I need a coder

[Full-time] Security Consultant at Daniel Artur

2009-11-13 04:24:18

Location: Virtual, United States
URL: www.ineedacoder.com

Description:

Position/Title: Security Consultant
Position Type: Permanent F/T

Job Description: To perform PCI-DSS security assessments and/or participate in remediation efforts.

Specific responsibilities include:

• Perform PCI-DSS assessments

• Participate in remediation projects

• Advising clients on best practices and strategies to become PCI compliant

• Drive PCI engagements to completion and be prepared to lead projects

Job Requirements: The ideal candidate will have the following experience;

• Consultant MUST be QSA certified

• Must have a deep understanding of all aspects of information security

• Deep commitment to producing high quality deliverables

• Excellent written and verbal communication skills

• Ability to maintain firm stance on compliance standards in a non-adversarial manner

• Strength in communicating effectively across all roles within an organization including Sr. Leadership positions

• Two or more years experience with security audit and assessment methodologies

• Demonstrated experience conducting PCI assessments, current QSA.

• Bachelors degree is preferred

• Experience with current legal and regulatory requirements around information security and privacy, including SOX, 27001, GLBA, etc. is a plus

Apply to this job

[Full-time] Incident Handler at Jorge Mori

2009-11-13 04:21:23

Location:
URL: www.ineedacoder.com

Description:

Position/Title: Incident Handler
Position Type: Permanent F/T

Job Description: Incident Response Analyst II (561)

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.

• The primary responsibilities of this position are incident handling and response as a member of a Computer Security Incident Response Team (CSIRT). Analyst will respond to computer security incidents and escalate when necessary as well as coordinate response to computer security incidents. Recommend a course of action on each incident. Creates, manages, and records all actions taken by Incident Response Teams. Serve as initial POC for Events of Interest reported both internally and externally. Establishes alarm/incident escalation process. Tracks, follows-up, and resolves incidents. Provides internal incident coordination. Will be responsible for initiating forensic investigations and working closely with the forensics team to conduct and participate in cyber investigations. Initiates and maintains contact with affected parties during incident response lifecycle. Investigates potential incidents/intrusions. Follows up on post incident actions. Consults with investigative/enforcement entities on declared incidents.

• Provide consulting advice on vulnerabilities or potential vulnerabilities within architecture.

• Communicate with excellent oral and written skills findings of such reports to all levels within TSA and DHS from executive staff to working level.

• Work closely with TSA staff to collaborate with DHS and other affiliated organizations during incident investigations or to obtain information for investigations.

• Develop and provide analysis reports.

• Provide consulting of known system vulnerabilities and exploits and develop and provide reports of such.

• Provide support, reports and all related deliverables on ‘chain of custody’ matters.

• This position may require on call duty.

Job Requirements:

Must possess a background in incident handling, response and intrusion detection (IDS) experience . Requires 2 years of related security experience and possess a BS degree. If candidate does not possess a degree then he/she must possess 4 years of experience. Perform daily analytical actions in the performance of responding to incidents, identifying appropriate mitigation actions, identifying proper escalation procedures, and analyzing data collection and reporting requirements. Assist in developing, managing, communicating, and executing an incident response program and initiating forensic investigations. It is preferred that this person be a current Certified Information Systems Security Professional (CISSP), or similar security professional certification. Experience with Encase Enterprise edition or other Forensics tools is a plus.

Apply to this job

[Full-time] Certification & Accreditation Engineer at Marco Antonio

2009-11-13 04:19:39

Location: Suitland, United states
URL: www.ineedacoder.com

Description:

Position/Title: Certification & Accreditation Engineer
Position Type: Permanent F/T

Job Description: A qualified candidate to act as Certification and Accreditation business practice manager.

The qualified candidate will:

- Lead and participate in current C&A NIST efforts

- Serve as the primary SimIS point of contact for our Federal government clients for C&A related activities

- Serve as a subject matter expert (SME) for all C&A tasks

Typical tasks you will participate in:

- Annual Continuous Monitoring (controls testing)

- SSP development/auditing

- reaccreditation of a previously certified and accredited system

For this job, you must not solely be a manager – you must be a doer. For example, you WILL be very hands on, testing M&O controls in the course of a CM task, along with leading the overall task and team.

This job can be part-time, full-time, or on a contract basis.

We are picky – we are looking for the right person that will provide an excellent product to our Federal government client.
Job Requirements: Firm requirements:

- U.S. citizen

- 10+ years experience in Information Technology

- 6-8 years experience in Information Security/Assurance

- Complete knowledge of the NIST C&A cycle

- Excellent written and verbal communication skills

- Experience in scoping C&A tasks

- Experience in leading and performing all phases of C&A

Nice to have:

- other industry certs

- knowledge and experience working with Department of Commerce, and NOAA

- security testing skills

Apply to this job

[Full-time] Training / Awareness Specialist at Jacob Ricardo

2009-11-13 04:16:35

Location: Washington, United States
URL: www.ineedacoder.com

Description:

Position/Title: Training / Awareness Specialist
Position Type: Permanent F/T

Job Description: Outreach & Training Specialist

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.

This candidate will be a spokesperson for information security topics at this government agency. This individual will work with senior leadership to address all aspects of information security awareness at each level of user experience and responsibility to prevent inadvertent compromise or disclosure of sensitive information.

Personal knowledge, professional presence and the ability to quickly grasp and explain technical concepts will be distinguishing characteristics that will allow the successful candidate to establish a well-known professional standing within both this agency and the government information security community as a whole. The candidate will be responsible for developing courses and training seminars including, but not limited to the following:

• Security Awareness training

• Role Based Security training

• Addressing IT security in Capital Planning and Investment Control

• Security costing methodology for Plans of Actions & Milestones (POA&Ms)

• Linking funding identified for corrective actions in POA&Ms to the sources of those funds

• IT security for Project Managers

• Tracking security funding and specialized IT system courses on the C&A process

• Self Assessment process

• Contingency Planning

• Risk Assessment

• Preparation of System Security Plans

Job Requirements:
The successful candidate will possess a minimum of 5 years experience in developing, executing, and/or managing outreach or education and awareness training programs. A B.A. or B.S. degree is preferred. The candidate should have some experience with information security concepts, best practices, and policies. Information Security experience is not required but would be a significant plus. The candidate should have experience with relating training material in presentations to groups, via the intra/internet, group workshops, CBT or other technology. Additionally, the candidate should have experience with Federal outreach or PR campaigns. Experience with NIST 800-16 and 800-50 regarding training for IT security and knowledge requirements for specific functions is preferred.

This candidate must:

• Be able to effectively communicate through written and verbal means.

• Be prepared to develop and present information security training to large audiences and develop executive-level MS PowerPoint presentations.

• Be able to develop education and awareness training material for presentation in multiple formats and make decisions on a multi-disciplinary method for delivering content

• Be able to effectively explain technical terms and concepts to a non-technical audience.

• Be able to draft and revise multimedia presentations using Microsoft PowerPoint in an expedient manner.

• Be able to research emerging information security concepts and prepare related training and/or guidance in the form of memorandums, newsletters, email bulletins and printed media.

Apply to this job

[Full-time] Senior Software Engineer at Jaydy Michel

2009-11-13 04:12:19

Location: Canada
URL: www.ineedacoder.com

Description:

Position/Title: Senior Software Engineer
Position Type: Contract

Job Description: This position offers the right candidate a number of excellent opportunities to install and build world class Security Operations Centers globally. This is not an analyst position but rather a technology centric position that requires the consultant to have a thorough understanding of security operation center principles, incident response lifecycle, ArcSight ESM, information security frameworks, and strong consulting skills.

Responsibilities:

Specific responsibilities include:

• Overall responsibility for being the subject matter expert on ArcSight ESM software

• Ensure that ArcSight products are deployed and operating to deliver the technical and business results as defined within the engagement

• Technical administration of the ArcSight ESM platform to ensure consistent software performance

• Advising clients on best practices and use cases on how to use ArcSight to achieve end state requirements.

• Use-case Content development

• Use of ArcSight ESM in the daily operational work and workflow

• Acting as a member of the customer organization Security Operations Center staff

• Conducting information security investigations through the use of ArcSight ESM software

• Communicating with the ArcSight Security Operations Consulting practice leader as required
Job Requirements: The ideal candidate will have the following experience;

Must have SEIM/SIM experience, preferably with Arcsight solution.

Must be knowledgeable in the functional operation of a security operations center with CISSP designation a plus. Experience with security operations activities such as incident response. Experience with ArcSight ESM software in a production state. Strong people/communication skills needed as this position requires routine client interaction. Security device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.)

• Expertise in UNIX, Linux, and Windows – able rebuild host systems.

• Experience with Database installation and configuration is required and Oracle experience is a plus.

• Preferably have worked in a similar position in a known security products company

• Strong communication skills

• Relevant technical and industry certifications are a plus, e.g. CISSP

• Willingness to travel or relocate for long term engagements.

Apply to this job

[Full-time] Jr. Security Analyst at Karla Martinez

2009-11-13 04:08:58

Location: Dayton, United States
URL: www.ineedacoder.com

Description:

Position/Title: Jr. Security Analyst
Position Type: Permanent F/T

Job Description: 3.3 Journeyman Security Management Tasks (Development Planning). Provide a wide range of security management, analytical, technical and support services for the various Development Planning activities/projects/programs in ASC/XR. Tasks required individuals have a current (within 5 years) Top Secret clearance to meet task order requirements. The Contractor shall:

3.3.1 Integrate flexible, cost-effective, and threat-based security processes, plans and procedures to protect each critical weapon system during its life-cycle, from Pre-milestone A through the final phases of the program. Assist in developing and documenting process for accomplishing development planning security requirements in a comprehensive format to allow for continuity in future activities.

3.3.2 Analyze security procedures and coordinate recommended solutions on security deficiencies with Program security personnel.

3.3.3 Assist with the development of security requirements. Administratively assist with the coordination of DD Form 254, DoD Contract Security Classification Specification.

3.3.4 When necessary, the contractor shall receive and secure classified mail as appropriate.

3.3.5 Evaluate security and administrative procedures associated with identifying and handling unclassified Critical Program Information (CPI), Critical Information (CI) and classified material, up to and including Top Secret Information. Assist with identifying CPI, assessing program threats, analyzing system vulnerabilities and recommending alternative cost-effective security countermeasures that meet security objectives within the overall system design and program strategy.

3.3.6 Assist in the integration of US export and technology control laws, DoD/Air Force policy and instructions, and other applicable guidance into program protection planning.

3.3.7 Recommend changes to DoD, Air Force and program security policy and instructions to the government security lead.

3.3.8 Assist with the transition of DoD and Air Force policy to “design to” and “test to” specifications, and System Security Engineering (SSE) requirements into functional requirements.

3.3.9 Assist with establishing/facilitating the System Security Working Group (SSWG), or other security-related Integrated Product Teams (IPTs), for the preparation of program security standards.

3.3.10 Assist in developing program specific SSE requirements. Review program threats and conduct vulnerability analyses to define security functional requirements for effectively securing systems against overt and covert ground-initiated attack; provide recommendations for the integration of physical security countermeasures, electronic and mechanical detection devices on the weapon system, and other corrective actions.

3.3.11 Plan, design, review, analyze and report on tailored security plans for the protection of systems during the test and evaluation phase and make recommendations for changes to security test procedures.

3.3.12 Assist in conducting system security assessments to assure the proper front-end emphasis on System Security Management. Review conceptual studies, program reports, system data and other pertinent source documentation which might aid in establishing basic system security requirements and developing System Security Management Plans.

3.3.13 Continuously analyze the adequacy of the weapon system contractor’s system security planning and physical security standards and report on discrete areas of concern. Assess, monitor and review trade studies designed to balance program security risks with costs to the program; assist with designing cost-effective approaches for integrating security requirements into weapon system contracts.

3.4.14 Assist with developing and maintaining time-phased, event-driven Security Classification Guides (SCGs), Operations Security (OPSEC) Plans, Technology Assessment and Control Plans (TA/CPs), System Security Management Plans and Program Protection Plans (PPPs), as required.

Apply to this job

[Full-time] Application Security Engineer at Juan Gabriel

2009-11-13 04:04:40

Location: Chicago, United States
URL: www.ineedacoder.com

Description:

Position/Title: Application Security Engineer
Position Type: Permanent F/T

Job Description: Most of the job will be manual pen testing (80%) of web-facing applications, and of course, you’d need to run automated scanning tools (mostly open source).

You will be responsible for vulnerability assessments and pen testing against:

XSS

SQL Injection

LDAP Injection

Input validation

Code reviews: Their apps are written in Java and .NET

Creating best coding practices and advising Assist on the network security AD RBAC (nice to know)

Researching new scanning tools, technology and establishing best practice

Sole ownership of application security

Apply to this job

[Full-time] Information Assurance Engineer at Erick Elias

2009-11-13 04:01:44

Location: Melbourne, United States
URL: www.ineedacoder.com

Description:

Position/Title: Information Assurance Engineer
Position Type: Permanent F/T

Job Description: Information Security Systems Engineering

Job Description:

Applies current Information Assurance technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security.

Works closely with Government customers to ensure that the information assurance requirements are defined and implemented in a way that will allow for the accreditation of the Information Assurance architecture.

Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products.

Uses methods such as encryption technology, vulnerability analysis and security management.

Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment.

Will prepare Certification and Accreditation documentation, using multiple standards such as DITSCAP, NIACAP, DCID 6/3, Common Criteria, and NIST 800-37, to achieve accreditation of supported systems.

Represents program security interests at customer meetings.

Implement, maintain and monitor tools and procedures to support Harris’s compliance with the Defense Industrial Base initiative.

Assist in incident response procedures as outlined in Incident Response Plan (IRP).

Perform routine log analysis to identify possible compromise.

Perform vulnerability assessments and coordinate efforts to remedy identified issues.

Troubleshoot security vulnerabilities in response to security incident reports, and identify, isolate and remedy security vulnerability sources.

Coordinate efforts across departments in maintaining high security standards.

Job Requirements:
Qualifications:

BS degree with a minimum of 8 years experience in Information Assurance/Information System Security Engineering.

Must have 3+ years experience with cyber incident response.

CISSP, CISM or GSLC required.

Active DoD clearance (Secret or higher) is required for all candidates.

Must have experience in applicable DOD, CJCS, NIST, CNSS guidance related to information security and risk management.

Knowledge of Federal ISS/IA regulation, policies and procedures.

Demonstrated experience applying security risk assessment methodology to system development to include: Threat model development, Vulnerability assessments, Security risk analysis required.

Hands-on experience with one of the following required: Log Analysis, Vulnerability Assessment and Penetration tools.

Preferred Additional Skills:

Experience leading both projects and teams preferred.

MS degree preferred.

Additional SAN certifications a plus.

Forensic certification highly desirable.

Hands-on experience with Certification & Accreditation methodologies, preferably NIST 800-37/FISMA and NISPOM Ch 8 preferred.

Must be self-motivated and be capable of handling multiple tasks and projects simultaneously.

Experience in data forensic tools and techniques desired.

Knowledge of networking highly desired.

Strong oral/written communication and customer interface skills a necessity.

This position requires the candidate to already possess an active DoD Secret clearance and to maintain the clearance.

Apply to this job

[Full-time] Security Director at Bill Melendez

2009-11-13 03:56:18

Location: Reston, United States
URL: www.ineedacoder.com

Description:

Position/Title: Security Director
Position Type: Permanent F/T

Job Description: Program Manager/Security Technical Lead

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.

• Oversight of daily program activities. Performs cost, schedule, performance, risk, quality, security, and administrative duties relative to contract to include support to the addition of new contract tasking.

• Provides senior level consulting to the Information Assurance Division on subjects including program development, best industry practices, and enhancement of existing program areas.

• Acts as primary customer contact for program activities, leading program review sessions with customers to discuss cost, schedule, and technical performance.

• Provides the Customer with appropriate metrics (results, cost, and schedule) to track performance to successfully meet missions and objectives.

• Provides reports and meets with the client, Contracting Officer, and Contracting Officer’s Technical Representative as required.

• Participates in the negotiation of contract changes.

• Coordinates the preparation of proposals, business plans, proposal work statements and specifications, operating budgets and financial terms/conditions of contract.

• Proactively implement and manage and integrated contractor IT Security Program.

• Ensure appropriate resource and staffing needs are addressed.

• Define appropriate processes for managing deliverables and work products of personnel supporting multiple teams.

• Task management – assigning duties to team members (not otherwise assigned by Government program leads) ensuring adequate priorities of the tasks are appropriately staffed for coverage. Provide task priority de-confliction or arbitration when operational priorities conflict across teams.

• Report all pertinent matters involving the security of programs, mission support systems, and applications to the Government leads for action.

• Attend all required meetings such as senior staff meetings, working meetings, review boards and other applicable and assigned meetings.

• Ensure staff members receive annual IT Security Awareness Training and Significant Security Responsibility Training.

• Ensure team performs in a professional manner at all times. Responsible for taking appropriate administrative and disciplinary actions in a timely fashion in support of the contractor and subcontractor staff;.

• Ensure compliance of all staff members to all federally mandated laws such as security clearance requirements, building access rules, etc.

• Provide senior level consulting as appropriate to the Information Assurance Division of ICE, such as program development, best industry practices, enhancement of existing program areas, etc.

Apply to this job

[Full-time] Manager, Information Security at Fernando Romero

2009-11-13 03:51:59

Location: Remote, United States
URL: www.ineedacoder.com

Description:

Position/Title: Manager, Information Security
Position Type: Contract

Job Description: This position offers the right candidate a number of excellent opportunities to install and build world class Security Operations Centers globally. This is not an analyst position but rather a Security Operations Lead position that requires the consultant to have a thorough understanding of security operation center principles, incident response lifecycle, ArcSight ESM, information security frameworks, and strong consulting skills.

Specific responsibilities include:

• Serve as liaison between SOC Program Manager and Analysts

• Overall responsibility for managing SOC Operations Staffing Schedule

• Deliver Technical Training to Analysts and client staff

• Lead SOC Ops daily calls

• Produce/Review Reports

• Support expediting high profile case management issues

• Acting member of the customer organization Security Operations Center staff

• Support information security investigations through the use of ArcSight ESM software

Job Requirements:

• Experience in the functional operation of a security operations center is required.

• Experience with security operations activities such as incident response.

• Experience with ArcSight ESM software in a production state.

• Experience as a Technical Trainer

• Strong people/communication skills needed as this position requires routine client interaction.

• Has held a supervisory role in a SOC

• Has experience as an IDS analyst

• Has experience working on a helpdesk

• Is CISSP and GIAC certified

• Working knowledge of Unix, Windows and Cisco

• Experience working with Wiki technologies

• Willingness to travel to support intermediate & long term engagements (6-12 month engagements are common)

• Strong writing skills

• Relevant technical and industry certifications are a plus, e.g. CISSP, Cisco Certifications, ITIL Foundations, MCSE

Apply to this job

I need a coder

[Full-time] Security Consultant at Daniel Artur

[Full-time] Incident Handler at Jorge Mori

[Full-time] Certification &amp; Accreditation Engineer at Marco Antonio

[Full-time] Training / Awareness Specialist at Jacob Ricardo

[Full-time] Senior Software Engineer at Jaydy Michel

[Full-time] Jr. Security Analyst at Karla Martinez

[Full-time] Application Security Engineer at Juan Gabriel

[Full-time] Information Assurance Engineer at Erick Elias

[Full-time] Security Director at Bill Melendez

[Full-time] Manager, Information Security at Fernando Romero

[Full-time] Certification & Accreditation Engineer at Marco Antonio