Information Security Manager - Santa Clara, United States - Jobsrus
Description
seeking to hire a Information Security Manager for our client in Santa Clara, CABenefits AvailableWeekly Pay$40.00/HourDescription:We need a Security technical lead / Manager with the experience in Scalar, Qualys, Threat Hunting experience.
At least 5-8 years of Cyber Security Knowledge with relevant experience in Tools like Qualys, scaler, Defender, FirewallsNeeds to have exposure to Security Standards & Regulations like NIST, GDPR, PCI DSS.
Position Overview:
Work with one of Client's prized clients in the heart of Silicon Valley by ensuring security for critical infrastructure.
We are looking for a talented hands-on security professional that has deep technical knowledge also likes contributing to the strategic direction.
In this role you will get to work with the full array of security solutions as well as support the security provisions throughout the environments infrastructure networks, servers, desktops and applications.
You will also contribute toward strategic planning based on risk assessments and analysis.Qualifications:
Bachelor degree or higher in CS, CIS, MIS or equivalentSecurity Certification(s), such as CISSP, CISM, CGEIT, GSEC, CEH,
MCSE:
Security, and CCNP-Security certification5-10 years hands-on security administration or engineering experienceApplicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified informationUS CITIZENSHIP REQUIRED
Skills:
Client engagement soft skills are requiredThe ability to present and explain security and risk information for business executives to understandThe ability to lead people of various levels and technical expertiseThe ability to prioritize and persuade in order to move the security program forward amongst competing initiativesExperienced with security solutions (e.gfirewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC)Strong understanding of NIST & CSF, risk assessment and incident response standardsStrong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL, and LinuxStrong understanding of protocols, such as IPsec, ESP, GRE, SSL/TLS, 802.1x, RADIUS/TACACS, HSRP, GSLB and WCCPAbility to perform and analyze packet capturesAbility to analyze suspicious emails, URLs, and files to ascertain if they are maliciousKnowledge of hacking techniques, vulnerability disclosures, and security analysis techniquesKnowledge of malware families, botnets, threats by sector, attack campaigns and attack methodsScripting language such as PowerShell or PERLFamiliarity with incident tracking, change management and project tracking systems like ServiceNow and Jira.
Responsibilities:
Ownership of day to day security events, perform incident response using NIST SP standards, and determine root causesCreate and lead security initiatives that reduce risk as well as automate detection and protection mechanismsManage and update the cybersecurity plan in order to identify needs and implement comprehensive security controls using multi-layered security and defense in depthBe knowledgeable of customer information security policies, standards, and procedures, as well as the infrastructure equipment, versions and configurations.
Collaborate with client stakeholders and steering committees to ensure plans and identified solutions meet business needs and expectations
Risk:
Working with stakeholders to perform risk management and ongoing assessments, and then selecting mitigating and corrective controls based on Pareto analysis
Risk:
Reviewing SOWs and RFP responses to assess risks
Risk:
Collect, analyze, and validate open source intelligenceCompliance: Ensure regulatory compliance with PCI-DSS, CJIS, and California Consumer Privacy Act of 2018 (AB-375)Communicate with Client team on a regular basis to provide timely and informative reports and related analysis and recommendations to maintain and improve service deliveryProvide up-to-date information to clients in response to specific inquiries and meet all commitments ahead of due datesMonthly presentations to executives on current state of risks, status of security controls, and remediation timelinesMonthly reports on security operations that provide current states of security controls#J-18808-Ljbffr