---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Engineer
Location: Beltsville, Maryland, United States
Type: Contract
Closing Date: 2006-09-23
Seeking Security Engineer with five or more years of progressive experience in
large networked Microsoft environment(s) with three years in an information
security role. The Security Engineer will perform internal technical
assessments and perform customized technical testing to identify
vulnerabilities. In addition, will provide recommendations and develop
integrated solutions and scripts to eliminate or mitigate the identified
vulnerabilities. Other responsibilities will include; working with clients to
establish/strengthen security policies, assisting clients in designing a secure
infrastructure, and evaluating commercial and open source security products and
tools.
Additionally, this position is a member of our security incident response team.
On a rotational basis, this person will be expected to serve in a hands-on role
as the primary security incident handler. This person will also be expected to
assist the security team in monitoring and evaluating new security
vulnerability alerts. In addition, this person will occasionally be asked to
conduct security reviews on IT projects. Finally, this person will perform
vulnerability assessments on networks and systems, make recommendations for
improving security, and actually implement those recommendations.
DUTIES
1. Conduct risk assessments, audits, system reviews and vulnerability
scans. Use a combination of automated tools, manual methods, and interviewing
techniques to gather the information necessary to report on security risks.
Produce written reports summarizing findings and recommendations.
2. Conduct security reviews on IT projects. Attend meetings and review
documentation as needed in order to identify security requirements for new and
ongoing IT projects. Design security solutions for new systems and
applications.
3. Integrate security solutions into existing enterprise environment in a
methodical and effective manner. Develop scripts to automate the installation
of software and security updates.
4. Monitor the announcements of new security vulnerabilities. Identify
vulnerabilities that are applicable to the systems and applications utilized in
client environment, determine their severity and urgency, work with system
owners to determine if and when corrective action will be taken, and perform
necessary actions to verify that corrective actions were effective.
5. Participate in the incident response team in a hands-on, technical
role. Identify the root cause of security incidents. Recommend and implement
solutions for limiting the scope of the incident. Eradicate any signs of
intrusion. Work with senior management to recommend and implement additional
controls to prevent future incidents.
6. Perform other related duties incidental to the work described herein.
JOB REQUIREMENTS
---------------------------------------------------
• Demonstrated expertise with common industry scanning tools including
Internet Scanner, nmap, Nessus, Retina, CIS Scoring Tools, tcpdump, etc.
• Demonstrated ability to identify, analyze, quantify and report on
Windows security issues.
• In-depth understanding of Active Directory and Group Policy Objects
• Demonstrated expertise at scripting in a Microsoft Windows 2000
environment (using shell scripting, VB script, WinBatch, etc.).
• GIAC GCWN certification and/or CISSP certification
• Must have experience in a similar work environment and role, with
multiple priorities and deadlines on a daily basis, as well as clearly
communicating technical information to diverse business units.
• Current and appropriate body of knowledge necessary to perform the
information security function, including hands on experience with intrusion
prevention systems, packet analysis, vulnerability assessment and vulnerability
mitigation.
• Demonstrated successful project management expertise enabling you to
plan, execute, and document technical work and projects.
• Knowledge of security hardware and software products that comply with
current industry standards.
• At least three years of information security work experience is
required.
• Demonstrated experience managing technology vendors/suppliers.
• Good verbal, writing and people communication skills.
• Well organized with ability to manage multiple simultaneous projects.
• Experience using and interpreting results from security tools,
penetration testing, auditing and logs, incident reports.
• BS/BA in EE or CS preferred
________________________________________
• Candidate must be a U.S. citizen
• Candidate selected will be subject to a Background Investigation (BI)
or a Limited Background Investigation (LBI) and may need to meet eligibility
requirements for access to classified information. Candidates possessing
current Background Investigations (BI) are preferred.
• Position is contract work on a 1099 basis
CONTACT
---------------------------------------------------
Submit resume with cover letter by electronic mail to:
Don Michelli
Michelli Technology Consultants, LLC
Michelli Technology Consultants
Don Michelli
President
hr.mtc_llc@adelphia.net
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
