Executive Search
Professional Placement
Staffing Consulting

Over 30 years building industry relationships
in Information Technology drive our
performance recruiting for key people.

Job Seekers

FOUR Senior IT Security Positions

Twitter Facebook
Location
Burlington, MA
Salary
$100,000 - $190,000
Job Type
Direct Hire
Date
Oct 06, 2017
Job ID
2529769
Our client helps millions of small businesses realize their dreams. They equip and service small businesses worldwide with products and technology to power their online web presence, email marketing, mobile business solutions, and more. Their best in class family of brands includes customized email marketing, managed services, co-location hosting, URL domain management, website and ecommerce site development, among others. Headquartered in Massachusetts, they employ more than 3,800 people across the United States, Brazil, India, and the United Kingdom.

Following are four separate IT Security Career positions currently available:


Sr. Product Security Engineer

Develops processes, procedures, and technical implementation of security solutions to enhance the security capabilities of company products. Responsible for providing expertise in the areas of secure coding, secure testing, intellectual property protection, and export control. Assist in the execution complex security architecture reviews according priorities.  

PRINCIPAL DUTIES AND RESPONSIBILITIES
  • Develops, deploys, and maintains security testing programs and tooling
  • Assists in the creation of security guidance related to product requirements, abuse cases, and attack personas
  • Assists in the design and operation of the external security researcher program
  • Assists in the compliance with export control initiatives
  • Engages with engineering leadership in the identification and protection of intellectual property assets
  • Develops, deploys, and maintains a security advocate/champion program
  • Develops, deploys, and maintains source code scanning infrastructure
  • Contributes expertise to help determine requirements and functional specifications for entire organization.
  • Works effectively with cross-functional and/or global teams, readily shares information with others.
  • Collaborates, coaches and develops a small group of information risk professionals in product security practices
  • Leads the Pen testing program
SKILLS  
·       Possesses strong engineering/security/risk/legal knowledge.
·       Knowledge of the engineering aspects of information security subject matters including
o   Code level knowledge of Java, Javascript, and preferred Ruby/iOS
o   Knowledge of code scanning vendors
o   In-depth knowledge of various black and white-box security testing techniques
o   Advanced knowledge of risk assessment design and delivery
·       Problem solving skills.
·       Preferred background in quality assurance and/or release engineering
·       Ability to work in a team environment.
·       Excellent communication and influencing skills
·       Project management skills.
EDUCATION REQUIRED:                Bachelors (Technical) or equivalent, industry certification required [CSSLP and/or Security Testing certifications [GWAPT, CPEN, CEH] preferred]
EXPERIENCE REQUIRED:                8+ years relevant experience
______________________________________________________
Senior Security Architect
 
Responsibilities: 
  • Reviews technology and security projects, making recommendations with regard to product selection, configuration and design.
  • Remains informed and intimate with current security technology solution trends and approaches.
  • Remains informed with current threat landscape and integrate threat information and assess impacts our enterprise current state. 
  • Understands current enterprise technology architecture and business processes with the goal of addressing security issues and providing an informed opinion to leadership teams.
  • Provides security guidance and requirements to technology teams with the goal of defining standard processes, documentation, key controls to monitor and metrics to gauge effectiveness.
  • Prepares, evaluates and presents security solutions and recommendations to senior leaders.
  • Recommends, coordinates and implements security technical controls to ensure policies and processes are performing as intended
  • Oversees multiple projects in order to preserve the architectural vision and protect stakeholder interests as well as to meet operational and financial reporting requirements
  • Possesses the ability to think long-term, quickly develop strategic designs/solutions and think critically across the assigned application portfolio, current technology backdrop while remaining organizationally astute.
  • Develop security architecture and guiding principles at macro & micro level across all cloud initiatives
  • Lead, coach and mentor Cloud Services team to incorporate security while developing highly scalable, distributed applications involving Cloud Ops, DevOps and Security teams
  • Provide leadership in security remediation activities, if necessary
  • Developing technical and security specifications for the targeted applications/workloads in the service catalogQualifications: 
  • Bachelor’s Degree in Information Security, Computer Science or equivalent; or 7 years’ comparable work/military experience
  • Security Certifications such as CISSP, CISM, 
  • 7-10 years of progressive information security experience 
  • Proven experience building security reference architecture for on-premise, all-in cloud deployments, and hybrid scenarios
  • Implementation experience with enterprise security solutions such as Endpoint Protection (DLP/Whitelisting/HIPS), WAF, IPS, Anti-DDOS, and SIEM.
  • Strong knowledge of networking including large scale network segmentation and emerging technologies in the Software Defined Networking space
  • Knowledge of Identity and Access Management, Single-Sign On, and PKI/Certificate Services a plus 
  • Familiarity with compliance & security standards 
  • Demonstrated ability to think strategically about business, product, and technical challenges
  • Experience researching and evaluating available technologies and standards to meet requirements
  • Experience with working on global teams across time zones, cultures and languages.
  • Strong communications skills, both written and spoken.
__________________________________________________
Sr Network Security Engineer

Summary:
 
Develops processes, procedures, and technical implementation of security solutions to
prevent, detect and respond to cyber intrusions. Responsible for providing expertise in
the areas of computer network defense, incident management, and computer forensics.
Assists in the execution complex computer investigations according to priorities.
 
Responsibilities:
  • Designs, develops, deploys and maintains cyber defense mitigation techniques
  • Develops, deploys, and maintains the vulnerability management program
  • Maintains the security incident program including the oversight of the security
  • operations center
  • Develops, deploys, and maintains the insider threat protection program
  • Develops, deploys, and maintains the threat intelligence feeds
  • ·Contributes technical expertise to help determine requirements and functional specifications for entire organization
  • Works effectively with cross-functional and/or global teams, readily shares Information with others 
Requirements:
  • Bachelor’s degree in Computer Science/Engineering or related field or equivalent
  • work experience
  • 8+ years’ experience in network and web application security
  • Industry certification either CISSP, CSIRT or GCIH 
  • CCNP level of networking knowledge –LAN, WAN, Firewall, Wireless 
  • BGP/OSPF routing protocols and Firewall rule configuration expertise 
  • Hands on experience with networking and security systems and software i.e.virtual/physical Routers, Switches, Firewalls, IDS/IPS, SIEMs
  • Able to conduct risk assessments, diagnose internet/extranet security issues,
  • intrusion attempts, cyber-crime response, assist in responses to external audits,
  • penetration tests, and vulnerability assessments 
Knowledge of the technical aspects of information security subject matter
including: 
  • Commons adversary tactics, techniques, and procedures [TTPs] and
  • attack classes
  • Common detection and intrusion mitigation techniques
  • Incident handling processes and procedures
  • Basic forensic techniques – tools, processes, and procedures
  • Operational threat environments and sources of intelligence for each
  • Vulnerability management processes and procedures
    • Problem solving skills 
    • Strong written and verbal communication skills
    • General knowledge and application of engineering concepts
    • Ability to work in a team environment
    • Project management skills
Preferred:
• GCED certification
• Experience with small business/consumer environments

_________________________________________________
Senior Manager, Security Operations & Incident Response
 
Security Operations
  • Manage the overall day-to-day of the security operations center ensuring events and/or incidents are detected and responded to in adherence to established process as well as procedures.This includes:
  • Oversee the analysts’ daily tasking.
  • Manage the team’s scheduling.
  • Ensure effective incident management.
  • Identify chronic operational and security issues, and ensure they are managed appropriately.
  • Manage and escalate roadblocks that may jeopardize security monitoring operations, infrastructure, and SLAs.
  • Serve as a senior mentor to SOC staff.
  • Interface and collaborate with outside teams.
  • Track tactical issues in execution of SOC responsibilities.
  • Document and track analyst training requirements.
  • Ensure analysts follow existing procedures and all procedures are documented in accordance with local guidelines.
  • Manage the process improvement program for SOC processes.
  • Management, maintenance, and rule creation for SIEMIncident Response
  • Serve as focal technical lead on incident events and incidents.
  • Must be highly technical, hands-on and also capable of serving as the primary point of contact with senior management
  • Investigate network intrusions and other cyber security incidents to determine the cause and extent of the breach. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
  • Summarize events/incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.
  • Managing the chain of custody for all evidence collected during incidents and security investigations
  • Create a curriculum and conduct in-house training sessions, individualized if needed, for IR staff, to ensure appropriate development of skills and continued innovation as well a facilitating incident management team exercises and eventsQualifications:
  • Bachelor’s Degree in Information Security, Computer Science or equivalent; or 7 years’ comparable work/military experience
  • Security Certifications such as CISSP, ECIH, GCIA, and/or GCIH 
  • Strong background in security operations, process, solutions and technologies
  • Experience interfacing with other internal or external organizations regarding failure and incident response situations
  • 3+ years of experience leading teams utilizing a Security Incident Event Management Solution
  • 5+ years of experience in security incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses and other forms of malware.
  • Experience mitigating and addressing threat vectors including Advanced Persistent Threat (ADT), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc. 
  • Knowledge of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits
  • Excellent verbal communication skills, strong analytical and organizational skills. Strong analytical skills to define risk, identify potential threats, and develop action/mitigation plans.
  • Ability to manage expectations with multiple stakeholders on projects and programs in conjunction with information security team
  • Demonstrated personal integrity, the ability to professionally handle confidential matters and exhibit the appropriate level of judgment and decision making commensurate with the position and responsibilities
  • Demonstrated initiative, dependability, and ability to work with little supervision
  • Travel (including international) is possible. Evening and weekend hours should be anticipated
  • Ability to acquire a US government clearance a plus
Please respond with your specific position of interest highlighting your unique qualifications in a resume. Salary compensation will vary by position and level of experience measured by delivered business value. Feel free to share with those you respect even simply to establish a quality relationship.