IIT Inc. Home

IIT Jobs Data Bank-Job Detail

Submit Resume For This Job (via email)
Follow us on LinkedIn or Twitter or Facebook
Follow us on Facebook Follow us on LinkedIn
ID Location Skills $$ Job Type Status
12461 Downtown Manhattan, NY 10004 Security Engineer - Application and Infrastructure, PKI, DevSecOps Threat Vulnerability PenTesting DOE Contract OPEN
If you are unable to click on links above to submit resume, you may email your resume to
1192-MH2857@apply.maxhire.net    

Subject=IIT Career Site/Resume for JobID=12461 (Security Engineer - Application and Infrastructure, PKI, DevSecOps Threat Vulnerability PenTesting) in Downtown Manhattan NY 10004 (AMI)

Estimated Length: 12 Months Work hours:37.50 

Requirements

The purpose of this position is to support the research, implementation, and ongoing operation and maintenance of all information security technologies that are designed to protect the corporate infrastructure at the host, endpoint, cloud, application levels.

This position is responsible for ensuring that sensitive data is identified, and that it is properly protected through the use of the appropriate security technologies.

The following desired knowledge, skills, and abilities are required for this position. Solid knowledge of the theory, concepts, and practice of computer networks and security technologies sufficient enough to learn a new product (with no formal training) well enough to provide technical support to its users, and to coordinate implementation with other technical professionals. Thorough knowledge microcomputer and data communication hardware; telecommunication concepts, topologies and protocols; local and wide area networking. Ability to keep abreast of the technical solutions available in the marketplace and ability to recognize their applicability at Client. Must be able to recognize when a process requires additional controls and then implement appropriate procedural changes. Excellent problem-solving, analytical, planning, and project management skills. Ability to communicate in oral and written form to users at all levels of the company; particularly requires the ability to convey technical information to a non-technical audience. Long and short-term planning skills, including basic financial analysis tools such as cost benefit analysis.

• Participate in the development of, manage and maintain an Client Data Classification process where sensitive data that is housed within Client applications can be identified and cataloged. Research and make recommendations for further protecting sensitive data and/or provide additional security technologies to serve this purpose.
• Ensure that Secure Application Coding techniques are followed during application development phases through integration of these requirements into the SDLC. Assist with the process of performing application code reviews, Application security assessment techniques (SAST, DAST), system vulnerability assessments, and penetration testing to test the strength of the Client computing environment.
• Have application security vulnerability knowledge including security risks as per OWASP, SANS Top 25, etc.
• Web Servers experience (IIS, Apache, etc.) and middleware software experience: Oracle's WebLogic and IBM's WebSphere.
Knowledge of programming languages: Java, C#.NET, PHP, etc. and web application multi-tier architectures and operation (session management, caching, etc.)
• Assist with the process of maintaining and administering the Proxy/Content Filtering technologies at the Client and ensure that any remediation that is required to protect against threats are handled in a timely manner.
• Administer the Cryptography & Key Management (PKI) processes across the Client computing environment.
• Assist with the Server and Network Hardening processes performed by the infrastructure teams and perform Hardening Validation testing to ensure that policies and guidelines are being adhered to.
• Research and recommend the appropriate levels of infrastructure and application security required for the Cloud, Virtualized, Middleware, and Database environments, and manage the administration of security on these platforms to ensure that adequate controls are in place.
• Assist with the process of implementing and maintaining current and supported levels of Anti-Malware and Anti-Spam technologies to protect the Client computing environment.
• Assist with the implementation and administration of Data Loss Prevention technologies including but not limited to Full Disk Encryption, Removable Media Encryption, and port protection technologies.
• Perform the implementation of the technical security for Mobile Device Management and control access to the Air Watch Administration platform to ensure that adequate controls are always in place.
• Strong experience working in DevSecOps and Security Automation.
• Experience with automation of security testing as part of a CI/CD pipeline.
• The successful candidate will be working across multiple teams to enhance application security, and improve security integration and automation
• Experience with common cloud services, recommended security best practices and secure deployment patterns.
• Understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks).
• Ability to analyze protocols (such as OAuth, SAML, etc), flows and interactions in a system design to evaluate gaps.
• Ability to identify threats, vulnerabilities and gaps in the design and environments (i.e Cloud) before it is implemented.
• Good written and oral communication to be able to articulate risks to both technical and management stakeholders.
• Perform tasks with little supervisions and able to deliver timely and quality deliverables.

Additional Skills and Information:

Communication Skills, Analyzing and synthesizing technical reports.

 
Submit Resume For This Job (via email)
 
Don't See a Position Matching Your Skills?
Click here to Email / Register your resume and be notified of future job openings.
 
About IIT:

Founded in 1995, IIT is a leading provider of Workforce Solutions to Government and Fortune-1000 organizations. IIT is a winner of Inc-500 award. IIT's core services include:

  • Consulting for projects / IT Outsourcing
  • IT staffing (Contract / Temporary / Contingent / Consulting)
  • Custom Workforce Solutions
  • Recruitment Process Outsourcing (RPO)
  • Headquartered in New York, IIT has over 400 consultants deployed at Client Sites. Other IIT highlights include

  • Winner of Inc-500 award 2 consecutive years
  • Winner of Ernst & Young / USPAACC Fast-50 award 2 consecutive years
  • Winner of USPAACC Top-10 Award in the Northeast US
  • IBM Business Partner
  • Oracle Business Partner
  • Adobe Business Partner
  • NYSA Member - New York Staffing Association - Regional Affiliate of ASA / American Staffing Association
  • NYS MBE certified
  • Our Consultants love working for IIT

  • Competitive compensation
  • W2 or C2C
  • Biweekly Direct Deposit for W2 Consultants
  • Visa and Green Card sponsorship opportunities for qualified individuals
  • Local contact for you to meet and talk to anytime (not someone sitting overseas in a different time zone)
  • Follow us on LinkedIn or Twitter or Facebook

    IIT is an Equal Opportunity Employer