Hi,
Hope
you are doing great,
This
is Syed Layeeq from New York Technology Partners. We have a requirement for
Lead Information Security Engineer at NYC, NY. Please review the Job
description below and if you’d like to pursue this, please include a word copy
of your latest resume along with a daytime phone number and rate in your
response. You can also reach me at (201) 680-0200 x 7027.
Job Title: Lead
Information Security Engineer
Location: NYC, NY
Start: ASAP
Job Description:
Information
Security Department
- Client
is critically dependent on information and information systems. If important
information were disclosed to inappropriate persons, the company could suffer
serious losses or go out of business. The good reputation that Client enjoys is
also directly linked with the way that it manages both information and
information systems. For example, if private customer information were to be
publicly disclosed, the organization’s reputation would be harmed.
- Guidance,
direction, and authority for information security activities are centralized
for all Client organizational units in the Information Security department.
Information Security is responsible for coordinating the protection of the
organization’s core business operations and information against real-world
cyber threats, by employing technology, policy, processes, education programs,
and sound design techniques across the enterprise. To be effective, information
security must be a team effort involving the participation and support of every
Client worker who deals with information and information systems.
- Client
information must be consistently protected in a manner commensurate with its
sensitivity, value, and criticality.
Typical Job
Functions:
- The
Information Lead Information Security Engineer will primarily be responsible for
performing penetration testing of web applications, code, system architecture,
and/or risk assessment reviews on enterprise systems along with providing
specific recommendations for addressing identified vulnerabilities and risks.
The position requires working with development teams to review application
security findings and to assist with the remediation efforts.
- This
position requires that you have excellent interpersonal and team working
skills. You will work in a high pressure, real time operating environment and
need to have strong communication skills. The successful candidate is
analytical and highly technical and a self-starter.
- The
Client's Information Security department is a global function with team members
spread out across different regions. This will be the third Application
Security position in New York City.
Must have:
- 8+
years IT security work experience, with at least 5 years? Experience in
Application Penetration Testing/Code review or Design review.
- Bachelor’s
Degree in Information Technology/Computer Science or equivalent work
experience.
- Strong
web application penetration testing experience of applications developed on
Java and .NET frameworks as well as experience in testing web services.
- Knowledge
of the software development lifecycle in large enterprise environments.
- Extensive
experience in vulnerability identification and remediation including source
code review mitigation. Knowledge of exploitation and remediation of the OWASP
TOP 10.
- Experience
writing test scripts, automation and/or exploits in languages such as Python
and Ruby.
- Programming
Code review experience (C#, ASP, .Net, Java, PHP, other languages a plus such
as C, C++, etc.).
- Middleware
software experience: Oracle’s WebLogic, IBM’s WebSphere, Apache Tomcat, JBoss.
- Looking
for the following industry experience, Financial Services, Banking and will
consider anyone who worked in Information/Application/Data Security.
Nice to have:
- Any
public conference talks, research, whitepapers.
- Knowledge
of the software development lifecycle in large enterprise environments.
- Experience
in running application scanners such as WebInspect or NTO Spider.
- Experience
in code scanners such as VeraCode, Fortify and Coverity.
- Database
software experience: Oracle, MS SQL, MySQL, Postgress
- CISSP,
CSSLP, GIAC, CEH or similar certifications.
Thanks and Regards,
Syed Layeeq
New York Technology
Partners – Rochester
332 Jefferson Rd.
Rochester, NY 14623
T1: (201) 680-0200 x
7027
Fax: (201) 474-8533
8 syed@nytpartners.com