Cyber Security Consultant

Company Description

As one of the most experienced staffing firms in Denver Colorado, North Star Staffing Solutions prides itself on exceptional services and relationships we've built over the years. We have continued to provide the recruiting and staffing expertise our clients expect and they have acknowledged over and over again that our services are integral to their success. 

Job Description

Locations:

• Multiple positions in various locations such as St. Louis, San Francisco, San Antonio, New York, Houston, Detroit, Los Angeles, and 5 in Atlanta.

Job Description & Duties:

• Align information security strategy with business needs.
• Investigate complex cyber breaches, remediating detect and respond approaches.
  
• Optimize information security spending as well as making the Cyber Program Management (CPM) more cost-effective and sustainable.
  
• Security Operations Center capabilities improvements.
  
• Monitor, maintain and enforce compliance with access management policies, address legal and regulatory compliance issues.
  
• Ensure resources and skills for implementing technology and processes are applicable.
  
• Helps create solutions that combine hardware, software, and services to normalize, aggregate, correlate, and visualize data from disparate security products. 
  
• Assisted organizations in reducing complexities associated with managing vast amounts of security event data while maximizing control over the security infrastructure.
• Assess, design and implement a security strategy and governance program framework.
  
• Design, implement and integrate security solutions that will prevent risks and exposures.
• Design and implement security policies, procedures and standards that describe pragmatic, risk-based mechanisms to maintain the confidentiality, integrity and availability of information systems and the data processed therein.
  
• Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure.

KEY RESPONSIBILITIES:

• Enhance the Software Development Life Cycle (SDLC).
  
• Establish a security program for the SDLC capture that will utilize the client's current application.
• Supervise the overall application review process. 
• Identify application vulnerabilities.
• Suggest architectural changes and design at procedural and technology levels. 
• Perform Quality Assurance (QA) review of web-based applications in order to identify and validate application vulnerabilities and perform remediation at architectural and source code levels.
• Complete the draft, final reports and other deliverables specified within the planning documentation. 
  
• Ensure project documentation is complete and archived appropriately. 
• Subject matter in programming languages and web application environments.
• Propose vulnerability risk level and estimated level of remediation effort. 
  
• Propose code fix or architectural strategies to remediate identified vulnerabilities.
• Collaborate to confirm appropriateness of a proposed remediation approach or suggest an alternative action and then perform remediation.
  
• Collaborate with the engagement team to plan the engagement and develop work programs, timelines, and planning documentation. 
  
• Document the business processes dependent on IT while working with the team.
• Perform high-quality client service by directing daily progress of fieldwork, informing supervisors of engagement status, and managing staff performance.
• Thorough understanding of complex enterprise systems. 
  
• Knowledge of the current IT environment and industry trends to identify engagement and client service issues. 
• Communicate with the engagement team and management through written correspondence and verbal presentations.

Qualifications

Job Requirements & Qualifications:

• Requires a bachelor's degree and a minimum of 2 years of related work experience or a graduate degree and approximately 1-2 years of related work experience in the fields of Computer Science, Information Systems, Engineering, Business or related major.
• Required experience performing application security vulnerability assessments and attacks including creation of proof-of-concept exploits.
  
• Experience using Fortify, AppScan, WebInspect, Burp, ZAP.
  
• Used enterprise application development in one or more of the common development platforms such as Java/J2EE, .NET/C#, C/C , PHP, Python, Flash.
  
• Performed Information Security strategic planning, architecture migration strategies or security engineering strategy.
  
• Proficient in networking and system-level concepts such as web application architecture, REST APIs, SOAP, jQuery, AJAX, message oriented architecture.
  
• Experience in key Information Security domains such as identity, access management, cryptography.
  
• Enterprise experience with application development for mobile platforms such as iOS or usage of mobile frameworks such as Kony, PhoneGap is a plus.
  
• Moderate understanding of best practice methodologies in Application Security including OWASP, mobile.
  
• Utilized development methodologies such as waterfall, agile, continuous integration.
  
• Written enterprise security standards, policies, coding guidelines.
  
• Able to examine issues both strategically and analytically
  
• Ability to interact with senior management, technical SMEs, business partners and influence decisions 
  
• Must have strong written and verbal communication skills. 
  
• Able to effectively communicate with business partners using non-technical terms.
  
• Ability to work on multiple simultaneous initiatives/projects/tasks.
  
• Must hold or be willing to pursue related professional certifications such as the CISSP, Open Group Certified Architect or CEH certification.
  
• Willingness and ability to travel domestically and internationally
  

MUST:  

• Fortify, AppScan, WebInspect, Burp, ZAP, Java/J2EE, .NET/C#, C/C , PHP, Python, Flash, web application architecture, REST APIs, SOAP, jQuery, AJAX, message oriented architecture,
• Information Security domains such as identity, access management, cryptography.
  
• Understanding of development methodologies such as waterfall, agile, continuous integration. 
  

Additional Information

All your information will be kept confidential according to EEO guidelines