Dear Business Partner, Hope the day is treating you well !!!!
We are currently looking to fill these urgent position with our Direct Client. Below is few details on them. Please let me know if you have anyone who might be interested in the below job opening. Please feel free to call/mail should you have any questions. Thanks & have a good day! *Kindly please send me the resumes on [email protected] <[email protected]>.* *Job Title: Senior Security Test Engineer Location: Pleasanton, CA Duration: 1 year contract* * Job Description Scope* The scope of duties for the Senior Security Test Engineer include, but is not limited to, the following: Acquire complete understanding of SCIF’s technology and information systems. Capture and define the security test requirements. Plan, research, and design robust security architecture test strategy for any IT project. Perform vulnerability testing, risk analysis, and security assessments. Research security standards, security systems and authentication protocols with SCIF. Develop test requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices. Design test plans for public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures. Define, implement and maintain corporate security policies and procedures Oversee security awareness programs and educational efforts Respond immediately to security-related incidents and provide a thorough post-event analysis. Define all entry points to the system, such as: files, sockets, hypertext transfer Protocol (HTTP) requests, named pipes, pluggable activities protocol handlers, malicious server responses and so on. Analyze potential threats and risk analysis based on the entry points defined. Example of threats and the methods to analyze them. *Technical and Demonstrable Skills The Consultant resource(s) shall possess most of the following skills:* Exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work. Ability to flow from black box to gray box to white box tests dependent on client needs. Ability to test a variety of client form factors and technologies based on scopes of work. Ability to solve complex technical problems and articulate to non-IT personnel. Ability to effectively provide technical risk assessment of technologies in networks, applications, wireless, social engineering, code reviews and war dialing. Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source tools. Perform, review and analyze security vulnerability data to identify applicability and false positives. Research and develop testing tools, techniques, and process improvements. Create risk based security code reviews (static & dynamic). Conduct penetration testing in line with Open Web application Security project Mentor junior engineers to build their skills and contribution levels Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment. Support company through the testing and evaluation of new technologies and security controls. Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments. May require the performance of other essential functions depending upon work location or assignment. Experience with dev ops and SIEM tools (ie. Chef, Splunk and Vagrant) Experience with scripting languages (e.g. python, PERL, SQL) a plus Ability to perform below tasks: Dynamic Application Security Testing (DAST) Static Application Security Testing (SAST) Interactive Application Security Testing (IAST) Web Application Penetration Testing Product Security Testing Cloud Application Security Testing Web Services Security Testing Security Code Review Network Security Assessment Security Testing Tools: IBM Appscan, Burp Suite, Tamper Data, Live http Headers, HP Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus *Knowledge* The Consultant resource(s) shall be knowledgeable in most of the following areas: Knowledge and understanding of basic information security principles (eg. OWASP Top Ten) Knowledge of security best practice guidelines (ISO 17799, NIST, etc.) Relevant professional experience including working knowledge of the Penetration Testing. a. TCP/IP networking including IP classes, subnets, multicast, NAT b. WINS, DNS, and DHCP, Network troubleshooting c. Microsoft OS and Server technologies d. Remote access methods e. Backup and disaster recovery methodologies f. Patch management technologies and processes g. Wireless protocols and services h. Network analysis tools i. Familiarity with UNIX a plus CISSP, CISM, CISA, CEH, CEPT, GIAC or other IS certifications a plus *Thanks & Regards* *Ethen Jones* *Staffing Manager* *Email: [email protected] <[email protected]>* *Sedna Consulting Group* -- You received this message because you are subscribed to the Google Groups "project managment" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/project-managment. For more options, visit https://groups.google.com/d/optout.
