---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Consultant
Location: Charlotte, North Carolina, United States
Type: Permanent F/T
Closing Date: 2007-11-10
My client has built their Security Services practice specifically to address
their clients’ needs around information protection. They have conducted
technical assessments of client networks; security risk assessments including
reviews of administrative, organizational, and physical spaces; and security
engineering to build the security architecture for major corporations. My
client has invested heavily in developing their Security Services capabilities.
They have developed, tested, and refined their methodologies to efficiently
provide high-quality and cost-effective services to the clients.
My client is seeking consultants who have the capability to implement identity
management solutions including user repositories, web access management,
provisioning, role-based access controls, and single sign-on technologies.
SPECIFIC RESPONSIBILITIES
- Reviewing, documenting, evaluating and testing Information Security based
controls in a wide range of environments including Windows, Linux, mainframe,
mid-range and client server. IT control procedures address IS organization and
administration practices, system development and maintenance procedures, system
software and hardware controls, security and access controls, computer
operations, environmental protection and detection, and backup and recovery
procedures;
- Reviewing information system architecture and security controls, this
includes however is not inclusive of firewall and border router configurations,
operating systems configurations, wireless architectures, databases, and
information security policies and procedures;
- Execute internal and external Network Attack and Penetration, and
vulnerability assessments. This entails impersonating an authorize client
person to obtain physical access to the client facilities (social engineering),
identifying internal information assets, assessing and exploiting threats and
vulnerabilities. Additionally, assist client management in performing root
cause analysis and prioritizing identified vulnerabilities, and in developing
action plans to address these areas;
- Perform Web Applications security reviews utilizing automated scanners such
as WebInspect and Nikto, and manual exploits such as cross-site scripting, SQL
injections, and buffer overflows to obtain business critical data, i.e. credit
card information;
- Assists with the administration of project setups, billing, reconciling job
summaries and recruiting
- Communicating IT control strengths and weaknesses to the client or internal
audit engagement team and developing effective solutions;
- Develop and maintain effective client relationships;
- Apply understanding of business processes and technical skills to successful
completion of project assignments;
- Develop understanding of project requirements
- Preparing audit reports on findings and recommendations to senior management;
- Participating in the review of IT internal controls as described in the
Sarbanes-Oxley Act of 2002;
JOB REQUIREMENTS
---------------------------------------------------
ABILITY TO TRAVEL
- The position requires up to 40% of out-of-town travel to client work sites.
EDUCATIONAL & PROFESSIONAL CREDENTIALS REQUIRED
- Bachelors degree in relevant discipline (Computer Information Systems,
Information System Technologies, Management Information Systems)
- 3+ years in a related field, preferably in professional services
- Professional Certification such as CISSP, CISM, GSEC, GIAC are strongly
preferred
-Consulting experience in information security, particularly in vulnerability
assessments, penetration testing, security architecture reviews, web
application security reviews, and wireless security assessments.
REQUIRED TECHNICAL KNOWLEDGE & SKILLS
- Knowledge of industry regulations, i.e. Gramm Leach Bliley Act (GLBA), Health
Insurance Portability and Accountability Act of 1996 (HIPAA), or Corporate
Compliance, PCI.
Salary: $80,000-$120,000 + Bonus
CONTACT
---------------------------------------------------
If qualified, please contact John Ahn: john@altaassociates.com
Alta Associate, Inc.
John Ahn
Senior Recruiter
john@altaassociates.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
