URGENT HIRE JOB | Information Security Engineer/Architect in Media, PA

1 view
Skip to first unread message

KM Shukla

unread,
Jul 3, 2020, 11:42:32 AM7/3/20
to

Share Resume AT Ksh...@Quantumworld.us

 

 

Position: Information Security Engineer/Architect

Location: Media, PA

Duration: 6+ Months Contract

Interview: Skype

 

 

Hiring Manager’s Note:

  • Expectation is candidate who is a Senior Technical architect which very good technical knowledge on AWS and DevSecOps.  Ability to automate configuration management. Have broad understanding of programming languages, DB, Application security (SAST DAST), container security, scripting knowledge

 

 

*Please Note: the candidate is report to office from day 1. No remote work option available * | *Please submit the profiles with the below skill matrix. Profiles without the skill matrix will not be considered*

 

 

Job Title

 

Job Summary:

 

In consultation with the Information Security, Development and Infrastructure teams, the Security Engineer Contractor will help integrate information security requirements and controls as captured in security policies, standards and best practices into current and future architectures and designs. The Security Engineer will help in detecting and addressing (reactively and proactively) risks and vulnerabilities in Customer’s IT landscape. Play a key role in driving the evolution of Customer’s technical architectures and IT operations and ensure that security controls are embedded throughout future designs and plans.

 

Principal Duties:

  1. Engineer and implement security measures for the protection of computer systems, networks and information.
  2. Maintain awareness of information security policies, standards and requirements.  Stay current on information security trends and risks.
  3. Drive identification and definition of system security requirements.
  4. Develop and document cloud, automation, and API security requirements.
  5. Analyze, design, develop, and continually evolve modern software-defined infrastructure and application patterns.
  6. Analyze cloud architecture and application vulnerabilities using cloud-native tools.
  7. Continuously evaluate the organization's existing cloud infrastructure security practices and help to define, standardize and measure security-related activities.
  8. Support cloud certification activities such as system hardening, vulnerability testing and scanning.
  9. Work closely with development, infrastructure and information security teams in an agile workflow to promote and mature DevOps methodologies.
  10. Design computer security architecture and develop detailed cyber security designs (network, applications, software development, operating system, virtualization, cloud, automation, etc) with input

from various stakeholders (Information Security, IT, etc) while working in a hybrid cloud/traditional data center environment.

  1. Prepare and document designs, architectures, configuration standards, standard operating procedures and protocols.
  2. Act as an advisor to internal teams enabling them to build and design products securely and efficiently.
  3. Develop technical solutions to help mitigate security vulnerabilities and automate repeatable tasks to reduce the risk of fraud, abuse and misuse.
  4. Communicate technical application security concepts to employees, including developers, architects, and managers.
  5. Assess the security posture, develop risk profiles, specify security requirements, and identify mitigation measures to safeguard public facing Web applications.
  6. Streamline usage of security technologies in a dynamic environment through automation and orchestration platforms.

 

Essential Functions:

  1. Ability to work well individually as well as in a team environment
  2. Excellent oral and written communication skills, including documentation skills specifically with the drafting and updating of process and procedures.
  3. Excellent customer service and interpersonal skills
  4. Ability to work with little or no supervision
  5. Detail oriented and strong organizational skills
  6. Strong analytical and problem-solving skills
  7. Ability to handle multiple projects simultaneously and independently
  8. Proven self-starter with demonstrated ability to make decisions
  9. Ability to learn new technologies quickly and independently

 

Basic Qualifications:

  1. Bachelor’s degree in Information Technology or a technical discipline (e.g., engineering) preferred, or technical certifications, or related experience
  2. Certified in one or more of the following preferred: CISSP, CISA, CISM, CEH, technology specific (proxy, data loss prevention, firewall, etc).
  3. Minimum of 7+ years working in Information Technology Security.
  4. Working knowledge of information security concepts and technologies such as: least privilege, networking, network segmentation, firewalls, IPS\IDS, network analyzers, encryption technologies, proxies, etc.
  5. Proven work experience as a system engineer or system security engineer
  6. Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
  7. Cloud security (AWS - Azure) architecture, environment, and WAF experience
  8. Experience with container management and containerization technology.
  9. Experience on Authentication, Single Sign-On Infrastructure (AD, Azure AD, VDS, Ping Federate); Experience implementing multi-factor authentication, single sign-on, identity management or   

related technologies.

  1. Extensive experience on authentication and authorization strategies using SAML/OpenID/OAuth;
  2. Extensive experience in usage related Identity & Access Management & defining standards around data at & data in transit - encryption, authorization, authentication, and security mechanisms,

especially the foundational elements of the Public Key Infrastructure.

  1. Experience in building and maintaining security controls
  2. Detailed technical knowledge of application, network, database and operating system security
  3. Hands on experience in security systems, controls and concepts
  4. Experience with network security and networking technologies
  5. Working knowledge of sub netting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods
  6. Network and web related protocols (TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)
  7. Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication
  8. Thorough understanding of the latest security principles, techniques, and protocols

 

Skill Matrix

Skill Matrix

Score 0-10

1.      Engineer and implement security measures for the protection of computer systems, networks and information.

 

2.      Maintain awareness of information security policies, standards and requirements.  Stay current on information security trends and risks.

 

3.      Drive identification and definition of system security requirements.

 

4.      Develop and document cloud, automation, and API security requirements.

 

5.      Analyze, design, develop, and continually evolve modern software-defined infrastructure and application patterns.

 

6.      Analyze cloud architecture and application vulnerabilities using cloud-native tools.

 

7.      Continuously evaluate the organization's existing cloud infrastructure security practices and help to define, standardize and measure security-related activities.

 

8.      Support cloud certification activities such as system hardening, vulnerability testing and scanning.

 

9.      Work closely with development, infrastructure and information security teams in an agile workflow to promote and mature DevOps methodologies.

 

10.  Design computer security architecture and develop detailed cyber security designs (network, applications, software development, operating system, virtualization, cloud, automation, etc) with input from various stakeholders (Information Security, IT, etc) while working in a hybrid cloud/traditional data center environment.

 

11.  Prepare and document designs, architectures, configuration standards, standard operating procedures and protocols.

 

12.  Act as an advisor to internal teams enabling them to build and design products securely and efficiently.

 

13.  Develop technical solutions to help mitigate security vulnerabilities and automate repeatable tasks to reduce the risk of fraud, abuse and misuse.

 

14.  Communicate technical application security concepts to employees, including developers, architects, and managers.

 

15.  Assess the security posture, develop risk profiles, specify security requirements, and identify mitigation measures to safeguard public facing Web applications.

 

16.  Streamline usage of security technologies in a dynamic environment through automation and orchestration platforms.

 

 

-------------------------------------

Regards,

 

K.M. Shukla

Lead- Delivery

Quantum World Technologies Inc.

199 W Hillcrest Dr, Suite#0112, Thousand Oaks, CA 91360

250 Yonge street  , Suite #2201, Unit #10, Toronto, ON, M5B 2L7, Canada

160 City Road , London EC1V 2NX , United Kingdom  

Office: 805-222-0532 Ext-106

Direct: 805-277-7791

Fax : 805-834-0532

E: ksh...@quantumworld.us

  cid:image001.jpg@01D41475.046516D0 cid:image001.png@01D33D50.9B6D0E90

Please consider the environment before printing this e-mail. 

 

Due to the current scenario globally (COVID 19) as we are working remotely. If I miss to answer over the phone The BEST way to communicate is through an EMAIL.

 

DISCLAIMER

The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you have received this communication in error, please notify the sender and delete the e-mail and destroy any copies of it. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing Quantum World Technologies Inc’s client engagement letter. Opinions, conclusions and other information in this e-mail and any attachments that do not relate to the official business of the firm are neither given nor endorsed by it.

Quantum World Technologies Inc. cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.

 

 

Reply all
Reply to author
Forward
0 new messages