Please send all responses to insourceat_private I am posting this on behalf of another party. Please do not reply to me directly. > Position: Director, Information Security > Company: Top E-commerce Company > Location: New York City (No relocation allowance. Local-area > candidates strongly preferred). > Available: Immediate > Contact: Send resumes and inquiries to insourceat_private > > Job Description > > - Work with VP, IT Operations and CTO to recommend, develop and implement > internal information security policies, standards and procedures. > - Development of toolsets to permit security monitoring, vulnerability > analysis and security incident response and follow-up. > - Will work with IT Operations (infrastructure), Software Engineering groups > and the Project Management Office (PMO) during the implementation or > maintenance of production software, and/or any change to infrastructure > (e.g., new hardware or network operating system). Will be required to > provide potential network security issues/concerns with regards to such > changes and projects. > - Responsible for intrusion detection, new incident tracking, documentation, > analytical investigation and developing security countermeasures. > - Investigate and recommend appropriate corrective action for data security > incidents. Ensure all appropriate departments are informed of any system > changes or potential threats. > - Conduct risk assessments on all aspects of infrastructure and systems > development to confirm the adequacy of security controls or identify > necessary improvement to ensure compliance with company policies. May > utilize security tools (e.g., ISS, SATAN, CyberCop, Netsonar, sniffers, > etc.) to identify website/network security weaknesses in order to recommend > system enhancements. > - Ensure that patches and fixes for security vulnerabilities are analyzed, > tested and installed. > - Create trend analyses and metric studies of security and audit information > to determine exposure levels and effectiveness of the Information Security > policies and practices. > - Research, test and recommend new information security technologies and > methodologies. > - May work with external audit firms to identify security related exposure > for purposes of general controls improvement or obtaining ratings or > certifications (e.g., TruSecure ICSA certification). > > Requirements: > > - 8+ years Information Technology experience with a concentration in > infrastructure and/or information security. > - 3+ years in Information Security and experience with n-tier architecture. > > - B.S. in Computer Science, Engineering or related technical discipline. > - Must have prior experience developing information security policies, > intrusion response procedures, disaster recovery procedures, risk analysis, > administration and operation of a complex security infrastructure. > - CISSP and/or GSEC security certification required. MCSE certification > STRONGLY preferred. > - Other certificates such as Security +, CISA, GSE or CCP a plus. > - Experience with configuration/administration of Windows network operating > systems and experience with IIS. - Experience with routers and switches and > any programming skills a plus. > - Experience with IDS, security management tools (e.g., network and > host-based Intrusion Detection systems), VPN's and virus protection. > Extensive protocol and standards experience including TCP/IP, SSL and public > key cryptography techniques (e.g., PKI or Kerebros). > - Prior experience with large e-commerce or top content website preferred. > - Prior experience analyzing security-based data from sources such as > firewall logs, platform even logs, security product logs such as ESM or > Internet scanner. > - Can diagram technical PKI structures, network flow, firewall and intrusion > detection theory/process. > - Prior project management experience required. >
This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 10:01:36 PDT