep understanding of IT security impacted regulations and/or standards such as HIPAA/HITECH, PCI, Sarbanes-Oxley, GLBA, etc.
Expert level experience with GRC platforms such as RSA Archer, Paisley, Lockpath, Modulo. Expertise in IT Governance frameworks such as COBIT, ISO 20000, ITIL.  
 

One or more of the following:

Key industry certifications such as CISSP, ISSAP, CISM, CRISC, CISA, SANS, etc.
Experience with GDPR a significant plus.
Demonstrable experience in “soft” consultancy skills (ie, deliverable generation, communications, executive level presentation development/delivery).
Good analytical skills.
Understanding of basic financial analysis in support of providing cost estimations in delivery of large-scale security programs and associated activities.
Ability to develop new portfolio solutions from concept to market (methodology development, marketing, sales/internal training, etc).
Self-motivated individual who is keen to take ownership of allocated tasks and drive them to completion.
Appreciation of trends in IT security and IT risk management.
Experience and knowledge of security management frameworks in multiple industries like finance, pharma, manufacturing, travel/transportation, retail or insurance.
Information Security and regulatory compliance consultancy experience.
Ability to interact with customer risk and security stakeholders at all levels.

We're sorry, there are currently no jobs in this category.