Previous Job
Information Security Officer (1912200928)
Ref No.: 18-19533
Location: Santa Clara, California
Information Security Officer
Santa Clara, CA
6-12+ Month Contract

Possible temp to perm position
MUST be US Citizen

Position Overview:
  • Work with one of the client's prized clients in the heart of Silicon Valley by ensuring security for critical infrastructure.
  • We are looking for a talented hands-on security professional that has deep technical knowledge also likes contributing to the strategic direction.
  • In this role you will get to work with the full array of security solutions as well as support the security provisions throughout the environment's infrastructure – networks, servers, desktops and applications.
  • You will also contribute toward strategic planning based on risk assessments and analysis.
  • Bachelor degree or higher in CS, CIS, MIS or equivalent
  • Security Certification(s), such as CISSP, CISM, CGEIT, GSEC, CEH, MCSE:Security, and CCNP-Security certification
  • 5-10 years hands-on security administration or engineering experience
  • Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
  • Client engagement soft skills are required
  • The ability to present and explain security and risk information for business executives to understand
  • The ability to lead people of various levels and technical expertise
  • The ability to prioritize and persuade in order to move the security program forward amongst competing initiatives
  • Experienced with security solutions (e.g. firewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC)
  • Strong understanding of NIST 800-53 & CSF, risk assessment and incident response standards
  • Strong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL, and Linux
  • Strong understanding of protocols, such as IPsec, ESP, GRE, SSL/TLS, 802.1x, RADIUS/TACACS, HSRP, GSLB and WCCP
  • Ability to perform and analyze packet captures
  • Ability to analyze suspicious emails, URLs, and files to ascertain if they are malicious
  • Knowledge of hacking techniques, vulnerability disclosures, and security analysis techniques
  • Knowledge of malware families, botnets, threats by sector, attack campaigns and attack methods
  • Scripting language such as PowerShell or PERL
  • Familiarity with incident tracking, change management and project tracking systems like ServiceNow and Jira.
  • Ownership of day to day security events, perform incident response using NIST SP 800-61 standards, and determine root causes
  • Create and lead security initiatives that reduce risk as well as automate detection and protection mechanisms
  • Identify needs and implement comprehensive security controls using multi-layered security and defense in depth
  • Collaborate with all operations teams to ensure security controls and configurations are implemented and incorporated in their ongoing operations
  • Server security through vulnerability management, system patching and secure configuration
  • Network security through segmentation and firewall zoning and ACL policies, as well as secure configurations in firewalls, routers, switches, VPNs and load balancers
  • Endpoint security management to prevent malware and insider threats
  • Email security through Spam filtering and use of SPF & DMARC
  • Application security based on OWASP Top 10
  • Monitor SIEM, IPS, event logs and reports for indicators of attack and indicators of compromise
  • Proactive client involvement in solving client challenges and business opportunities
  • Contribute quarterly security advisories for the Security Awareness Program
  • Keep security plans and documentation updated, such as the disaster recovery plans and security policies
  • Continuously mature the GRC program
  • Governance: Collaborate with client stakeholders and steering committees to ensure plans and identified solutions meet business needs and expectations.
  • Risk: Working with stakeholders to perform risk management and ongoing assessments, and then selecting mitigating and corrective controls based on Pareto analysis
  • Risk: Reviewing SOWs and RFP responses to assess risks
  • Risk: Collect, analyze, and validate open source intelligence
  • Ensure regulatory compliance with PCI-DSS, CJIS, and California Consumer Privacy Act of 2018 (AB-375)
  • Communicate with the client team on a regular basis to provide timely and informative reports and related analysis and recommendations to maintain and improve service delivery
  • Provide up-to-date information to clients in response to specific inquiries and meet all commitments ahead of due dates
  • Monthly presentations to executives on current state of risks, status of security controls, and remediation timelines
  • Monthly reports on security operations that provide current states of security controls