Submit a job posting: Google Forms
Disclaimer: These job listings are generally provided by our users and are not legally binding. Please discuss all employment details with the company you’re applying to. Thanks!
First Citizens Bank
Listing Date: 05/14/2018
Contact: See Link or dm @chudel
Title: Senior Information Security Architect I
Location: Raleigh, North Carolina, USA
Description:
https://careers.teradata.com/index.gp?method=cappportal.showJob&layoutid=2092&inp1541=&inp1375=200246&opportunityid=200246
Position Description:
As a Senior Information Security Architect, you will be a member of the bank’s Information Security Architecture & Solutions team. This position will help establish and implement the overall security direction of First Citizens Bank. This role will provide strategic technical vision (3-5 years out) while directing immediate tactical architecture initiatives. Also, this position will ensure the overall quality of technology implementations across multiple domains, including data, application and infrastructure, supporting multiple business units, development and operations managers and their teams are secure. Lastly, the architect will be responsible for the design and integration of key systems that require a fundamental change to the overall corporate technology strategy and direction.
Salary: Good benefits (401k match(6%) and bonus, 3+ weeks PTO, jeans-ok). Oh, and good training budget.
Qualifications:
Position Requirements:
Bachelor’s degree with a minimum of 10 years of experience in application development, systems engineering or IT management, including minimum of 5 years enterprise security architecture experience.
-Or-
High school diploma or GED with a minimum of 14 years of experience in application development, systems engineering or IT management including minimum of 5 years enterprise security architecture experience.
Additional Requirements:
• A minimum of 10 years of hands on development and design experience in software and systems development, with working knowledge of threat intelligence, vulnerability management, penetration testing, security monitoring and enforcement infrastructure.
• A minimum of 10 years of experience across network, mainframe, server, and database platforms as well as application designs that cross those platforms.
• A minimum of 5 years of experience with information security/technology principles and practices.
• Working knowledge of financial business and technology.
Other Preferred Qualifications:
• Bachelor’s degree or Post graduate degree in Computer Science.
• Banking/financial services industry experience.
• Certifications such as CISSP, GIAC, ITIL.
Remote Work / Travel: N/A
Clearance: No
Teradata
Listing Date: 5/2/2018
Contact: See Link or dm @r00k
Title: Staff Offensive Security Researcher
Location: San Diego, California US
Description:
https://careers.teradata.com/index.gp?method=cappportal.showJob&layoutid=2092&inp1541=&inp1375=200246&opportunityid=200246
As a Staff Offensive Security Researcher, you will be a key contributor to all aspects of the Teradata offensive security program. Every day is different as we strive to identify security risks, automate repeatable tasks and processes, and support our product teams as they build secure, next-generation analytics toolsets. A participant in architecture and design meetings, your alternative perspective will ensure robust and hardened products. You will design and execute a variety of security assessments, including penetration test, vulnerability assessments, and red team operations to explore and demonstrate potential threats and highlight risk. As part of a small and diverse team of experts in their field you will be learning and growing on a daily basis. You will provide valuable insight to senior members of teams across Teradata, helping them to develop a security first mindset.
Salary: Our total compensation approach includes a competitive base salary, 401(k), strong work/family programs, and medical, dental and disability coverage.
Qualifications:
Excellent written and verbal communication skills
Ability to communicate effectively with business representatives in explaining findings clearly and where necessary, in layman's terms
Knowledge of networking fundamentals (all OSI layers)
Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes
Knowledge of software exploitation (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, etc
Ability to automate tasks using a scripting language (Python, Ruby, etc)
Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
Knowledge of conducting physical security penetration testing in small independent teams
Knowledge of malware packing and obfuscation techniques
Ability to perform targeted penetration tests without use of automated tools
Ability to read multiple programming and scripting languages
Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work
5+ years in an offensive security position or 8+ years in security
Advanced Penetration testing focused certifications preferred (OSCE, GXPN, GWAPT, eWPTX, ECPTX)
Remote Work / Travel: 15% Travel for training, occasional WFH
Clearance: No
Teradata
Listing Date: 5/2/2018
Contact: See Link or dm @r00k
Title: Associate Offensive Security Researcher
Location: San Diego, California US
Description:
https://careers.teradata.com/index.gp?method=cappportal.showJob&layoutid=2092&inp1541=&inp1375=200265&opportunityid=200265
As an Associate Offensive Security Researcher, you will be a key contributor to all aspects of the Teradata offensive security program. Every day is different as we strive to identify security risks, automate repeatable tasks and processes, and support our product teams as they build secure, next-generation analytics toolsets. A participant in architecture and design meetings, your alternative perspective will ensure robust and hardened products. You will execute a variety of security assessments, including penetration test, vulnerability assessments, and red team operations to explore and demonstrate potential threats and highlight risk. As part of a small and diverse team of experts in their field you will be learning and growing on a daily basis. You will provide valuable insight to senior members of teams across Teradata, helping them to develop a security first mindset.
Responsibilities
Review threat model and provide alternative perspective on potential security concerns
Conduct wide range of internal security assessments using architecture and threat model documents to identify and exploit product security flaws before public release
Act as liaison between external penetration testing firms and internal product teams to ensure low friction, high value external engagements
Assist product teams in remediation efforts by clarifying finding details and identifying best practice fixes or mitigations
Participate in working groups to evaluate and refine secure development lifecycle strategies and procedures
Evaluate existing automated security scanning tools, or develop when practical, to identify vulnerabilities in continuous test environment to eliminate potential of repeat findings over multiple tests
Contribute to and support effort to build intellectual property via patents
Design and present developer security education
Conduct security assessments such as penetration tests, vulnerability assessments, and red team operations
Write and present detailed reports with findings and remediation recommendations, with both technical and non-technical staff as audience
Salary: Our total compensation approach includes a competitive base salary, 401(k), strong work/family programs, and medical, dental and disability coverage.
Qualifications:
Excellent written and verbal communication skills
Ability to communicate effectively with business representatives in explaining findings clearly and where necessary, in layman's terms
Knowledge of networking fundamentals
Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes
Knowledge of software exploitation (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, etc
Ability to automate tasks using a scripting language (Python, Ruby, etc)
Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
Knowledge of conducting physical security penetration testing in small independent teams
Knowledge of malware packing and obfuscation techniques
Ability to perform targeted penetration tests without use of automated tools
Ability to read multiple programming and scripting languages
Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work
1+ years in a security focused position or 3+ years in related IT field
Penetration testing focused certification preferred (OSCP, GPEN, GWAPT, EWPT)
Remote Work / Travel: 15% Travel for training, occasional WFH
Clearance: No
Texas Health Resources
Listing Date: 1/5/2018
Contact: See Link or dm m0use in slack
Title: CyberSecurity Analyst III
Location: Arlington, Texas
Description:
http://jobs.texashealth.org/ShowJob/Id/1460021/Cybersecurity-Analyst-III/
Salary: Market
Desired Education / Certifications:
Bachelors
Remote Work / Travel: 2 days per week remote AFTER 90 days must live in Texas
Clearance: No
Rackspace
Listing Date: 12/13/17
Contact: @Paradoxical (netsec slack -- for referral)
Title: Google Deployment Engineer
Location: Remote, US
Description:
In this role you will:
Work with a talented team to build the foundation of Managed GCP at Rackspace
Automate infrastructure builds and deployments for customer environments utilizing GCP and associated services
Develop tools and processes to improve customer and Racker lives
Educate customers and Rackers on best practices in terms of redundant architecture and application deployment workflows
Salary: ?
Desired Education / Certifications:
Proficiency in Python or Go
Experience working in a containerized environment (Docker/LXC) with Kubernetes exposure
One or more of the following certifications: Google Certified Professional Cloud Architect or Google Certified Professional Data Engineer
Relevant technical certifications in Google Compute Platform, RedHat, MySQL, and other related technologies
Experience working with Service Oriented or Microservices Architectures
Remote Work / Travel: Remote US
Clearance: No
Rapid 7
Listing Date: Dec 6, 2017
Contact: @Kalabaster on slack
Title: Potato Engineer
Location: DC Metro
Description:
Work supporting the Rapid7 Managed Detection and Response SOC, a 24/7 SOC with flexible hours with general shift work. Do like data? We like data. We like getting this data and enriching it, correlating it, and transforming it into something that doesn't make security analysts and threat hunters want to cry themselves to sleep.
You will be building infrastructure and code to support your own developed toolsets (or integrate POC'd code developed by analysts) to enable the finding of evil in small to large (20,000+ endpoint) environments. Beers in the office fridge, nerf guns, weekly voluntary training sessions on voted topics, and the chance to chill with some of the smartest misfits in the biz (and also me).
Do you want to Build services and applications to enable efficiencies for service delivery teams?
Do you believe there is a better way to do incident detection and response, vulnerability management, and application security?
Can you work on standing up and maintaining well documented Rest API frameworks that analysts can query with their own duct-taped together scripts.
Can you make JSON great again?
Can you appreciate the need to take in ALL THE DATA (so analysts don't have blind spots), then turn that data into info, and then make sure that only the things that matter keep getting served up and drop the other stuff.
Can you Go, JS, Python, play in the cloud, play with JSON, and play with databases all at once, or want to learn how to?
Can you handle do all of the stack on the front end to make these million data points into not just something pretty, but something with consistent and considerable value to other technically minded individuals?
Can you handle analysts handing off POC (broken, sad, but effective/working) code and saying "plz maek enterprize pretty".
Formal Listing:
Role and Responsibilities
Extend or create tools to support build/release/deploy/configuration/monitoring of a microservice based platform
Select technical infrastructure solutions (database, web/API components, automation) to meet the goals of the application
Contribute to broader engineering initiatives
Provide documentation and training for tooling
Troubleshoot development and production cloud issues
Manage VPC, DNS, load balancers, instances and containerized applications
Linux system administration
Job Qualifications
Experience with container orchestration tools (such as Docker Swarm, Kubernetes, Nomad, etc)
Experience with infrastructure-as-code tools (such as CloudFormation, Terraform, etc.)
Experience with configuration management tools (such as Chef, Puppet, Ansible, etc.)
Experience with service discovery tools (such as Consul, ZooKeeper, etcd)
Experience with Jenkins (Job DSL/groovy in particular)
Experience with Python (development or deployment support)
Experience training and mentoring across teams
Experience with deploying and maintaining relational, document, and node based database technologies
Desire to constantly expand technology skill set
Job Pluses
Experience with NodeJS and Go
Experience with continuous integration/continuous delivery
Experience with information security
Experience with developing infrastructure as a pipeline
Experience developing solutions across global boundaries
Salary: It's wide, plus a chunky bonus
Desired Education / Certifications: School of Hard Knocks
Remote Work / Travel: Flexible WFH hybrid
Clearance: None
Rapid 7
Listing Date: June 13, 2017
Contact: @Kalabaster on slack
Title: Cyber Potato
Location: Alexandria, VA or Dublin, Ireland
Description:
Work in Rapid7 Managed Detection and Response SOC, a 24/7 SOC with flexible hours with general shift work. This is a threat hunting and incident response roles, with a monitoring component. This is a 15% network based, and 85% host based shop. Be familiar or willing to learn about using host based forensic artifacts. Beers in the office fridge, nerf guns, weekly voluntary training sessions on voted topics, and the chance to chill with some of the smartest misfits in the biz (and also me).
Ignore the garbage on the posted ad, these are the things that matter:
Can you speak to how you can catch bad guys?
If someone finds malware on a system, can you do something with it that isn't just "look it up on virustotal and see if it's bad by its score" (i.e. find it out how it got there and what it did using filesystem, memory, network forensics)?
If I gave you a malicious PDF, how could you figure out how to see if it's bad (using google, etc)?
How can you prove evidence of execution on a file system?
What's shimcache and why is it useful?
What are different ways malware can establish persistence?
Can you code in python, go, or angular.js?
If I gave you a 2 GB csv of log data, can you do something useful with the data inside it, other than cry uncontrollably?
If you don't know the answer to these things, would you be able to learn it quickly if I gave you recommended reading on the subject?
Have you read and can you speak to any of these books: "Incident response and Computer Forensics, Third Edition", "Practical Malware Analysis", "The Art of Memory Forensics"?
Salary: 25-40k (Belfast), 90k-130k (Alexandria) + 10% bonus (can go higher based off performance). Base salary in DC can go deep into 6 figures, but you have to actually know your shit for that.
Education: Not Listed
Desired Education / Certifications: None required, SANS/GIAC is preferred
Remote Work / Travel: Flexible WFH hybrid
Clearance: None
McAfee
Listing Date: 11/6/17
Contact: [email protected]
Title: McAfee Strategic Technical Lead
Location: Chicago, IL
Description:
McAfee consultant will provide solution management and support advocacy for Customer. The consultant is there to focus on driving a deeper and broader use of McAfee products. High level tasks, include but not limited to:
Work with Customer staff to understand customer environment, technologies, and policies
Advises on strategic direction for security solutions across the enterprise
Provides recommendations on product usage
Coordinates McAfee business and security processes across the organization
Provides assistance and validation of implementation timelines and delivery management
Communicates clearly to executive management and manages the reporting process
Coordinates and drives McAfee solutions and direction across business units to achieve measurable increases in product deployment, end-user knowledge, and operationalization
Is empowered, with Customer approval, to participate in hands on deployment, configuration, and tuning tasks
Provides up to date information on product updates and alerts
Has direct access to:
Top tier McAfee product specialists
McAfee knowledge base
Downloads and platinum portal
McAfee incident response services
McAfee Labs
Salary: n/a
Education: n/a
Remote Work / Travel: Local Only
Clearance: None
McAfee
Listing Date: 11/6/17
Contact: [email protected]
Title: McAfee Endpoint Specialist
Location: Chicago, IL
Description:
McAfee consultant will be the primary point of contact for actions and questions regarding McAfee endpoint technologies
The McAfee consultant will work with Customer-appointed personnel to deploy McAfee endpoint technologies to Customer environment in a phased pilot approach, automate ePO and upgrade McAfee Endpoint Security (“ENS”) to latest version.
McAfee consultant will then provide oversight and assistance to customer
McAfee consultant will attempt to reduce risk within the environment through activities that improve product coverage;
Analyze data to focus on actionable events
Assist with incident management
Identify vulnerabilities or threats that introduce weaknesses in the solution design
Make recommendations for configuration changes and lead activities related to Product deployment.
McAfee consultant will work with Support to resolve open tickets.
Salary: n/a
Education: n/a
Remote Work / Travel: Local on-site only
Clearance: None
Infinity Consulting Solutions
Listing Date: October 19, 2017
Contact: @icscampbell on slack / [email protected]
Title: Cyber Security Analyst
Location: Northbrook, IL
Description:
Responsibilities:
Seeking a highly technical penetration tester or ethical hacker with a software development background and domain experience in embedded product and software testing. Will conduct advanced penetration tests, hacking to identify issues in embedded products and software. Will conduct vulnerability testing, risk analyses and security assessments.
Key Tasks:
• Demonstrate a deep interest in learning new technology platforms for security testing, and forensics.
• Keep abreast on latest security news/trends.
• Conduct security tests using automated tools, ad-hoc tools and manual testing
• Conduct penetration testing against different technological domains including, but not limited to, web products, hardware products, wireless products, software, cloud based software, smart device applications.
• Assess and calculate risk based on vulnerabilities and exposures discovered during testing.
• Create required information security documentation technical reports and formal papers on test findings, and complete requests in accordance with requirements.
• Handle and complete customer projects to the defined requirements in the timeframe required by customer with the highest quality and integrity of work.
• Meet and exceed customer's expectations with projects and other related tests and activities.
Qualifications:
Generally two years' experience in cybersecurity, software development, or ethical hacking.
Experience installing and using various OS distributions and application packages.
Hands-on experience with commercial, open source and free security solutions such as AppScan, Fortify, Maltego. Kali Linux, Nessus, OpenVAS, Qualys, Core Impact Pro, MetaSploit, nmap, nessus, ettercap, static source code analysis tools, fuzzing tools, dynamic binary testing tools.
Understanding of security issues on various operating systems, open source web and database platforms
Experience scripting in one or more of the following languages: sh, csh, perl, python, awk, ruby and programming experience in C, C++, Java.
Strong expertise in testing in two or more of the following domains: Embedded software, embedded security, industrial control systems / SCADA, medical devices, telecom and networking equipment.
Salary: $90000.00 - $120000.00 base + performance bonus
Education: None required / CEH, CISSP, CISA, GIAC preferred
Remote Work / Travel: Flexible / No travel required
Clearance: no