ISSA's mission is to enhance the education and expand the knowledge and skills of its members in the interrelated fields of information systems and data processing; to encourage a free exchange of information security techniques, approaches, and problem solving; to provide adequate communication to keep members abreast of current events in information processing and security; and to communicate to management and to systems and information processing professionals the importance of establishing controls necessary to ensure the secure organization and utilization of information processing resources.
FICO - 2 Manager Openings and a Lead
See the jobs listed here on the web site: http://www.fico.com/en/Company/Careers/Pages/opportunities.aspx
1. Security Manager (no direct reports):
Role/Responsibility:
This Information Security Engineer will have a strong IT and security engineering background. A complete understanding of security and network architecture, encryption, threat and vulnerability management are critical for this role. This person should be familiar with multiple platforms (MS, *nix, middleware, network, database) both physical and virtual and have the ability to fully implement security solutions. Should also have a strong understanding of access control mgnt (authorization, reviews, federation). Candidate will be a self-starter, diplomatic yet assertive , have a sense of humor and like working with others.
M-F typical office hours, some on-call possible.
Required Experience:
Education Required:
Bachelor’s Degree required and one of the following certifications:
CISSP, CISA, CSSLP
Experience Required:
6 years minimum experience directly related to information security
Desired skill sets include the ability to work with Active Directory, Core Insight, Symantec CCS, OSSEC, CyberArk and other InfoSec tools.
Must be able to create detailed documentation, metrics and presentations.
2. Security Manager (No direct reports):
Role/Responsibility:
This Information Security Manager role will focus on audit and compliance and must have detailed understanding and experience running with PCI and HIPAA rules and have a solid background in Identity and Access management including authorization, reviews, federation, etc. Experience reviewing security controls, facilitating audits and working with client relationships or client audits. Strong interpersonal skills, process, reporting and metrics are a must. Candidate will be a self-starter & be diplomatic, yet assertive.
Education & Certifications Required:
Bachelor’s Degree required and one of the following certifications:
CISSP, CISA, CSSLP
Experience/Qualifications Required:
6 years minimum experience directly related to information security audit and compliance.
Experience with Archer GRC, Sharepoint, CyberArk or other identity management solution.
Excellent written and verbal skills.
3. Security Lead
Roles/Responsibilities:
• Responsible for the development of the Secure SDLC process in working with the Product Development and QA teams.
• Responsible for the development and performance of application security training for the company.
• Work with application teams on improving security in the Software Development Life Cycle (SDLC).
• Support Static and Dynamic Code Analysis tools to detect security vulnerabilities in applications developed in C/C++, C#, Java, PHP, Javascript, Perl & Python
• Manage Application Security Vulnerability Scanning and Testing tools against OWASP Top 10.
• Participate in the improvement and development of process/procedure manuals and documentation
Occasional evening work to accomodate different time zones.
Required Experience
Education/Certifications Required:
• 5+ years of information security experience
• Bachelor Science Degree, preferably in Computer Science
CISSP, CSSLP, GWEB (GIAC Certified Web Application Defenders) is desirable
Experience/Qualifications Required:
Demonstrated experience in performing Application Security risk assessments at the business unit or department level.
• Demonstrated expertise in implementing best security practices in an organization’s SDLC process
• Solid experience and technical knowledge in security engineering, application security, system and network security, authentication and security protocols & cryptography.
• Knowledge of threat modeling or other risk identification techniques
• Expert knowledge of OWASP Top 10 and SANS Top 25 vulnerabilities
• Excellent technical writing and presentation skills
• Development experience in C/C++, C#, Java and scripting languages like Javascript, Perl & Python.
• Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
* Hands on experience with running Vulnerability Assessment tools such as Fortify, QAInspect, WebInspect or others. Ability to understand and interpret vulnerabilities and communicate to developers for remediation
Demonstrated ability to excel in a team as well as a self-sufficient individual contributor. Ability to interact with a wide range of staff within FICO including developers, quality engineers, product/project managers, etc.
