Security Assurance Specialist

Description

My client, A large Financial Firm in Menlo Park, CA is looking to hire a Security Assurance Specialist
This is a Contract Position with the opportunity to turn Full Time
Rate will be around $65 DOE

Will you please find the rest of the job spec below and if you are interested, please respond with a copy of your most recent resume and / or give me a call at ).
Also, please do not hesitate to forward this information to any colleagues or friends who may be interested and have the desired skill set.

SUMMARY

The Senior Security Assurance Specialist will be responsible for multiple technology disciplines with subject matter expertise that includes Unix/Linux, Windows, Cisco network devices and various databases (Oracle, MS SQL, Sybase and DB2), application security and various penetration testing methodologies. The Senior Security Assurance Specialist will provide oversight for technology-specific programs, participate in cross-functional teams to create security baselines and standards, research vulnerabilities, perform technology security assessments, classify security risk levels for technology related activities within the company and support external and internal audits as necessary.
RESPONSIBILITIES

• Provide expert subject-matter security analysis of projects assigned and/or sponsored through Information Technology and other Business Units.
• Perform log analysis on systems to detect anomalous activities.
• Participate in Change Management approval function, as required, including attending review meetings and reviewing/approving change control tickets as a representative for Corporate Information Security.
• Participate in the Moves/Adds/Changes (MAC) approval process, as required, including reviewing/approving Service Desk requests assigned to the Corporate Information Security approval queue.

REQUIREMENTS

• Minimum 4 years' experience in an Information Security position, or four years in Information Technology with a strong background in Information Security best practices.
• Strong background, knowledge and hands-on experience in multiple technology disciplines with subject matter expertise in Unix/Linux, Windows, Cisco network devices and various databases (Oracle, MS SQL, Sybase and DB2), application security and various penetration testing methodologies.
• In-depth knowledge of open source and commercial information security tools, such as vulnerability scanners, intrusion detection systems, log analysis and penetration testing tools
• Knowledge of regulations and security compliance requirements such as SOX, GLBA, SB1386, HIPPA, FFIEC, SEC, OCC, etc.
• Knowledge of security and technology audit frameworks and standards (e.g. COBIT, ISO).