• Us Citizen

• Green Card

• EAD (OPT/CPT/GC/H4)

• H1B Work Permit

• Corp-Corp

• Consulting/Contract

• UG :- - Not Required

• PG :- - Not Required

• No of position :- ( 1 )

• Post :- 26th Nov 2020

Position: DevSecOps Application Security engineer

Location: remote to start, on-site in San Diego, CA after COVID restrictions are lifted

Duration: 12 months to start (potential extension)

End Client: PG&E

 

Qualifications: 

·       At least 5 years of Cybersecurity experience 

·       At least 3-4 years of experience working with application development or DEVSECOPS  

·       At least 3-4 years of experience in Information Security Engineering, Auditing, or Architecture 

·       Experience with Distributed Control Systems (DCS) is highly desired. 

Knowledge of implementing security controls for Microsoft Office 365 is HIGHLY desired 

·       Experience working in the Gas/Oil/Energy sector is a big plus. 

·       MS in Computer Science or equivalent desired 

·       Information Security Certifications highly desired (CISSP, GSEC, C|EH, CSSLP, OSCP, GISP, etc.) 

·       Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security 

·       Knowledge of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) 

·       Knowledge of common SSL, hashing, and symmetric encryption, especially in Java and .Net environments 

·       Ability to create and review network design and architecture patterns 

·       Able to articulate risk modeling and able to communicate technical concepts in simple terms both verbally and in written reports 

·       Experience with service-oriented architecture and web services security desired 

·       Experience with the application of threat modeling or other risk identification techniques 

·       Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits is desired 

 

 

·       Ability to provide technical direction and act as a subject matter expert as it relates to cybersecurity 

·       Knowledge of countermeasures against common attacks on web applications, app servers, databases, the HTTP protocol, SSL, DNS, certificates, credentials, forms, web sessions, cookies, tokens, XML, JavaScript, AJAX, JSON, Flash, SFTP, PKI and symmetric crypto, wireless & wired networks, and related Internet technologies 

·       Able to perform both automated and manual security assessments for applications 

·       Ability to technically evaluate cybersecurity technologies and provide feasibility assessments 

·       Able to articulate common risk modeling methods and secure architecture patterns 

·       Ability to write and/interpret clear system requirements and test plans 

·       Identify security issues and risks, and develop mitigation plans and recommendations 

·       Architect, design, implement, support, and evaluate security-focused tools and services while acting as the Cybersecurity project lead 

·       Interpret information security vulnerabilities, risks, policies, and procedures to Company Business lines and IT teams 

·       Perform Security Risk Assessments on large and medium programs and projects 

·       Experience with security frameworks such as NIST 800-53r4, NISTIR 7628, NIST Cybersecurity Framework, CIS Critical Controls 

·       Evaluate and recommend new and emerging security products and technologies 

·       Participate in projects that develop new intellectual property and ensure security policies, requirements, best practices, etc. are applied 

·       Evangelize security within Company and be an advocate for customer trust 

 

 

Best Regards,

Rajesh Varma | Talent Acquisition Consultant |
Direct: (415) 465-8708| rajesh.v@centraprise.com