Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firms security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
29/09/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firms security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Security Engineer - IAM Salary: $160k-$170k + 15% bonus Location: Remote in the United States *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree required 12+ years general IT experience 10+ years of experience in designing, implementing, and supporting SSO and IAM solutions. 7+ years of hands-on experience in the implementation and support of Identity & Federation services (preferably Auth0) Knowledge of authentication & authorization standards (SAML2.0, OAuth 2.0 and OIDC). Knowledge of IAM security design principles. Experience in Application development and REST concepts Experience in any Cloud environment (Azure, AWS or Google) Development experience with Java and JavaScript Responsibilities Protect the integrity of information assets while enabling business functionality in all systems and environments by implementing applicable security solutions. Design, configure, build, and Implement IAM solutions on Okta/Auth0 Identity products. Provide Subject Matter Expertise for requirements consulting and advise on the appropriate options on Okta/Auth0 platform. Implement and maintain a modern CIAM framework - a set of business processes, data governance, and supporting technologies that enable appropriate creation, maintenance, and use of digital identities. Collaborate and monitor the activities of a variety of CIAM projects, to ensure coordination of efforts, appropriate integration, and synchronization of key project timelines, product/service implementations and system enhancements. Serve as liaison between platform, technical and business teams for end-to-end business process. Develop access monitoring strategies using AI/data analytics to identify high-risk patterns and prevent breaches or customer account takeovers before they occur. Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards. Maintain awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensure senior management and staff are informed of any changes promptly. Lead emerging trend research, orchestrate product evaluations, and selects the latest industry standards and tools.
29/09/2023
Full time
Security Engineer - IAM Salary: $160k-$170k + 15% bonus Location: Remote in the United States *We are unable to provide sponsorship for this role* Qualifications Bachelor's degree required 12+ years general IT experience 10+ years of experience in designing, implementing, and supporting SSO and IAM solutions. 7+ years of hands-on experience in the implementation and support of Identity & Federation services (preferably Auth0) Knowledge of authentication & authorization standards (SAML2.0, OAuth 2.0 and OIDC). Knowledge of IAM security design principles. Experience in Application development and REST concepts Experience in any Cloud environment (Azure, AWS or Google) Development experience with Java and JavaScript Responsibilities Protect the integrity of information assets while enabling business functionality in all systems and environments by implementing applicable security solutions. Design, configure, build, and Implement IAM solutions on Okta/Auth0 Identity products. Provide Subject Matter Expertise for requirements consulting and advise on the appropriate options on Okta/Auth0 platform. Implement and maintain a modern CIAM framework - a set of business processes, data governance, and supporting technologies that enable appropriate creation, maintenance, and use of digital identities. Collaborate and monitor the activities of a variety of CIAM projects, to ensure coordination of efforts, appropriate integration, and synchronization of key project timelines, product/service implementations and system enhancements. Serve as liaison between platform, technical and business teams for end-to-end business process. Develop access monitoring strategies using AI/data analytics to identify high-risk patterns and prevent breaches or customer account takeovers before they occur. Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards. Maintain awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensure senior management and staff are informed of any changes promptly. Lead emerging trend research, orchestrate product evaluations, and selects the latest industry standards and tools.
*We are unable to sponsor as this is a permanent full time role* A prestigious company is on the search for a GRC Specialist Sr. This person will responsible to respond to security assessments and audits from clients and third party business partners. The GRC Specialist will work with technical writing for policies, standards, and communications, while also having a good understanding of security frameworks such as ISO 27001, NIST, SOC, and SIG. The client wants someone with certifications such as CISSP and CISA. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Education, Work Experience, Skills Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies.
29/09/2023
Full time
*We are unable to sponsor as this is a permanent full time role* A prestigious company is on the search for a GRC Specialist Sr. This person will responsible to respond to security assessments and audits from clients and third party business partners. The GRC Specialist will work with technical writing for policies, standards, and communications, while also having a good understanding of security frameworks such as ISO 27001, NIST, SOC, and SIG. The client wants someone with certifications such as CISSP and CISA. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Education, Work Experience, Skills Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
28/09/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
Chicago, Illinois
*Position is bonus eligible* Prestigious Financial Company is currently seeking a Cyber Threat and Vulnerabilities Defense Manager. Candidate will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security technology implementations and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Responsibilities: Manage security tools including appliances, hosted systems, and SaaS including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Lead 3-5 employees and contingent labor professional for the cyber systems function within Cyber Defense. Manage team effectively in delivery of incident resolution, project tasks, compliance milestones, and systems implementations. Perform talent management functions across the team, including performance reviews, direct feedback, and other administrative functions as required. Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Supervisory Responsibilities: Manages all members of the Cybersecurity team within Security Services. Assigns personnel to projects, directs their activities, and performs personnel actions (hiring, promotions, terminations, etc.) Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities, and methods. Promote employee development by conducting career-planning sessions with staff and selecting and scheduling employee training classes, conferences, and seminars Qualifications : Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. SIEM solutions Experience with Crowdstrike solutions Forensic analysis tools (Axiom, EnCase, FTK) Malware analysis tools (dynamic and static) Secure Web Gateway (BlueCoat, Microsoft Forefront) solutions Network sniffers and packet tracing tools (DSS, Ethereal and tcpdump, WireShark). Intrusion Detection & Prevention Tools such as SNORT/Sourcefire, Palo Alto, etc.) Encryption technologies (PGP, PKI and X.509) Hands on experience with network architecture, including network security. Hands on experience with Active Directory Security, including scans, best practices and security configuration. Hands on experience with Application Security controls including design, dynamic scans, static code analysis. Hands on experience with Incident Reponses process, procedures and Tools Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions. Industry-standard metrics and measurements for SOC effectiveness Risk management in the context of the NIST CSF or another industry-standard framework Passion for creating tools and automating processes. Standard technical writing tools including MS Word, Excel, Project and Visio Industry-standard operating systems and environments such as Microsoft Windows and Linux distributions, in data center and cloud environments. LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP) Fundamental understanding of the underlying protocols and data used as the basis for the security monitoring service, including: HTTP, HTTPS, SQL, TCP/IP, Active Directory Application and database security experience Network and security engineering experience, including log and network traffic capture analysis. Experience with assessing system hardening procedures for Windows, Linux Security policy, standards, governance, privacy and regulatory experience (eg, NIST, COBIT). Knowledge of BYOD and Mobile Device Management platforms. Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.). Minimum three years of information security experience, preferably in the financial services industry. Minimum two years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies. Industry knowledge of leading-edge security technologies and methods working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities Professional security certifications is a plus (ie, GIAC, CISSP, CISA, CISM, CRISC)
28/09/2023
Full time
*Position is bonus eligible* Prestigious Financial Company is currently seeking a Cyber Threat and Vulnerabilities Defense Manager. Candidate will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security technology implementations and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Responsibilities: Manage security tools including appliances, hosted systems, and SaaS including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Lead 3-5 employees and contingent labor professional for the cyber systems function within Cyber Defense. Manage team effectively in delivery of incident resolution, project tasks, compliance milestones, and systems implementations. Perform talent management functions across the team, including performance reviews, direct feedback, and other administrative functions as required. Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Supervisory Responsibilities: Manages all members of the Cybersecurity team within Security Services. Assigns personnel to projects, directs their activities, and performs personnel actions (hiring, promotions, terminations, etc.) Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities, and methods. Promote employee development by conducting career-planning sessions with staff and selecting and scheduling employee training classes, conferences, and seminars Qualifications : Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. SIEM solutions Experience with Crowdstrike solutions Forensic analysis tools (Axiom, EnCase, FTK) Malware analysis tools (dynamic and static) Secure Web Gateway (BlueCoat, Microsoft Forefront) solutions Network sniffers and packet tracing tools (DSS, Ethereal and tcpdump, WireShark). Intrusion Detection & Prevention Tools such as SNORT/Sourcefire, Palo Alto, etc.) Encryption technologies (PGP, PKI and X.509) Hands on experience with network architecture, including network security. Hands on experience with Active Directory Security, including scans, best practices and security configuration. Hands on experience with Application Security controls including design, dynamic scans, static code analysis. Hands on experience with Incident Reponses process, procedures and Tools Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions. Industry-standard metrics and measurements for SOC effectiveness Risk management in the context of the NIST CSF or another industry-standard framework Passion for creating tools and automating processes. Standard technical writing tools including MS Word, Excel, Project and Visio Industry-standard operating systems and environments such as Microsoft Windows and Linux distributions, in data center and cloud environments. LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP) Fundamental understanding of the underlying protocols and data used as the basis for the security monitoring service, including: HTTP, HTTPS, SQL, TCP/IP, Active Directory Application and database security experience Network and security engineering experience, including log and network traffic capture analysis. Experience with assessing system hardening procedures for Windows, Linux Security policy, standards, governance, privacy and regulatory experience (eg, NIST, COBIT). Knowledge of BYOD and Mobile Device Management platforms. Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.). Minimum three years of information security experience, preferably in the financial services industry. Minimum two years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies. Industry knowledge of leading-edge security technologies and methods working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities Professional security certifications is a plus (ie, GIAC, CISSP, CISA, CISM, CRISC)
*We are unable to sponsor as this is a permanent full time role* A prestigious company is on the search for a GRC Specialist Sr. This person will responsible to respond to security assessments and audits from clients and third party business partners. The GRC Specialist will work with technical writing for policies, standards, and communications, while also having a good understanding of security frameworks such as ISO 27001, NIST, SOC, and SIG. The client wants someone with certifications such as CISSP and CISA. They are also looking for someone with 3 or more years of experience working with GRC. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Education, Work Experience, Skills Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies.
28/09/2023
Full time
*We are unable to sponsor as this is a permanent full time role* A prestigious company is on the search for a GRC Specialist Sr. This person will responsible to respond to security assessments and audits from clients and third party business partners. The GRC Specialist will work with technical writing for policies, standards, and communications, while also having a good understanding of security frameworks such as ISO 27001, NIST, SOC, and SIG. The client wants someone with certifications such as CISSP and CISA. They are also looking for someone with 3 or more years of experience working with GRC. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Education, Work Experience, Skills Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies.
iO Associates is looking for an Environment, Health & Safety Controller to be based within the Single Aisle Flowline Business area at Broughton, North Wales to work for a leading Aerospace company. They are largest commercial aerospace company, as well as its biggest civil aerospace exporter. They are a global company with over 100,000 employees around the world: also, a leader in designing, manufacturing, and delivering aerospace products, services, and solutions to a customer. An EHS will support, facilitate, and carry out activities to secure the rigorous implementation of EHS policy and procedures. Ideally candidate will have worked within aerospace or manufacturing industry. Job Title: Environment, Health & Safety Controller Location: Broughton, Chester UK (Onsite) Contract - 12 Months Hourly rate: £30/hour inside IR35. Responsibilities Support local management enabling them to ensure appropriate risk controls are in place. Work-related incidents (from near miss to lost time injury, environmental escapes etc) are investigated effectively and specialist support is requested as required. They will possess a good knowledge of EHS requirements in relation to industrial processes, national laws and regulations relating to the workplace and will provide direction to the operational management and local 'safety support teams. They will promote Environment and Health & Safety topics at the workplace throughout the organisation at all levels (from top management to shop floor staff) ensuring availability of the relevant training, awareness campaigns and EHS inductions. Experience and Qualifications NEBOSH Occupational Health and Safety Certificate or equivalent. As part of continual development, the successful candidate must be willing to achieve NEBOSH Safety Diploma within an agreed timescale. Demonstrated experience in reporting to and working with key stakeholders to implement safety related projects/tasks. First-hand experience of formal risk assessment techniques. Relevant experience in engineering, manufacturing, and technical working environments. A clear understanding of the pragmatic and practical application of health and safety standards. This is the position for you if you want to work for a company that values its employees' health and well-being and invests in developing and rewarding talent. If you are interested in learning more about the opportunity, please email or call Muskaan Bhardwaj
27/09/2023
Project-based
iO Associates is looking for an Environment, Health & Safety Controller to be based within the Single Aisle Flowline Business area at Broughton, North Wales to work for a leading Aerospace company. They are largest commercial aerospace company, as well as its biggest civil aerospace exporter. They are a global company with over 100,000 employees around the world: also, a leader in designing, manufacturing, and delivering aerospace products, services, and solutions to a customer. An EHS will support, facilitate, and carry out activities to secure the rigorous implementation of EHS policy and procedures. Ideally candidate will have worked within aerospace or manufacturing industry. Job Title: Environment, Health & Safety Controller Location: Broughton, Chester UK (Onsite) Contract - 12 Months Hourly rate: £30/hour inside IR35. Responsibilities Support local management enabling them to ensure appropriate risk controls are in place. Work-related incidents (from near miss to lost time injury, environmental escapes etc) are investigated effectively and specialist support is requested as required. They will possess a good knowledge of EHS requirements in relation to industrial processes, national laws and regulations relating to the workplace and will provide direction to the operational management and local 'safety support teams. They will promote Environment and Health & Safety topics at the workplace throughout the organisation at all levels (from top management to shop floor staff) ensuring availability of the relevant training, awareness campaigns and EHS inductions. Experience and Qualifications NEBOSH Occupational Health and Safety Certificate or equivalent. As part of continual development, the successful candidate must be willing to achieve NEBOSH Safety Diploma within an agreed timescale. Demonstrated experience in reporting to and working with key stakeholders to implement safety related projects/tasks. First-hand experience of formal risk assessment techniques. Relevant experience in engineering, manufacturing, and technical working environments. A clear understanding of the pragmatic and practical application of health and safety standards. This is the position for you if you want to work for a company that values its employees' health and well-being and invests in developing and rewarding talent. If you are interested in learning more about the opportunity, please email or call Muskaan Bhardwaj
Manager, Cyber Defense Threats and Vulnerabilities SALARY: $160k plus 15% LOCATION: Chicago, IL Hybrid 3 days remote 2 days onsite Looking for a Manager over Cyber defense threats & vulnerabilities. You will manage security tools and lead 3-5 employees. Cyber threats digital forensics incident response application security operating systems cryptographic networking 24/7 on-call support SIEM crowdstrike axiom encase FTX blue coat forefront DSS wireshark snort Active Directory security IAM permissions LDAP SSO The Manager, Cyber Defense will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security technology implementations and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Manage security tools including appliances, hosted systems, and SaaS - including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Team Management Lead 3-5 employees and contingent labor professional for the cyber systems function within Cyber Defense. Manage team effectively in delivery of incident resolution, project tasks, compliance milestones, and systems implementations. Perform talent management functions across the team, including performance reviews, direct feedback, and other administrative functions as required. Incident Management and Security Response Actions: Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Supervisory Responsibilities: Manages all members of the Cybersecurity team within Security Services. Assigns personnel to projects, directs their activities, and performs personnel actions (hiring, promotions, terminations, etc.) Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities, and methods. Promote employee development by conducting career-planning sessions with staff and selecting and scheduling employee training classes, conferences, and seminars Qualifications : Technical Skills: SIEM solutions Experience with Crowdstrike solutions Forensic analysis tools (Axiom, EnCase, FTK) Malware analysis tools (dynamic and static) Secure Web Gateway (BlueCoat, Microsoft Forefront) solutions Network sniffers and packet tracing tools (DSS, Ethereal and tcpdump, WireShark). Intrusion Detection & Prevention Tools such as SNORT/Sourcefire, Palo Alto, etc.) Encryption technologies (PGP, PKI and X.509) Hands on experience with network architecture, including network security. Hands on experience with Active Directory Security, including scans, best practices and security configuration. Hands on experience with Application Security controls including design, dynamic scans, static code analysis. Hands on experience with Incident Reponses process, procedures and Tools Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions. Industry-standard metrics and measurements for SOC effectiveness Risk management in the context of the NIST CSF or another industry-standard framework Passion for creating tools and automating processes. Standard technical writing tools including MS Word, Excel, Project and Visio Familiarity with: Industry-standard operating systems and environments such as Microsoft Windows and Linux distributions, in data center and cloud environments. LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP) Fundamental understanding of the underlying protocols and data used as the basis for the security monitoring service, including: HTTP, HTTPS, SQL, TCP/IP, Active Directory Application and database security experience Network and security engineering experience, including log and network traffic capture analysis. Experience with assessing system hardening procedures for Windows, Linux Security policy, standards, governance, privacy and regulatory experience (eg, NIST, COBIT). Knowledge of BYOD and Mobile Device Management platforms. Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.). Education and/or Experience: Minimum three years of information security experience, preferably in the financial services industry. Minimum two years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies. Industry knowledge of leading-edge security technologies and methods working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities
26/09/2023
Full time
Manager, Cyber Defense Threats and Vulnerabilities SALARY: $160k plus 15% LOCATION: Chicago, IL Hybrid 3 days remote 2 days onsite Looking for a Manager over Cyber defense threats & vulnerabilities. You will manage security tools and lead 3-5 employees. Cyber threats digital forensics incident response application security operating systems cryptographic networking 24/7 on-call support SIEM crowdstrike axiom encase FTX blue coat forefront DSS wireshark snort Active Directory security IAM permissions LDAP SSO The Manager, Cyber Defense will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security technology implementations and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Manage security tools including appliances, hosted systems, and SaaS - including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Team Management Lead 3-5 employees and contingent labor professional for the cyber systems function within Cyber Defense. Manage team effectively in delivery of incident resolution, project tasks, compliance milestones, and systems implementations. Perform talent management functions across the team, including performance reviews, direct feedback, and other administrative functions as required. Incident Management and Security Response Actions: Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Supervisory Responsibilities: Manages all members of the Cybersecurity team within Security Services. Assigns personnel to projects, directs their activities, and performs personnel actions (hiring, promotions, terminations, etc.) Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities, and methods. Promote employee development by conducting career-planning sessions with staff and selecting and scheduling employee training classes, conferences, and seminars Qualifications : Technical Skills: SIEM solutions Experience with Crowdstrike solutions Forensic analysis tools (Axiom, EnCase, FTK) Malware analysis tools (dynamic and static) Secure Web Gateway (BlueCoat, Microsoft Forefront) solutions Network sniffers and packet tracing tools (DSS, Ethereal and tcpdump, WireShark). Intrusion Detection & Prevention Tools such as SNORT/Sourcefire, Palo Alto, etc.) Encryption technologies (PGP, PKI and X.509) Hands on experience with network architecture, including network security. Hands on experience with Active Directory Security, including scans, best practices and security configuration. Hands on experience with Application Security controls including design, dynamic scans, static code analysis. Hands on experience with Incident Reponses process, procedures and Tools Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions. Industry-standard metrics and measurements for SOC effectiveness Risk management in the context of the NIST CSF or another industry-standard framework Passion for creating tools and automating processes. Standard technical writing tools including MS Word, Excel, Project and Visio Familiarity with: Industry-standard operating systems and environments such as Microsoft Windows and Linux distributions, in data center and cloud environments. LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP) Fundamental understanding of the underlying protocols and data used as the basis for the security monitoring service, including: HTTP, HTTPS, SQL, TCP/IP, Active Directory Application and database security experience Network and security engineering experience, including log and network traffic capture analysis. Experience with assessing system hardening procedures for Windows, Linux Security policy, standards, governance, privacy and regulatory experience (eg, NIST, COBIT). Knowledge of BYOD and Mobile Device Management platforms. Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.). Education and/or Experience: Minimum three years of information security experience, preferably in the financial services industry. Minimum two years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies. Industry knowledge of leading-edge security technologies and methods working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities
Senior Automation Engineer Tamworth £40-45k DoE Are you a Controls Engineer/Automation Engineer/Software Engineer/Electrical Design & Controls Engineer/PLC Engineer? Do you have prior Controls Engineering experience, including PLC Design, Programming & Integration using CodeSys? Do you want to work for an Engineering Technology Innovator who design & develop products from concept for Multiple industrial Applications? If so, then please see below. Senior Automation Engineer Tamworth £40-45k DoE Progressive Engineering and an Engineering Innovator who design & develop products from concept for multiple industrial applications are looking to recruit a Senior Automation Engineer for their Engineering & Manufacturing HQ near Tamworth , owing to succession planning & project pipeline for 2024-25+. Based near Tamworth and reporting into the Head of Engineering, the Senior Automation Engineer will be supporting high-technology Electro-Mechanical product innovation & integration projects for 2024 onwards. Qualification & Experience Required for Senior Automation Engineer role: Working as an integral part of the Engineering Team & reporting into the Engineering Manager, the Senior Automation Engineer will possess the following qualifications, skills and experience: HNC/HND or Degree (Mechatronics, Electrical & Electronic Engineering etc) Previous Controls Engineering experience, including PLC Design, Programming & Integration using Codesys Experience of High Voltage applications - 850VDC Knowledge & experience in electrical schematic design, wiring diagrams and harness designs Knowledge of fieldbus communication protocols (Modbus, CAN Bus) and LIN would be beneficial Exceptional attention to detail and a high level of accuracy. Strong organizational and methodical skills, with a practical and pragmatic approach. Ability to effectively communicate ideas and solutions to colleagues and customers of all levels. Proficient in using Microsoft Office products. A problem-solving engineer who can work autonomously For the successful Senior Automation Engineer, a salary of £45,000 - £50,000 (dependant on experinece) is on offer and this Senior Automation Engineer role is commutable from Sutton Coldfield, Lichfield, Ashby-de-la-Zouch, Tamworth, Swadlincote, Hinckley, Coleshill, Burton-on-Trent, Birmingham & Coalville. PLEASE NOTE THAT THIS SENIOR AUTOMATION ENGINEER ROLE IS A STAFF POSITION To be considered for this Senior Automation Engineer role, please apply via the link below. To find out more about Progressive Recruitment please visit our website Progressive Recruitment, a trading division of SThree Partnership LLP is acting as an Employment Agency in relation to this vacancy | Registered office | 1st Floor, 75 King William Street, London, EC4N 7BE, United Kingdom | Partnership Number | OC387148 England and Wales
26/09/2023
Full time
Senior Automation Engineer Tamworth £40-45k DoE Are you a Controls Engineer/Automation Engineer/Software Engineer/Electrical Design & Controls Engineer/PLC Engineer? Do you have prior Controls Engineering experience, including PLC Design, Programming & Integration using CodeSys? Do you want to work for an Engineering Technology Innovator who design & develop products from concept for Multiple industrial Applications? If so, then please see below. Senior Automation Engineer Tamworth £40-45k DoE Progressive Engineering and an Engineering Innovator who design & develop products from concept for multiple industrial applications are looking to recruit a Senior Automation Engineer for their Engineering & Manufacturing HQ near Tamworth , owing to succession planning & project pipeline for 2024-25+. Based near Tamworth and reporting into the Head of Engineering, the Senior Automation Engineer will be supporting high-technology Electro-Mechanical product innovation & integration projects for 2024 onwards. Qualification & Experience Required for Senior Automation Engineer role: Working as an integral part of the Engineering Team & reporting into the Engineering Manager, the Senior Automation Engineer will possess the following qualifications, skills and experience: HNC/HND or Degree (Mechatronics, Electrical & Electronic Engineering etc) Previous Controls Engineering experience, including PLC Design, Programming & Integration using Codesys Experience of High Voltage applications - 850VDC Knowledge & experience in electrical schematic design, wiring diagrams and harness designs Knowledge of fieldbus communication protocols (Modbus, CAN Bus) and LIN would be beneficial Exceptional attention to detail and a high level of accuracy. Strong organizational and methodical skills, with a practical and pragmatic approach. Ability to effectively communicate ideas and solutions to colleagues and customers of all levels. Proficient in using Microsoft Office products. A problem-solving engineer who can work autonomously For the successful Senior Automation Engineer, a salary of £45,000 - £50,000 (dependant on experinece) is on offer and this Senior Automation Engineer role is commutable from Sutton Coldfield, Lichfield, Ashby-de-la-Zouch, Tamworth, Swadlincote, Hinckley, Coleshill, Burton-on-Trent, Birmingham & Coalville. PLEASE NOTE THAT THIS SENIOR AUTOMATION ENGINEER ROLE IS A STAFF POSITION To be considered for this Senior Automation Engineer role, please apply via the link below. To find out more about Progressive Recruitment please visit our website Progressive Recruitment, a trading division of SThree Partnership LLP is acting as an Employment Agency in relation to this vacancy | Registered office | 1st Floor, 75 King William Street, London, EC4N 7BE, United Kingdom | Partnership Number | OC387148 England and Wales
Senior Automation Engineer Tamworth £40-45k DoE Are you a Controls Engineer/Automation Engineer/Software Engineer/Electrical Design & Controls Engineer/PLC Engineer? Do you have prior Controls Engineering experience, including PLC Design, Programming & Integration using CodeSys? Do you want to work for an Engineering Technology Innovator who design & develop products from concept for Multiple industrial Applications? If so, then please see below. Senior Automation Engineer Tamworth £40-45k DoE Progressive Engineering and an Engineering Innovator who design & develop products from concept for multiple industrial applications are looking to recruit a Senior Automation Engineer for their Engineering & Manufacturing HQ near Tamworth , owing to succession planning & project pipeline for 2024-25+. Based near Tamworth and reporting into the Head of Engineering, the Senior Automation Engineer will be supporting high-technology Electro-Mechanical product innovation & integration projects for 2024 onwards. Qualification & Experience Required for Senior Automation Engineer role: Working as an integral part of the Engineering Team & reporting into the Engineering Manager, the Senior Automation Engineer will possess the following qualifications, skills and experience: HNC/HND or Degree (Mechatronics, Electrical & Electronic Engineering etc) Previous Controls Engineering experience, including PLC Design, Programming & Integration using Codesys Experience of High Voltage applications - 850VDC Knowledge & experience in electrical schematic design, wiring diagrams and harness designs Knowledge of fieldbus communication protocols (Modbus, CAN Bus) and LIN would be beneficial Exceptional attention to detail and a high level of accuracy. Strong organizational and methodical skills, with a practical and pragmatic approach. Ability to effectively communicate ideas and solutions to colleagues and customers of all levels. Proficient in using Microsoft Office products. A problem-solving engineer who can work autonomously For the successful Senior Automation Engineer, a salary of £45,000 - £50,000 (dependant on experinece) is on offer and this Senior Automation Engineer role is commutable from Sutton Coldfield, Lichfield, Ashby-de-la-Zouch, Tamworth, Swadlincote, Hinckley, Coleshill, Burton-on-Trent, Birmingham & Coalville. PLEASE NOTE THAT THIS SENIOR AUTOMATION ENGINEER ROLE IS A STAFF POSITION To be considered for this Senior Automation Engineer role, please apply via the link below. To find out more about Progressive Recruitment please visit the website. Progressive Recruitment, a trading division of SThree Partnership LLP is acting as an Employment Agency in relation to this vacancy | Registered office | 1st Floor, 75 King William Street, London, EC4N 7BE, United Kingdom | Partnership Number | OC387148 England and Wales
26/09/2023
Full time
Senior Automation Engineer Tamworth £40-45k DoE Are you a Controls Engineer/Automation Engineer/Software Engineer/Electrical Design & Controls Engineer/PLC Engineer? Do you have prior Controls Engineering experience, including PLC Design, Programming & Integration using CodeSys? Do you want to work for an Engineering Technology Innovator who design & develop products from concept for Multiple industrial Applications? If so, then please see below. Senior Automation Engineer Tamworth £40-45k DoE Progressive Engineering and an Engineering Innovator who design & develop products from concept for multiple industrial applications are looking to recruit a Senior Automation Engineer for their Engineering & Manufacturing HQ near Tamworth , owing to succession planning & project pipeline for 2024-25+. Based near Tamworth and reporting into the Head of Engineering, the Senior Automation Engineer will be supporting high-technology Electro-Mechanical product innovation & integration projects for 2024 onwards. Qualification & Experience Required for Senior Automation Engineer role: Working as an integral part of the Engineering Team & reporting into the Engineering Manager, the Senior Automation Engineer will possess the following qualifications, skills and experience: HNC/HND or Degree (Mechatronics, Electrical & Electronic Engineering etc) Previous Controls Engineering experience, including PLC Design, Programming & Integration using Codesys Experience of High Voltage applications - 850VDC Knowledge & experience in electrical schematic design, wiring diagrams and harness designs Knowledge of fieldbus communication protocols (Modbus, CAN Bus) and LIN would be beneficial Exceptional attention to detail and a high level of accuracy. Strong organizational and methodical skills, with a practical and pragmatic approach. Ability to effectively communicate ideas and solutions to colleagues and customers of all levels. Proficient in using Microsoft Office products. A problem-solving engineer who can work autonomously For the successful Senior Automation Engineer, a salary of £45,000 - £50,000 (dependant on experinece) is on offer and this Senior Automation Engineer role is commutable from Sutton Coldfield, Lichfield, Ashby-de-la-Zouch, Tamworth, Swadlincote, Hinckley, Coleshill, Burton-on-Trent, Birmingham & Coalville. PLEASE NOTE THAT THIS SENIOR AUTOMATION ENGINEER ROLE IS A STAFF POSITION To be considered for this Senior Automation Engineer role, please apply via the link below. To find out more about Progressive Recruitment please visit the website. Progressive Recruitment, a trading division of SThree Partnership LLP is acting as an Employment Agency in relation to this vacancy | Registered office | 1st Floor, 75 King William Street, London, EC4N 7BE, United Kingdom | Partnership Number | OC387148 England and Wales
NO SPONSORSHIP Staff Security Engineer - IAM (Okta) SALARY: $160K - $170K plus 15% LOCATION: 100% REMOTE The key to this role is IAM Okta (forgerock would be acceptable). IAM OKTA autho iam all about customer IAM solutions design build implement CIAM Knows how to Implement, translate and migrate into a new platform using okta, or ForgeRock Has worked on customer applications and customized uses cases Experience working with a tech stack Working on any IAM customer facing solutions Position Details: You will work closely with product teams, Architecture, engineering and business to develop product specific CIAM requiremetns into technical implementation. Responsibilities include design & development of Customer IAM solutions, support solutions, document and drive best practices per industry standards. You will report to the Director of Customer Identity. Design, configure, build, and Implement IAM solutions on Okta/Auth0 Identity products. Provide Subject Matter Expertise for requirements consulting and advise on the appropriate options on Okta/Auth0 platform. Implement and maintain a modern CIAM framework - a set of business processes, data governance, and supporting technologies that enable appropriate creation, maintenance, and use of digital identities. Collaborate and monitor the activities of a variety of CIAM projects, to ensure coordination of efforts, appropriate integration, and synchronization of key project timelines, product/service implementations and system enhancements. Serve as liaison between platform, technical and business teams for end-to-end business process. Develop access monitoring strategies using AI/data analytics to identify high-risk patterns and prevent breaches or customer account takeovers before they occur. Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards. Maintain awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensure senior management and staff are informed of any changes promptly. Lead emerging trend research, orchestrate product evaluations, and selects the latest industry standards and tools. Conduct POCs of new Access Management products and services to validate integration needs. Manages all aspects of large, globally distributed, and complex CIAM projects. Resolve and troubleshoot incidents and which have been escalated from Analysts within established SLAs, with to the appropriate parties. Escalate to the correct internal support teams per established escalation procedures. Perform daily/weekly administrative tasks and special assignments. QUALIFICATIONS: Bachelor's degree plus at least 12+ years general IT experience or no degree and at least 12+ years general IT experience. 10+ years of experience in designing, implementing, and supporting SSO and IAM solutions. 7+ years of hands-on experience in the implementation and support of Identity & Federation services (preferably Auth0) Knowledge of authentication & authorization standards (SAML2.0, OAuth 2.0 and OIDC). Knowledge of IAM security design principles. Experience in Application development and REST concepts Experience in any Cloud environment (Azure, AWS or Google) Industry recognized security certification such as a CISSP or similar certification Experience working Agile and DevOps engineering environments. Knowledge and ability to mentor an analyst or intern provides regular knowledge transfer to team members.
25/09/2023
Full time
NO SPONSORSHIP Staff Security Engineer - IAM (Okta) SALARY: $160K - $170K plus 15% LOCATION: 100% REMOTE The key to this role is IAM Okta (forgerock would be acceptable). IAM OKTA autho iam all about customer IAM solutions design build implement CIAM Knows how to Implement, translate and migrate into a new platform using okta, or ForgeRock Has worked on customer applications and customized uses cases Experience working with a tech stack Working on any IAM customer facing solutions Position Details: You will work closely with product teams, Architecture, engineering and business to develop product specific CIAM requiremetns into technical implementation. Responsibilities include design & development of Customer IAM solutions, support solutions, document and drive best practices per industry standards. You will report to the Director of Customer Identity. Design, configure, build, and Implement IAM solutions on Okta/Auth0 Identity products. Provide Subject Matter Expertise for requirements consulting and advise on the appropriate options on Okta/Auth0 platform. Implement and maintain a modern CIAM framework - a set of business processes, data governance, and supporting technologies that enable appropriate creation, maintenance, and use of digital identities. Collaborate and monitor the activities of a variety of CIAM projects, to ensure coordination of efforts, appropriate integration, and synchronization of key project timelines, product/service implementations and system enhancements. Serve as liaison between platform, technical and business teams for end-to-end business process. Develop access monitoring strategies using AI/data analytics to identify high-risk patterns and prevent breaches or customer account takeovers before they occur. Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards. Maintain awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensure senior management and staff are informed of any changes promptly. Lead emerging trend research, orchestrate product evaluations, and selects the latest industry standards and tools. Conduct POCs of new Access Management products and services to validate integration needs. Manages all aspects of large, globally distributed, and complex CIAM projects. Resolve and troubleshoot incidents and which have been escalated from Analysts within established SLAs, with to the appropriate parties. Escalate to the correct internal support teams per established escalation procedures. Perform daily/weekly administrative tasks and special assignments. QUALIFICATIONS: Bachelor's degree plus at least 12+ years general IT experience or no degree and at least 12+ years general IT experience. 10+ years of experience in designing, implementing, and supporting SSO and IAM solutions. 7+ years of hands-on experience in the implementation and support of Identity & Federation services (preferably Auth0) Knowledge of authentication & authorization standards (SAML2.0, OAuth 2.0 and OIDC). Knowledge of IAM security design principles. Experience in Application development and REST concepts Experience in any Cloud environment (Azure, AWS or Google) Industry recognized security certification such as a CISSP or similar certification Experience working Agile and DevOps engineering environments. Knowledge and ability to mentor an analyst or intern provides regular knowledge transfer to team members.
*Position is bonus eligible* Prestigious Financial Company is currently seeking a Cyber Threat and Vulnerabilities Defense Manager. Candidate will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security technology implementations and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Responsibilities: Manage security tools including appliances, hosted systems, and SaaS including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Lead 3-5 employees and contingent labor professional for the cyber systems function within Cyber Defense. Manage team effectively in delivery of incident resolution, project tasks, compliance milestones, and systems implementations. Perform talent management functions across the team, including performance reviews, direct feedback, and other administrative functions as required. Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Supervisory Responsibilities: Manages all members of the Cybersecurity team within Security Services. Assigns personnel to projects, directs their activities, and performs personnel actions (hiring, promotions, terminations, etc.) Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities, and methods. Promote employee development by conducting career-planning sessions with staff and selecting and scheduling employee training classes, conferences, and seminars Qualifications : Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. SIEM solutions Experience with Crowdstrike solutions Forensic analysis tools (Axiom, EnCase, FTK) Malware analysis tools (dynamic and static) Secure Web Gateway (BlueCoat, Microsoft Forefront) solutions Network sniffers and packet tracing tools (DSS, Ethereal and tcpdump, WireShark). Intrusion Detection & Prevention Tools such as SNORT/Sourcefire, Palo Alto, etc.) Encryption technologies (PGP, PKI and X.509) Hands on experience with network architecture, including network security. Hands on experience with Active Directory Security, including scans, best practices and security configuration. Hands on experience with Application Security controls including design, dynamic scans, static code analysis. Hands on experience with Incident Reponses process, procedures and Tools Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions. Industry-standard metrics and measurements for SOC effectiveness Risk management in the context of the NIST CSF or another industry-standard framework Passion for creating tools and automating processes. Standard technical writing tools including MS Word, Excel, Project and Visio Industry-standard operating systems and environments such as Microsoft Windows and Linux distributions, in data center and cloud environments. LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP) Fundamental understanding of the underlying protocols and data used as the basis for the security monitoring service, including: HTTP, HTTPS, SQL, TCP/IP, Active Directory Application and database security experience Network and security engineering experience, including log and network traffic capture analysis. Experience with assessing system hardening procedures for Windows, Linux Security policy, standards, governance, privacy and regulatory experience (eg, NIST, COBIT). Knowledge of BYOD and Mobile Device Management platforms. Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.). Minimum three years of information security experience, preferably in the financial services industry. Minimum two years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies. Industry knowledge of leading-edge security technologies and methods working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities Professional security certifications is a plus (ie, GIAC, CISSP, CISA, CISM, CRISC)
25/09/2023
Full time
*Position is bonus eligible* Prestigious Financial Company is currently seeking a Cyber Threat and Vulnerabilities Defense Manager. Candidate will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security technology implementations and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Responsibilities: Manage security tools including appliances, hosted systems, and SaaS including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Lead 3-5 employees and contingent labor professional for the cyber systems function within Cyber Defense. Manage team effectively in delivery of incident resolution, project tasks, compliance milestones, and systems implementations. Perform talent management functions across the team, including performance reviews, direct feedback, and other administrative functions as required. Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Supervisory Responsibilities: Manages all members of the Cybersecurity team within Security Services. Assigns personnel to projects, directs their activities, and performs personnel actions (hiring, promotions, terminations, etc.) Confer with and advise subordinates on administrative policies and procedures, technical problems, priorities, and methods. Promote employee development by conducting career-planning sessions with staff and selecting and scheduling employee training classes, conferences, and seminars Qualifications : Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. SIEM solutions Experience with Crowdstrike solutions Forensic analysis tools (Axiom, EnCase, FTK) Malware analysis tools (dynamic and static) Secure Web Gateway (BlueCoat, Microsoft Forefront) solutions Network sniffers and packet tracing tools (DSS, Ethereal and tcpdump, WireShark). Intrusion Detection & Prevention Tools such as SNORT/Sourcefire, Palo Alto, etc.) Encryption technologies (PGP, PKI and X.509) Hands on experience with network architecture, including network security. Hands on experience with Active Directory Security, including scans, best practices and security configuration. Hands on experience with Application Security controls including design, dynamic scans, static code analysis. Hands on experience with Incident Reponses process, procedures and Tools Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP and Single Sign On (SSO) solutions. Industry-standard metrics and measurements for SOC effectiveness Risk management in the context of the NIST CSF or another industry-standard framework Passion for creating tools and automating processes. Standard technical writing tools including MS Word, Excel, Project and Visio Industry-standard operating systems and environments such as Microsoft Windows and Linux distributions, in data center and cloud environments. LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP) Fundamental understanding of the underlying protocols and data used as the basis for the security monitoring service, including: HTTP, HTTPS, SQL, TCP/IP, Active Directory Application and database security experience Network and security engineering experience, including log and network traffic capture analysis. Experience with assessing system hardening procedures for Windows, Linux Security policy, standards, governance, privacy and regulatory experience (eg, NIST, COBIT). Knowledge of BYOD and Mobile Device Management platforms. Securing cloud based platforms (Microsoft Azure, Amazon AWS, etc.). Minimum three years of information security experience, preferably in the financial services industry. Minimum two years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies. Industry knowledge of leading-edge security technologies and methods working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities Professional security certifications is a plus (ie, GIAC, CISSP, CISA, CISM, CRISC)
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is Bonus eligible* Prestigious Enterprise Company is currently seeking a Senior Okta IAM Security Engineer. Candidate will work with global team members, end users, and other IT departments to implement and maintain security solutions and security policies that protect the corporation. Candidate will work closely with product teams, Architecture, engineering and business to develop product specific CIAM requirements into technical implementation. Responsibilities: Design & development of Customer IAM solutions, support solutions, document and drive best practices per industry standards. Protect the integrity of information assets while enabling business functionality in all systems and environments by implementing applicable security solutions. Design, configure, build, and Implement IAM solutions on Okta/Auth0 Identity products. Provide Subject Matter Expertise for requirements consulting and advise on the appropriate options on Okta/Auth0 platform. Implement and maintain a modern CIAM framework - a set of business processes, data governance, and supporting technologies that enable appropriate creation, maintenance, and use of digital identities. Collaborate and monitor the activities of a variety of CIAM projects, to ensure coordination of efforts, appropriate integration, and synchronization of key project timelines, product/service implementations and system enhancements. Serve as liaison between platform, technical and business teams for end-to-end business process. Develop access monitoring strategies using AI/data analytics to identify high-risk patterns and prevent breaches or customer account takeovers before they occur. Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards. Maintain awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensure senior management and staff are informed of any changes promptly. Lead emerging trend research, orchestrate product evaluations, and selects the latest industry standards and tools. Conduct POCs of new Access Management products and services to validate integration needs. Manages all aspects of large, globally distributed, and complex CIAM projects. Resolve and troubleshoot incidents and which have been escalated from Analysts within established SLAs, with to the appropriate parties. Escalate to the correct internal support teams per established escalation procedures. Perform daily/weekly administrative tasks and special assignments. Qualifications: Bachelor's degree in computer science, Information Systems or other technical field plus at least 12+ years general IT experience or no degree and at least 12+ years general IT experience. 10+ years of experience in designing, implementing, and supporting SSO and IAM solutions. 7+ years of hands-on experience in the implementation and support of Identity & Federation services (preferably Auth0) Knowledge of authentication & authorization standards (SAML2.0, OAuth 2.0 and OIDC). Knowledge of IAM security design principles. Experience in Application development and REST concepts Experience in any Cloud environment (Azure, AWS or Google) Industry recognized security certification such as a CISSP or similar certification Experience working Agile and DevOps engineering environments. Knowledge and ability to mentor an analyst or intern provides regular knowledge transfer to team members.
25/09/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is Bonus eligible* Prestigious Enterprise Company is currently seeking a Senior Okta IAM Security Engineer. Candidate will work with global team members, end users, and other IT departments to implement and maintain security solutions and security policies that protect the corporation. Candidate will work closely with product teams, Architecture, engineering and business to develop product specific CIAM requirements into technical implementation. Responsibilities: Design & development of Customer IAM solutions, support solutions, document and drive best practices per industry standards. Protect the integrity of information assets while enabling business functionality in all systems and environments by implementing applicable security solutions. Design, configure, build, and Implement IAM solutions on Okta/Auth0 Identity products. Provide Subject Matter Expertise for requirements consulting and advise on the appropriate options on Okta/Auth0 platform. Implement and maintain a modern CIAM framework - a set of business processes, data governance, and supporting technologies that enable appropriate creation, maintenance, and use of digital identities. Collaborate and monitor the activities of a variety of CIAM projects, to ensure coordination of efforts, appropriate integration, and synchronization of key project timelines, product/service implementations and system enhancements. Serve as liaison between platform, technical and business teams for end-to-end business process. Develop access monitoring strategies using AI/data analytics to identify high-risk patterns and prevent breaches or customer account takeovers before they occur. Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards. Maintain awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensure senior management and staff are informed of any changes promptly. Lead emerging trend research, orchestrate product evaluations, and selects the latest industry standards and tools. Conduct POCs of new Access Management products and services to validate integration needs. Manages all aspects of large, globally distributed, and complex CIAM projects. Resolve and troubleshoot incidents and which have been escalated from Analysts within established SLAs, with to the appropriate parties. Escalate to the correct internal support teams per established escalation procedures. Perform daily/weekly administrative tasks and special assignments. Qualifications: Bachelor's degree in computer science, Information Systems or other technical field plus at least 12+ years general IT experience or no degree and at least 12+ years general IT experience. 10+ years of experience in designing, implementing, and supporting SSO and IAM solutions. 7+ years of hands-on experience in the implementation and support of Identity & Federation services (preferably Auth0) Knowledge of authentication & authorization standards (SAML2.0, OAuth 2.0 and OIDC). Knowledge of IAM security design principles. Experience in Application development and REST concepts Experience in any Cloud environment (Azure, AWS or Google) Industry recognized security certification such as a CISSP or similar certification Experience working Agile and DevOps engineering environments. Knowledge and ability to mentor an analyst or intern provides regular knowledge transfer to team members.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Company is currently seeking a Incident Response SIEM Cyber Defense Engineer. Candidate will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security initiatives and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Responsibilities: Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Lead the development and enhancement of current threat and situational intelligence sources leveraging proprietary enterprise data, as well as a variety of external sources and open source data. Actively monitor and research cyber threats with a direct or indirect impact to the brand, business operations, or technology infrastructure. Develop and support briefings to Security management as a cyber intelligence subject matter expert. Create and conduct presentations on current threats and related IT Security topics. Oversee process of monthly reporting to Security management on Threat, Vulnerability, and Incident management metrics. Prioritize and identify security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives. Lead various teams to operationalize remediation efforts for gaps identified. Develop and implement security monitoring roadmaps for technologies, applications, SaaS, and other cloud-hosted solutions. These roadmaps will direct efforts on implementation of monitoring use cases and measurement of monitoring capabilities. Manage, implement, and validate security monitoring use cases, mapping to frameworks, technical configuration for security tools, etc. Security Device Administration Manage security tools including appliances, hosted systems, and SaaS including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Qualifications : Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Proficient with Security related service and process assessments and evaluations based on NIST, COBIT, ISO and/or ITIL standards. Knowledge and experience implementing controls based on security regulation. eg NIST Cyber Security Framework Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Proven experience in developing and providing threat and situational intelligence from a variety of internal and external sources. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. Technical Skills: Implementation and maintenance of SIEM (Splunk, ArcSight, IBM QRadar, etc.) Vulnerability assessment tools (Qualys, Nessus, nmap, etc.) Incident Response playbook development managing incident analysis and remediation Network sniffers and packet tracing tools (DSS, NAI SnifferPro, Ethereal and tcpdump). Other Security preventative and detective technologies (EDR, network-based analysis, etc.) Encryption technologies (PGP, PKI and X.509) Standard technical writing tools including MS Word, Excel, Project and Visio Directory services, LDAP, and their inherent security (Active Directory, CA Directory). Proxy and caching services. Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP). Web Application Firewalls. Cloud based security tools and techniques (AWS, Azure, Google Cloud Platform, etc.) Security Orchestration and Automated Response tools and concepts. Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices Bachelors degree in Computer Science, Engineering, or another related field. Minimum six years of information security experience, preferably in the financial services industry. Minimum three years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Industry knowledge of leading-edge security technologies and methods Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities Previous people/project management experience is a plus. Certificates or Licenses: Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CCE, CFE
25/09/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Company is currently seeking a Incident Response SIEM Cyber Defense Engineer. Candidate will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security initiatives and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Responsibilities: Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Lead the development and enhancement of current threat and situational intelligence sources leveraging proprietary enterprise data, as well as a variety of external sources and open source data. Actively monitor and research cyber threats with a direct or indirect impact to the brand, business operations, or technology infrastructure. Develop and support briefings to Security management as a cyber intelligence subject matter expert. Create and conduct presentations on current threats and related IT Security topics. Oversee process of monthly reporting to Security management on Threat, Vulnerability, and Incident management metrics. Prioritize and identify security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives. Lead various teams to operationalize remediation efforts for gaps identified. Develop and implement security monitoring roadmaps for technologies, applications, SaaS, and other cloud-hosted solutions. These roadmaps will direct efforts on implementation of monitoring use cases and measurement of monitoring capabilities. Manage, implement, and validate security monitoring use cases, mapping to frameworks, technical configuration for security tools, etc. Security Device Administration Manage security tools including appliances, hosted systems, and SaaS including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Qualifications : Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Proficient with Security related service and process assessments and evaluations based on NIST, COBIT, ISO and/or ITIL standards. Knowledge and experience implementing controls based on security regulation. eg NIST Cyber Security Framework Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Proven experience in developing and providing threat and situational intelligence from a variety of internal and external sources. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. Technical Skills: Implementation and maintenance of SIEM (Splunk, ArcSight, IBM QRadar, etc.) Vulnerability assessment tools (Qualys, Nessus, nmap, etc.) Incident Response playbook development managing incident analysis and remediation Network sniffers and packet tracing tools (DSS, NAI SnifferPro, Ethereal and tcpdump). Other Security preventative and detective technologies (EDR, network-based analysis, etc.) Encryption technologies (PGP, PKI and X.509) Standard technical writing tools including MS Word, Excel, Project and Visio Directory services, LDAP, and their inherent security (Active Directory, CA Directory). Proxy and caching services. Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP). Web Application Firewalls. Cloud based security tools and techniques (AWS, Azure, Google Cloud Platform, etc.) Security Orchestration and Automated Response tools and concepts. Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices Bachelors degree in Computer Science, Engineering, or another related field. Minimum six years of information security experience, preferably in the financial services industry. Minimum three years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Industry knowledge of leading-edge security technologies and methods Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities Previous people/project management experience is a plus. Certificates or Licenses: Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CCE, CFE
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Company is currently seeking a Incident Response SIEM Cyber Defense Engineer. Candidate will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security initiatives and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Responsibilities: Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Lead the development and enhancement of current threat and situational intelligence sources leveraging proprietary enterprise data, as well as a variety of external sources and open source data. Actively monitor and research cyber threats with a direct or indirect impact to the brand, business operations, or technology infrastructure. Develop and support briefings to Security management as a cyber intelligence subject matter expert. Create and conduct presentations on current threats and related IT Security topics. Oversee process of monthly reporting to Security management on Threat, Vulnerability, and Incident management metrics. Prioritize and identify security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives. Lead various teams to operationalize remediation efforts for gaps identified. Develop and implement security monitoring roadmaps for technologies, applications, SaaS, and other cloud-hosted solutions. These roadmaps will direct efforts on implementation of monitoring use cases and measurement of monitoring capabilities. Manage, implement, and validate security monitoring use cases, mapping to frameworks, technical configuration for security tools, etc. Security Device Administration Manage security tools including appliances, hosted systems, and SaaS including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Qualifications : Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Proficient with Security related service and process assessments and evaluations based on NIST, COBIT, ISO and/or ITIL standards. Knowledge and experience implementing controls based on security regulation. eg NIST Cyber Security Framework Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Proven experience in developing and providing threat and situational intelligence from a variety of internal and external sources. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. Technical Skills: Implementation and maintenance of SIEM (Splunk, ArcSight, IBM QRadar, etc.) Vulnerability assessment tools (Qualys, Nessus, nmap, etc.) Incident Response playbook development managing incident analysis and remediation Network sniffers and packet tracing tools (DSS, NAI SnifferPro, Ethereal and tcpdump). Other Security preventative and detective technologies (EDR, network-based analysis, etc.) Encryption technologies (PGP, PKI and X.509) Standard technical writing tools including MS Word, Excel, Project and Visio Directory services, LDAP, and their inherent security (Active Directory, CA Directory). Proxy and caching services. Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP). Web Application Firewalls. Cloud based security tools and techniques (AWS, Azure, Google Cloud Platform, etc.) Security Orchestration and Automated Response tools and concepts. Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices Bachelors degree in Computer Science, Engineering, or another related field. Minimum six years of information security experience, preferably in the financial services industry. Minimum three years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Industry knowledge of leading-edge security technologies and methods Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities Previous people/project management experience is a plus. Certificates or Licenses: Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CCE, CFE
25/09/2023
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Financial Company is currently seeking a Incident Response SIEM Cyber Defense Engineer. Candidate will help plan actions and lead security professionals in the analysis and determination of threats to the enterprise, vulnerabilities in the environment, and how our company will best defend itself against these threats. This position will require initiative to oversee security initiatives and be expected to put together projects and teams to remediate identified security threats, incidents, and compliance issues. Responsibilities: Lead cyber security incident responders in response activities including investigation, coordination, review, and reporting. Oversee technical analysis of security events while coordinating incident response activities with internal and external teams. Ensure and directly oversee the collection and preservation of data associated with cyber security incident response activities following industry best practices and established procedures. Develop and support briefings to senior management as a trusted incident responder. Lead the development and enhancement of current threat and situational intelligence sources leveraging proprietary enterprise data, as well as a variety of external sources and open source data. Actively monitor and research cyber threats with a direct or indirect impact to the brand, business operations, or technology infrastructure. Develop and support briefings to Security management as a cyber intelligence subject matter expert. Create and conduct presentations on current threats and related IT Security topics. Oversee process of monthly reporting to Security management on Threat, Vulnerability, and Incident management metrics. Prioritize and identify security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives. Lead various teams to operationalize remediation efforts for gaps identified. Develop and implement security monitoring roadmaps for technologies, applications, SaaS, and other cloud-hosted solutions. These roadmaps will direct efforts on implementation of monitoring use cases and measurement of monitoring capabilities. Manage, implement, and validate security monitoring use cases, mapping to frameworks, technical configuration for security tools, etc. Security Device Administration Manage security tools including appliances, hosted systems, and SaaS including health checks, version updates, and content development. Validate content changes to security tools are appropriate from other analysts and teams. Report on and enhance current metrics surrounding security tool capabilities and efficacy. Take a lead role in the systems life cycle performing upgrades, implementation of new technologies, and enhancement identification. Qualifications : Proven team player will be working primarily with other staff members, on both long-term projects and rapid response under tight deadlines. Team Leadership experience, taking initiative; providing and following through on solutions across various skillsets. Proficient with Security related service and process assessments and evaluations based on NIST, COBIT, ISO and/or ITIL standards. Knowledge and experience implementing controls based on security regulation. eg NIST Cyber Security Framework Effective and excellent oral and written communication, analytical, judgment and consultation skills. Ability to effectively communicate in both formal and informal review settings with all levels of management. Proven experience in developing and providing threat and situational intelligence from a variety of internal and external sources. Ability to work with local and remote IT staff/management, vendors and consultants. Ability to work independently and possess strong project management skills. Technical Skills: Implementation and maintenance of SIEM (Splunk, ArcSight, IBM QRadar, etc.) Vulnerability assessment tools (Qualys, Nessus, nmap, etc.) Incident Response playbook development managing incident analysis and remediation Network sniffers and packet tracing tools (DSS, NAI SnifferPro, Ethereal and tcpdump). Other Security preventative and detective technologies (EDR, network-based analysis, etc.) Encryption technologies (PGP, PKI and X.509) Standard technical writing tools including MS Word, Excel, Project and Visio Directory services, LDAP, and their inherent security (Active Directory, CA Directory). Proxy and caching services. Client Server platforms including Sun Solaris, Windows, Linux. Operating system hardening procedures (Solaris, Linux, Windows, etc.) LAN/WAN routing and high availability (OSPF, BGP4/iBGP, EIGRP and NSRP). Web Application Firewalls. Cloud based security tools and techniques (AWS, Azure, Google Cloud Platform, etc.) Security Orchestration and Automated Response tools and concepts. Scripting and development activities to appropriately leverage Application Programing Interfaces (APIs) to optimize integrations between disparate security monitoring and analysis devices Bachelors degree in Computer Science, Engineering, or another related field. Minimum six years of information security experience, preferably in the financial services industry. Minimum three years hands-on security operations experience including interdisciplinary experience with four or more of the following: Cyber Threat Analysis, Digital Computer Forensics, Incident Response, Application Security, Operating Systems Security, Cryptographic Controls, Networking, Programming languages, Incident Response Minimum one year in a leadership role or team/project lead capacity. Technical experience and comprehensive knowledge of threat actor capabilities, intentions, methodologies, and motives. Familiarity with computer network exploitation and network attack methodologies while maintaining an understanding of the relationship these activities have with the financial services industry and critical infrastructure. Industry knowledge of leading-edge security technologies and methods Shift work and working in an on-call response capacity is required including availability for 24 x 7 on-call support responsibilities Previous people/project management experience is a plus. Certificates or Licenses: Strongly prefer at least one of the following certifications: CISSP, GCIA, GCIH, CHFI, GCFA, CCE, CFE
Contracts Specialist - PUWER/LOLER 6 Month contract Filton, Bristol (Hybrid: x3 days per week on-site) Rates: Negotiable Advantage Resourcing are seeking a Contracts Specialist to join a global engineering business based out of their Filton, Bristol site. Job summary: Looking for someone with an understanding of health and safety, ergonomics, reach legislation, machine directive Provision and use of work equipment regulations (PUWER/LOLER) Need to have an understanding of safe workplace legislations including chemical - COSHH/Working at Heights Documentation writing/procedures writing Role Overview Ensure the legal compliance of any industrial manufacturing systems within Filton Plant (Machines, Jigs and fixtures, Hand tools etc.) The task will include providing support to managers in the identification of work-related hazards within the workplace and assessing/categorising the related occupational risks according to statutes, procedures and regulations. Ensure The legality of any industrial manufacturing systems within Filton Plant. Responsibilities Support local management in enabling them to ensure appropriate risk controls are in place Share knowledge/guidance on EHS requirements in industrial processes, national laws and regulations relating to the workplace, provide direction to the operational management and local 'safety support teams' Promote Environmental Health & Safety topics in the workplace throughout the organisation at all levels (from top management to shop floor staff), ensuring availability of the relevant training, awareness campaigns and EHS inductions Ensure the manufacturing assets comply with machine directive legislation and requirements Create and maintain documentation (PUWER, CPR1053, Risk Assessments etc.) Advise on industrial legal requirements (eg UKCA/CE requirements, REACH, LOLER, PUWER, COSHH, etc) Create Risk Assessments and advise on EHS requirements Plan and conduct ergonomic studies Filton Plant Point of Contact for central Industrial process and procedures updates Interested? If you are interested and keen to find out more, please apply now with your latest CV and reach out to Tom Johnson - Ref:70814
25/09/2023
Project-based
Contracts Specialist - PUWER/LOLER 6 Month contract Filton, Bristol (Hybrid: x3 days per week on-site) Rates: Negotiable Advantage Resourcing are seeking a Contracts Specialist to join a global engineering business based out of their Filton, Bristol site. Job summary: Looking for someone with an understanding of health and safety, ergonomics, reach legislation, machine directive Provision and use of work equipment regulations (PUWER/LOLER) Need to have an understanding of safe workplace legislations including chemical - COSHH/Working at Heights Documentation writing/procedures writing Role Overview Ensure the legal compliance of any industrial manufacturing systems within Filton Plant (Machines, Jigs and fixtures, Hand tools etc.) The task will include providing support to managers in the identification of work-related hazards within the workplace and assessing/categorising the related occupational risks according to statutes, procedures and regulations. Ensure The legality of any industrial manufacturing systems within Filton Plant. Responsibilities Support local management in enabling them to ensure appropriate risk controls are in place Share knowledge/guidance on EHS requirements in industrial processes, national laws and regulations relating to the workplace, provide direction to the operational management and local 'safety support teams' Promote Environmental Health & Safety topics in the workplace throughout the organisation at all levels (from top management to shop floor staff), ensuring availability of the relevant training, awareness campaigns and EHS inductions Ensure the manufacturing assets comply with machine directive legislation and requirements Create and maintain documentation (PUWER, CPR1053, Risk Assessments etc.) Advise on industrial legal requirements (eg UKCA/CE requirements, REACH, LOLER, PUWER, COSHH, etc) Create Risk Assessments and advise on EHS requirements Plan and conduct ergonomic studies Filton Plant Point of Contact for central Industrial process and procedures updates Interested? If you are interested and keen to find out more, please apply now with your latest CV and reach out to Tom Johnson - Ref:70814
West Virginia Network for Educational Telecomputing (WVNET)
Morgantown, West Virginia
WVNET is seeking to hire a dynamic Data Center Manager to lead and support our team. This is a crucial role maintaining the smooth operation of our data center infrastructure and physical facility. Responsibilities will include ensuring the data center's optimal performance, leading technical staff, maintaining service availability, managing environmental controls, and overseeing facility maintenance and security. WVNET connects K-12 schools, higher educational institutions, libraries, state and county government, and various not-for-profits to the Internet and the rest of the world through our state-of-the-art network and telecommunications expertise. Our team of dedicated IT professionals provide guidance and training to educators and staff in higher education and K-12 schools. Our research and development of software, tools, and systems address problems and tackle challenges that are unique to West Virginia's public institutions and not-for- profits. Work Location: Morgantown, WV, 26505 Classification: Salary, Non-Classified, Full-Time Benefits, FLSA Exempt SALARY/BENEFITS Starting annual salary range is $75,000 - $85,000 plus excellent State of WV Employee benefits : health insurance, dental, vision, hearing, Health Savings Accounts/Flexible Spending Accounts, retirement investing, and life insurance plans, short-term/long-term disability insurance, as well as, generous amounts of vacation, sick, state & federal holidays, and professional development opportunities. MINIMUM EDUCATION Bachelor's degree in information technology, electrical engineering, or related field preferred. Relevant and equivalent experience will be considered in lieu of degree. MINIMUM EXPERIENCE .*Details of relevant experience must be shown in your resume* 5 years facility management experience overseeing electrical and environmental systems, preferably in data center operations. 2 years of experience managing or leading data center operations in a 24/7, mission-critical environment. 2 years of experience in colocation operations, including the installation and deployment of cage, rack and cable infrastructure, power circuit installation, and power monitoring. 2 years of experience in diagnosing and repairing IT hardware, Servers, network Switches, structured cabling. JOB DUTIES/RESPONSIBILITIES Serve as a liaison between WVNET and customers, addressing customer needs and concerns. Manage all aspects of the data center facility, including space allocation, power distribution, and network connectivity. Monitor and maintain environmental controls, such as cooling systems, to ensure equipment functionality and protection. Participate in the development and implement disaster recovery plans, including data backup and recovery procedures, to safeguard critical systems and data. Implement and enforce security protocols and procedures to protect the data center and physical facilities. Collaborate with stakeholders to address security incidents, conduct risk assessments, and develop mitigation strategies. Liaise with external authorities and agencies to ensure compliance with security and safety regulations. Coordinate quarterly meetings of the Building & Safety Committee and resolve environmental health and safety issues. Provide 24/7 availability for addressing data center-related issues or emergencies. Collaborate with other departments to address product-related issues, service delays, or customer complaints. Create and maintain detailed documentation in the ticketing system, including equipment installations, maintenance, and troubleshooting steps. Oversee the NOC, resolving computing and communications-related issues, managing personnel, and ensuring efficient operations. Manage the day-to-day operation of physical facilities, ensuring cleanliness, safety, and compliance with regulations. Coordinate facility maintenance, repairs, renovations, and preventive maintenance tasks. Collaborate with vendors and service providers for facility-related services, such as HVAC and electrical. Maintain accurate records and documentation related to facility management, including work orders and equipment inventory. KNOWLEDGE/SKILLS/ABILITIES Expert understanding of the electrical and mechanical systems used in a facility and data center environment, including, but not limited to; electrical distribution and layout, Transformers, PLC's, Generators, Switchgear, UPS systems, Static Transfer Switch (STS), Power Distribution Unit (PDU) and Automatic Transfer Switch (ATS), HVAC's, CRAC/CRAH's, and Pre-Action Sprinkler Systems. Expert knowledge in industrial safety best practices (ie, equipment lockout/tag out procedures, arc Flash protection, OSHA and state regulations.) Expert knowledge of structured cabling systems, fiber optics, networking and connectivity standards, hardware installation requirements and industry best practices. Strong quantitative and qualitative reasoning skills, with demonstrated ability to determine event root causes, performance shortfalls and required corrective actions. Demonstrated ability to lead and direct team members, maintain schedules, and project management. Effective communication skills, both written and verbal, regarding technical issues. Demonstrated ability to take initiative and ownership and to adapt in a fast-paced environment. Equal Opportunity/Affirmative Action Employer/Veterans/Disabled The West Virginia Network for Educational Telecomputing (WVNET) is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, or protected veteran status and will not be discriminated against on the basis of disability. WVNET provides a collegial, respectful and inclusive environment that values the diversity, creativity and contributions of its staff.
09/09/2023
Full time
WVNET is seeking to hire a dynamic Data Center Manager to lead and support our team. This is a crucial role maintaining the smooth operation of our data center infrastructure and physical facility. Responsibilities will include ensuring the data center's optimal performance, leading technical staff, maintaining service availability, managing environmental controls, and overseeing facility maintenance and security. WVNET connects K-12 schools, higher educational institutions, libraries, state and county government, and various not-for-profits to the Internet and the rest of the world through our state-of-the-art network and telecommunications expertise. Our team of dedicated IT professionals provide guidance and training to educators and staff in higher education and K-12 schools. Our research and development of software, tools, and systems address problems and tackle challenges that are unique to West Virginia's public institutions and not-for- profits. Work Location: Morgantown, WV, 26505 Classification: Salary, Non-Classified, Full-Time Benefits, FLSA Exempt SALARY/BENEFITS Starting annual salary range is $75,000 - $85,000 plus excellent State of WV Employee benefits : health insurance, dental, vision, hearing, Health Savings Accounts/Flexible Spending Accounts, retirement investing, and life insurance plans, short-term/long-term disability insurance, as well as, generous amounts of vacation, sick, state & federal holidays, and professional development opportunities. MINIMUM EDUCATION Bachelor's degree in information technology, electrical engineering, or related field preferred. Relevant and equivalent experience will be considered in lieu of degree. MINIMUM EXPERIENCE .*Details of relevant experience must be shown in your resume* 5 years facility management experience overseeing electrical and environmental systems, preferably in data center operations. 2 years of experience managing or leading data center operations in a 24/7, mission-critical environment. 2 years of experience in colocation operations, including the installation and deployment of cage, rack and cable infrastructure, power circuit installation, and power monitoring. 2 years of experience in diagnosing and repairing IT hardware, Servers, network Switches, structured cabling. JOB DUTIES/RESPONSIBILITIES Serve as a liaison between WVNET and customers, addressing customer needs and concerns. Manage all aspects of the data center facility, including space allocation, power distribution, and network connectivity. Monitor and maintain environmental controls, such as cooling systems, to ensure equipment functionality and protection. Participate in the development and implement disaster recovery plans, including data backup and recovery procedures, to safeguard critical systems and data. Implement and enforce security protocols and procedures to protect the data center and physical facilities. Collaborate with stakeholders to address security incidents, conduct risk assessments, and develop mitigation strategies. Liaise with external authorities and agencies to ensure compliance with security and safety regulations. Coordinate quarterly meetings of the Building & Safety Committee and resolve environmental health and safety issues. Provide 24/7 availability for addressing data center-related issues or emergencies. Collaborate with other departments to address product-related issues, service delays, or customer complaints. Create and maintain detailed documentation in the ticketing system, including equipment installations, maintenance, and troubleshooting steps. Oversee the NOC, resolving computing and communications-related issues, managing personnel, and ensuring efficient operations. Manage the day-to-day operation of physical facilities, ensuring cleanliness, safety, and compliance with regulations. Coordinate facility maintenance, repairs, renovations, and preventive maintenance tasks. Collaborate with vendors and service providers for facility-related services, such as HVAC and electrical. Maintain accurate records and documentation related to facility management, including work orders and equipment inventory. KNOWLEDGE/SKILLS/ABILITIES Expert understanding of the electrical and mechanical systems used in a facility and data center environment, including, but not limited to; electrical distribution and layout, Transformers, PLC's, Generators, Switchgear, UPS systems, Static Transfer Switch (STS), Power Distribution Unit (PDU) and Automatic Transfer Switch (ATS), HVAC's, CRAC/CRAH's, and Pre-Action Sprinkler Systems. Expert knowledge in industrial safety best practices (ie, equipment lockout/tag out procedures, arc Flash protection, OSHA and state regulations.) Expert knowledge of structured cabling systems, fiber optics, networking and connectivity standards, hardware installation requirements and industry best practices. Strong quantitative and qualitative reasoning skills, with demonstrated ability to determine event root causes, performance shortfalls and required corrective actions. Demonstrated ability to lead and direct team members, maintain schedules, and project management. Effective communication skills, both written and verbal, regarding technical issues. Demonstrated ability to take initiative and ownership and to adapt in a fast-paced environment. Equal Opportunity/Affirmative Action Employer/Veterans/Disabled The West Virginia Network for Educational Telecomputing (WVNET) is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, or protected veteran status and will not be discriminated against on the basis of disability. WVNET provides a collegial, respectful and inclusive environment that values the diversity, creativity and contributions of its staff.
West Virginia Network for Educational Telecomputing (WVNET)
Morgantown, West Virginia
WVNET is seeking to hire a dynamic Data Center Manager to lead and support our team. This is a crucial role maintaining the smooth operation of our data center infrastructure and physical facility. Responsibilities will include ensuring the data center's optimal performance, leading technical staff, maintaining service availability, managing environmental controls, and overseeing facility maintenance and security. WVNET connects K-12 schools, higher educational institutions, libraries, state and county government, and various not-for-profits to the Internet and the rest of the world through our state-of-the-art network and telecommunications expertise. Our team of dedicated IT professionals provide guidance and training to educators and staff in higher education and K-12 schools. Our research and development of software, tools, and systems address problems and tackle challenges that are unique to West Virginia's public institutions and not-for- profits. Work Location: Morgantown, WV, 26505 Classification: Salary, Non-Classified, Full-Time Benefits, FLSA Exempt SALARY/BENEFITS Starting annual salary range is $75,000 - $85,000 plus excellent State of WV Employee benefits : health insurance, dental, vision, hearing, Health Savings Accounts/Flexible Spending Accounts, retirement investing, and life insurance plans, short-term/long-term disability insurance, as well as, generous amounts of vacation, sick, state & federal holidays, and professional development opportunities. MINIMUM EDUCATION Bachelor's degree in information technology, electrical engineering, or related field preferred. Relevant and equivalent experience will be considered in lieu of degree. MINIMUM EXPERIENCE .*Details of relevant experience must be shown in your resume* 5 years facility management experience overseeing electrical and environmental systems, preferably in data center operations. 2 years of experience managing or leading data center operations in a 24/7, mission-critical environment. 2 years of experience in colocation operations, including the installation and deployment of cage, rack and cable infrastructure, power circuit installation, and power monitoring. 2 years of experience in diagnosing and repairing IT hardware, Servers, network Switches, structured cabling. JOB DUTIES/RESPONSIBILITIES Serve as a liaison between WVNET and customers, addressing customer needs and concerns. Manage all aspects of the data center facility, including space allocation, power distribution, and network connectivity. Monitor and maintain environmental controls, such as cooling systems, to ensure equipment functionality and protection. Participate in the development and implement disaster recovery plans, including data backup and recovery procedures, to safeguard critical systems and data. Implement and enforce security protocols and procedures to protect the data center and physical facilities. Collaborate with stakeholders to address security incidents, conduct risk assessments, and develop mitigation strategies. Liaise with external authorities and agencies to ensure compliance with security and safety regulations. Coordinate quarterly meetings of the Building & Safety Committee and resolve environmental health and safety issues. Provide 24/7 availability for addressing data center-related issues or emergencies. Collaborate with other departments to address product-related issues, service delays, or customer complaints. Create and maintain detailed documentation in the ticketing system, including equipment installations, maintenance, and troubleshooting steps. Oversee the NOC, resolving computing and communications-related issues, managing personnel, and ensuring efficient operations. Manage the day-to-day operation of physical facilities, ensuring cleanliness, safety, and compliance with regulations. Coordinate facility maintenance, repairs, renovations, and preventive maintenance tasks. Collaborate with vendors and service providers for facility-related services, such as HVAC and electrical. Maintain accurate records and documentation related to facility management, including work orders and equipment inventory. KNOWLEDGE/SKILLS/ABILITIES Expert understanding of the electrical and mechanical systems used in a facility and data center environment, including, but not limited to; electrical distribution and layout, Transformers, PLC's, Generators, Switchgear, UPS systems, Static Transfer Switch (STS), Power Distribution Unit (PDU) and Automatic Transfer Switch (ATS), HVAC's, CRAC/CRAH's, and Pre-Action Sprinkler Systems. Expert knowledge in industrial safety best practices (ie, equipment lockout/tag out procedures, arc Flash protection, OSHA and state regulations.) Expert knowledge of structured cabling systems, fiber optics, networking and connectivity standards, hardware installation requirements and industry best practices. Strong quantitative and qualitative reasoning skills, with demonstrated ability to determine event root causes, performance shortfalls and required corrective actions. Demonstrated ability to lead and direct team members, maintain schedules, and project management. Effective communication skills, both written and verbal, regarding technical issues. Demonstrated ability to take initiative and ownership and to adapt in a fast-paced environment. Equal Opportunity/Affirmative Action Employer/Veterans/Disabled The West Virginia Network for Educational Telecomputing (WVNET) is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, or protected veteran status and will not be discriminated against on the basis of disability. WVNET provides a collegial, respectful and inclusive environment that values the diversity, creativity and contributions of its staff.
02/09/2023
Full time
WVNET is seeking to hire a dynamic Data Center Manager to lead and support our team. This is a crucial role maintaining the smooth operation of our data center infrastructure and physical facility. Responsibilities will include ensuring the data center's optimal performance, leading technical staff, maintaining service availability, managing environmental controls, and overseeing facility maintenance and security. WVNET connects K-12 schools, higher educational institutions, libraries, state and county government, and various not-for-profits to the Internet and the rest of the world through our state-of-the-art network and telecommunications expertise. Our team of dedicated IT professionals provide guidance and training to educators and staff in higher education and K-12 schools. Our research and development of software, tools, and systems address problems and tackle challenges that are unique to West Virginia's public institutions and not-for- profits. Work Location: Morgantown, WV, 26505 Classification: Salary, Non-Classified, Full-Time Benefits, FLSA Exempt SALARY/BENEFITS Starting annual salary range is $75,000 - $85,000 plus excellent State of WV Employee benefits : health insurance, dental, vision, hearing, Health Savings Accounts/Flexible Spending Accounts, retirement investing, and life insurance plans, short-term/long-term disability insurance, as well as, generous amounts of vacation, sick, state & federal holidays, and professional development opportunities. MINIMUM EDUCATION Bachelor's degree in information technology, electrical engineering, or related field preferred. Relevant and equivalent experience will be considered in lieu of degree. MINIMUM EXPERIENCE .*Details of relevant experience must be shown in your resume* 5 years facility management experience overseeing electrical and environmental systems, preferably in data center operations. 2 years of experience managing or leading data center operations in a 24/7, mission-critical environment. 2 years of experience in colocation operations, including the installation and deployment of cage, rack and cable infrastructure, power circuit installation, and power monitoring. 2 years of experience in diagnosing and repairing IT hardware, Servers, network Switches, structured cabling. JOB DUTIES/RESPONSIBILITIES Serve as a liaison between WVNET and customers, addressing customer needs and concerns. Manage all aspects of the data center facility, including space allocation, power distribution, and network connectivity. Monitor and maintain environmental controls, such as cooling systems, to ensure equipment functionality and protection. Participate in the development and implement disaster recovery plans, including data backup and recovery procedures, to safeguard critical systems and data. Implement and enforce security protocols and procedures to protect the data center and physical facilities. Collaborate with stakeholders to address security incidents, conduct risk assessments, and develop mitigation strategies. Liaise with external authorities and agencies to ensure compliance with security and safety regulations. Coordinate quarterly meetings of the Building & Safety Committee and resolve environmental health and safety issues. Provide 24/7 availability for addressing data center-related issues or emergencies. Collaborate with other departments to address product-related issues, service delays, or customer complaints. Create and maintain detailed documentation in the ticketing system, including equipment installations, maintenance, and troubleshooting steps. Oversee the NOC, resolving computing and communications-related issues, managing personnel, and ensuring efficient operations. Manage the day-to-day operation of physical facilities, ensuring cleanliness, safety, and compliance with regulations. Coordinate facility maintenance, repairs, renovations, and preventive maintenance tasks. Collaborate with vendors and service providers for facility-related services, such as HVAC and electrical. Maintain accurate records and documentation related to facility management, including work orders and equipment inventory. KNOWLEDGE/SKILLS/ABILITIES Expert understanding of the electrical and mechanical systems used in a facility and data center environment, including, but not limited to; electrical distribution and layout, Transformers, PLC's, Generators, Switchgear, UPS systems, Static Transfer Switch (STS), Power Distribution Unit (PDU) and Automatic Transfer Switch (ATS), HVAC's, CRAC/CRAH's, and Pre-Action Sprinkler Systems. Expert knowledge in industrial safety best practices (ie, equipment lockout/tag out procedures, arc Flash protection, OSHA and state regulations.) Expert knowledge of structured cabling systems, fiber optics, networking and connectivity standards, hardware installation requirements and industry best practices. Strong quantitative and qualitative reasoning skills, with demonstrated ability to determine event root causes, performance shortfalls and required corrective actions. Demonstrated ability to lead and direct team members, maintain schedules, and project management. Effective communication skills, both written and verbal, regarding technical issues. Demonstrated ability to take initiative and ownership and to adapt in a fast-paced environment. Equal Opportunity/Affirmative Action Employer/Veterans/Disabled The West Virginia Network for Educational Telecomputing (WVNET) is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, or protected veteran status and will not be discriminated against on the basis of disability. WVNET provides a collegial, respectful and inclusive environment that values the diversity, creativity and contributions of its staff.