Security Analyst

Apply by eMail:15332481.185@jobfrenzy1.com

Description:
Job Description: WHY WAIT? Are you looking for an exciting new opportunity? This may be your lucky day! It is time for a change, and CDI can help! We have an immediate need for a Security Analyst JOB DESCRIPTION Complete Description: The Security Analyst is responsible for ensuring the development of secure applications and networks by interacting with software developers, network engineers, QA testers, and business analysts. The Security Analyst will be responsible for the following: Performing application risk assessments and threat modeling Administering application vulnerability scans and coordinating remediation activities Review network security designs and make recommendations Manage and configure security database assessment and auditing tools Provide consultation to IT department on application and network security best practices Ensure application and network compliance to documented IT security policies, procedures, processes and standards requirements. Documentation requirements are: exceptions reports, audit/review reports, technical/process recommendations, reporting of security statistics/metrics, technical standards, procedures, and guidelines, etc. REQUIREMENTS: 2-3 years experience in application security role Strong development experience is a must as well as the ability to work with development teams to resolve issues and improve awareness around secure coding practices. Experience with inserting information security controls and checkpoints into the application design process. Strong knowledge in standard software development applications, Windows UNIX, and database environments including SQL, DB2, Oracle and Sybase. Working knowledge of how to build secure web-applications In-depth knowledge of TCP/IP and related communication protocols. Knowledge of NT authentication schemes (Kerberos, NTLM, AD), Web applications access databases (JDBC, ODBC, Sqlnet, etc.). Strong knowledge of networking technologies, routing and switching. IDS/IPS/Firewall monitoring experience. Experience using code, Web and database scanners. Experience with Appscan, NESSUS, and other application assessment tools. Familiar with risk analysis and risk management methodologies. Solid understanding of application vulnerabilities and countermeasures. Must be able to provide and recommend remediation approach and not just provide vulnerability information. Information Security technology/compliance experience. Familiarity with major regulations such as Sarbanes-Oxley and FERC a strong plus. Excellent communication skills (both oral/written); documentation requirements are: exceptions reports, audit/review reports, technical/process recommendations, reporting of security statistics/metrics, technical standards, procedures, and guidelines, etc. Demonstrated ability to work effectively in a fast-paced, high volume, deadline-driven environment. Self-directed and motivated, with ability to work independently, as well as collaboratively in a team environment. Professional maturity in dealing with all levels of management and staff. Certified Information Systems Security Professional (CISSP) or other Security certification is a plus. Work schedule is four 10 hours days -- Tuesday through Friday. Behavior Characteristics: Demonstrated ability to work effectively in a fast-paced, high volume, deadline-driven environment. Self-directed and motivated, with ability to work independently, as well as collaboratively in a team environment Experience:

Requirements:
See Above

Education: Not Specified

Experience: Not Specified

Travel: Not Specified

Apply by eMail:15332481.185@jobfrenzy1.com

Job Created: Fri Oct 16 2009 04:27:51 AM
Last Modified: Fri Oct 16 2009 04:27:51 AM