[Noisebridge-jobs] Information Security Analyst/Engineer - Santa Clara, CA
irish.masms
irish.masms at gmail.com
Thu Nov 19 09:40:31 UTC 2015
Hello all – the cloud security startup Palerra in Santa Clara,
California is on a quest to staff up our Lab and InfoSec team. The PD
and link to apply is below; ping me if you have any questions or if you
applied.
Thanks - and good luck!
*Information Security Analyst/Engineer *
Location: Santa Clara, CA (local candidates preferred)
*Overview:*
Palerra is seeking a motivated and experienced Information Security
Analyst or Engineer with technical and data analytics experience for our
Information Security & Compliance team. We are a cloud security company
with an extremely fast-paced environment that requires coordination of
team efforts to thrive.
*Role:*
Enjoy being part of a startup team and creating everything from the
ground up, from compliance and audit controls to incident management and
product security. This is an opportunity for an information security
analyst or engineer who is familiar with using and securing cloud
platforms and wants to help set up a new information security risk
management program. Your involvement in our team’s efforts will be wide
and broad, with impact felt throughout the organization. Your deep
understanding of the discipline of information security will help us
meet compliance requirements and address our own and our customers’
risks. You can communicate your knowledge to colleagues, stakeholders,
and the community at large. You will provide recommendations for
enhancing our platform’s capabilities, while also helping to monitor and
secure our own environment and ensure that compliance and audit
requirements are met.
*Required skills:*
*
Ability to monitor, evaluate, and interpret vulnerabilities/CVEs,
vulnerability assessments, cloud platform/system/device/IDS/IPS
logs, threat analysis, and malware.
*
In-depth, practical knowledge of how legitimate users administer,
use, and secure common operating systems and cloud platforms, and
how malicious actors exploit them.
*
In-depth knowledge of how legitimate users administer, use, and
secure common consumer and enterprise network devices and systems,
and how malicious actors exploit them.
*
Thorough understanding of computer networking, routing, and protocols.
*
Understanding of information security architecture, mitigation of
threats, and compensating controls.
*
Experience with and proven methods for managing the information
security incident lifecycle, including incident response,
mitigation, after-action reporting, and mapping a path forward.
*
Knowledgeable about and able to apply open-source and proprietary
information within the industry.
*
Excellent oral and written communications skills for working with a
diverse professional clientele with varying levels of technical
experience. Ability to interact with customers and co-workers both
in person and in writing.
*
Ability to research highly technical topics and derive logical
conclusions using well thought out processes.
*
Ability to combine information from various sources into clear,
concise technical documents that explain the background and
procedures for detecting and mitigating risks.
*
Experience with enterprise risk management programs, including
internal audits, consulting engagements, information technology
reviews, audit, and compliance efforts.
*
A willingness and desire to learn.
*
Possess and nurture a hacker mentality: Being able to visualize
issues and possible solutions outside the box.
*
Must be a conscientious, punctual, professional and devoted member
of our team; with the ability to safeguard sensitive, restricted,
and other information deemed to have special handling and
dissemination protocols.
*
Highest level of ethics and core values.
*Preferred skills:*
*
Experience with startups and agile development.
*
Experience with and proven methods for analyzing and interpreting
information from Security Operations Centers (SOCs), Computer
Security Incident Response Teams (CSIRTs), or SecOps systems.
*
Proficient with one or more of the following:
python/java/SQL/spark/Cassandra Query Language (CQL).
*
Familiarity with big data platforms (Hadoop, Cassandra),
*
Proficiency with using and securing popular cloud services (SAAS,
IAAS, etc.).
*
Familiarity with digital forensics procedures and tools, malware
analysis, and reverse engineering.
*
Ability to apply statistics and other mathematical methods to data
analysis.
*
Having or planning to have SANS certifications is a plus. Examples:
GIAC Certified Incident Handler (GCIH), GCIA: GIAC Certified
Intrusion Analyst, Certificate of Cloud Security Knowledge (CCSK)
from the Cloud Security Alliance (CSA). The ability to articulate
and demonstrate skills are as or more important than the certification.
*Education, certifications, and other requirements*
*
Bachelor's degree, a combination of experience and/or Associates
degree, or an equivalent combination of equivalent education and
work experience. Degree must be from an accredited institution, with
degree in a technical discipline or significant coursework in
Information Security or Information Technology is preferred.
*
At least five (5) years in Information Technology and/or Information
Security, including at least three (3) years doing information
security risk management, including intrusion analysis, monitoring
and detection, and threat/vulnerability analysis.
*About Palerra*
Palerra is a pre-IPO company that offers a competitive salary and
benefits. This is a full-time, exempt position reporting to the director
of LORIC Labs/Information Security and Compliance team. The
responsibilities and duties described here are intended to provide
typical examples of the role and are not comprehensive.
Web site: https://palerra.com/careers/
Posting:
https://www.linkedin.com/jobs2/cap/view/86787946?pathWildcard=86787946&trk=job_capjs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-jobs/attachments/20151119/fd03f1d6/attachment-0002.html>
More information about the Noisebridge-jobs
mailing list