SDLC, PEN Testing, and Third Party Risk Assessment – April 9

The (ISC)2 Eastern Massachusetts Chapter will host an interactive discussion around Application Security and an opportunity to network with your Chapter peers. The topic will cover the importance of secure application development, code reviews and penetration testing.  Our speakers and panel will also highlight processes for identifying and managing risks associated with third party vendors.

Topic: SDLC, PEN Testing, and Third Party Risk Assessment

Speaker #1: Chris Wysopal, Founder & CTO, Veracode
Speaker #2: Jason Marchant, Enterprise IT Risk Management Team Lead, Partners Healthcare
Panel moderator: Peter Bamber

  • Where & When
  • Date: Thursday, April 9, 2015
  • Time: 1pm-4pm
  • Location: Constant Contact Offices, 1601 Trapelo Road, Waltham, MA
  • RSVP HERE

 

Lunarline – Penetration Tester – Location Flexible

**JOB LOCATION IS FLEXIBLE**

The Penetration Tester will have experience doing hands-on penetration testing, security test planning, vulnerability analysis, and exploitation of application and systems level designs and implementations. This position requires a strong ethical hacking mindset with proven professional experience in assessing diverse network and system architectures in a comprehensive manner. The successful candidate will enjoy working in a dynamic, responsive, and collaborative environment, and be dedicated to the success of customers. Experience and detailed technical knowledge in security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security is essential. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings. Must be able to work independently and be open to at least 25% travel.

Required Skills/Qualifications:

  • Must be a US Citizen with the ability to obtain a government security clearance
  • Three (3) to five (5) years of experience performing information security testing and analysis with an emphasis on penetration testing using both manual and automated methods
  • Experience with industry standard testing tools and in-depth knowledge of the methods and techniques used during automated and manual penetration testing (such as scanning, scripting, mapping, exploitation, brute-force attacks, SQL injections, fuzz testing, buffer overflows, session hijacking, pass the hash, rogue APs, phishing, etc.)
  • Possess a strong IT background with knowledge of defensive security measures, such as network defenses, system configuration hardening, intrusion detection, and endpoint security
  • Experience with security solutions (HBSS, AV, IDS/IPS, Firewall, Web Proxies), knowledge of the principles, methods, and techniques used in security, application, and/or network engineering, a strong knowledge of enterprise network hardware, concepts, routing protocols, and network security posture
  • Three (3) years professional experience conducting network security assessments, with a clear understanding of manual methods and tools in addition to automated scanners
    Programming ability in one or more programming/scripting languages such as C, C++, C#, Java, Perl, Python, Ruby, Bash
  • Strong experience with tools used for penetration testing such as Metasploit, BurpSuite, BackTrack/Kali Linux, Nessus
  • Excellent written and verbal communication skills, especially when dealing with large reports and datasets
    A high standard of documentation and experience writing Rules of Engagement, security test plans, risk/vulnerability assessments, and findings reports
  • Ability to translate technical information into business impact for non-technical audiences

Desired Skills:

  • Experience building automated tool sets
  • Experience with secure code reviews and tools
  • Experience with mobile device penetration tools and techniques
  • Experience with wireless device and access point penetration tools and techniques
  • Other Microsoft, Linux, Cisco, or security certifications
  • Understanding of WAN technologies (MPLS, PPP, VPN, proxies, load balancers, etc.)
  • Experience assessing systems as part of FedRAMP
  • Understanding and experience with Cisco and/or Juniper routing, switching, and security products
  • Experience working in a service desk environment and supporting customer infrastructure

Minimum Education and Certifications:

  • Must have Bachelor’s degree in IT related field (Computer Science or Engineering preferred)
  • At least one of the following certifications (more than one is preferred): CISSP, CEH, ECSA, LPT or equivalent security certification

Location: Location is flexible. Occasional travel will be required (typically at least 25%)

CLICK HERE TO APPLY

Disclaimer

Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.
Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration (“SSA”) and/or the Department of Homeland Security (“DHS”) of your authorization to work in the United States.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.

Lunarline – Mid Security Engineer – Boston

Lunarline, Inc. is hiring a motivated Mid-Level Security Engineer with 3-5 years experience in information assurance, authorization & accreditation, security/compliance testing, and secure information system design. We work hand-in-hand with our clients to help them design, evaluate, and implement secure solutions for their products, within their enterprise environments, and for integration with the Federal Government and DoD.

Candidate must at least have experience performing IA/C&A/A&A activities including in-depth knowledge of NIST SP 800-53 IA controls and use of automated testing tools. Must possess a strong IT background, especially as it relates to locking down, hardening, and auditing information systems. Experience should include security related implementation, operation, and/or management of IT security solutions, knowledge of the principles, methods, and techniques used in security, application, and/or network engineering. Must be able to work independently and be open to at least 25% travel.

The successful candidate will be experienced and successful at solving complex cyber security issues, enjoy working in a dynamic, responsive, and collaborative environment, and be dedicated to the success of customers. Candidate must have experience and detailed technical knowledge in security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security.

Candidate must have experience in the understanding, application, and verification of IT Security policies and procedures. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings. Must be able to serve as a tester on various C&A/IA/A&A test events during which compliance with NIST SP 800-53 IA controls will be assessed.

Required Skills:

  • Expertise with NIST SP 800-53 IA Controls
  • Understanding of device and network security and hardening
  • Experience with DoD and NIST C&A/A&A

Desired Skills:

  • Experience with Veterans Affairs C&A/A&A process
  • Experience with FedRAMP
  • Other Microsoft, Linux, Cisco, or security certifications
  • Experience working in a service desk environment and supporting customer infrastructure
  • Coding/Programming experience (Python, Perl, Shell, Bash, Batch, etc.)
  • Other testing tool experience (Nmap, Nessus, WebInspect, AppDetective, Metasploit)

Minimum Education and Certifications:

  • At least one of the following certifications (more than one is preferred): Lunarline, Inc. School of Cyber Security “Certified Expert” certifications, Security+, CISSP, CISM, CEH, Network+, CAP, or SANS security certifications
  • Bachelor’s degree in IT related field or equivalent technical certifications

Location: Boston, MA Metro Area

CLICK HERE TO APPLY

Disclaimer

Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.
Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration (“SSA”) and/or the Department of Homeland Security (“DHS”) of your authorization to work in the United States.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.

Lunarline – Jr. Security Engineer – Boston

Lunarline, Inc. is hiring a motivated Junior Security Engineer with 1-3 years experience in information assurance, authorization & accreditation, security/compliance testing, and secure information system design. We work hand-in-hand with our clients to help them design, evaluate, and implement secure solutions for their products, within their enterprise environments, and for integration with the Federal Government and DoD.

Candidate must at least have experience performing IA/C&A/A&A activities including knowledge of NIST SP 800-53 IA controls and use of automated testing tools. Must possess an IT background, particularly as it relates to locking down, hardening, and auditing information systems. Experience should include security related implementation, operation, and/or management of IT security solutions, knowledge of the principles, methods, and techniques used in security, application, and/or network engineering. Must be able to work independently and be open to at least 25% travel.

The successful candidate will be experienced and successful at solving cyber security issues, enjoy working in a dynamic, responsive, and collaborative environment, and be dedicated to the success of customers. Preferred experience and technical knowledge in security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security.

Candidate must have experience in the understanding, application, and verification of IT Security policies and procedures. Must have the ability to communicate with and distill information from technical resources during formal and informal meetings. Must be able to serve as a tester on various C&A/IA/A&A test events during which compliance with NIST SP 800-53 IA controls will be assessed.

Required Skills:

  • Experience with NIST SP 800-53 IA Controls
  • Understanding of device and network security and hardening
  • Experience with DoD and NIST C&A/A&A

Desired Skills:

  • Experience with Veterans Affairs C&A/A&A process
  • Experience with FedRAMP
  • Other Microsoft, Linux, Cisco, or security certifications
  • Experience working in a service desk environment and supporting customer infrastructure
  • Coding/Programming experience (Python, Perl, Shell, Bash, Batch, etc.)
  • Other testing tool experience (Nmap, Nessus, WebInspect, AppDetective, Metasploit)

Minimum Education and Certifications:

  • Prefer at least one of the following certifications: Lunarline, Inc. School of Cyber Security “Certified Expert” certifications, Security+, CISSP, CISM, CEH, Network+, CAP, or SANS security certifications
  • Bachelor’s degree in IT related field or equivalent technical certifications

Location: Boston, MA Metro Area

CLICK HERE TO APPLY

Disclaimer

Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.
Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration (“SSA”) and/or the Department of Homeland Security (“DHS”) of your authorization to work in the United States.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.