Job Description :
Job Title: Sr. IT Security Specialist
Location: Cary, North Carolina
Duration: 6 month + contract

Interview: Phone/Skype

MUST HAVES: Fedramp, PCI, IDS / forensics, Windows administration and security, security certifications like CISSP, or sans certifications*

typically 7 or more years of related experience working within the Information Security discipline.
Skills & Competencies

Use skills as a seasoned, experienced professional with a full understanding of industry practices and company policies and procedures; resolve a wide range of issues in imaginative as well as practical ways.
Highly advanced understanding of role based access Security for Business Applications (i.e.: SAP, Hyperion,, and others)
Highly advanced understanding of various web server technologies (IIS, Apache, Tomcat) and SSL certificate management solutions
Advanced understanding of remote access technologies such as VDI, Juniper SSL VPN, and others
Advanced understanding of Security Information and Event Management concepts
Highly advanced understanding of wireless security solutions and protocols
Advanced understanding of Firewall policy management and cisco router / switch security configurations
Advanced understanding of Patch and Configuration management concepts and tools (MBSA, WSUS, Patch research and analysis)
Advanced understanding of regulatory controls and industry standard like SOX, ISO27000, PCI and SAS70 Type2
Highly advanced understanding of Access Management topics including but not limited to SAP Authorization Concepts, Business process, Segregation of duties review, and GRC tools
Advanced understanding of programming and secure coding; Exploit Code reverse engineering knowledge is preferred.
Senior-level exposure to systems analysis, application development and database design.
Excellent Oral and Written Communication as well as the ability to interact effectively with peers and IT Mgmt.
Ability to coach and mentor junior staff
Highly advanced understanding of various operating systems and security configurations within (i.e.: AIX, Mainframe, Redhat, Solaris, Windows, Suse, Cisco IOS, Apple MacOS, Apple IOS, Google Android)
Advanced knowledge of IT Security Risk management practices
Advanced understanding of Computer Networking Concepts / Solutions (i.e.: TCP/IP, IPv6, Proxies, Switching, Routing, VPN Tunnels, DHCP, Subnets, VLAN''s, Sniffers)
Advanced understanding of protocols that closely impact security (i.e.: HTTPS, LDAP, SAML, Web Services, SSH, SSL, RDP, NetBIOS, Routing Protocols, FTP/SFTP, etc…)
Advanced understanding of high level security concepts related to Cloud Computing, Web 2.0, Security Incident Response, Zero Trust Model, Enterprise Log Management, BCP/DR, IT Audit and Awareness Training
Advanced understanding of Identity and Access Management concepts (Multifactor Authentication, Identity Management, Enterprise Directory / LDAP)
Highly advanced understanding of End Point Protection (i.e.: Host-based IDS/IPS /Firewall, Anti-malware, End point hardening, NAC/NAP); Direct experience with McAfee EPO preferred
Advanced understanding of computer forensics concepts and solutions (Access Data, Encase, Disc Imaging, eDiscovery)
Advanced understanding with ITIL practices such as Incident, Request, Change, and Access and Problems Mgmt.
Advanced understanding of Network-based Intrusion Detection / Prevention (Sourcefire, Snort, Signature Creation, etc
Advanced understanding of Vulnerability Management concepts and solutions (Denial of Service, Port Scanning, Finger-printing, remediation, Nessus/NMAP); Direct experience with commercial great enterprise vulnerability management tool is preferred
Strong understanding and proven ability to build work breakdown structures, tasks and activity timelines.
Ability to effectively and pragmatically estimate activities and project activities and conform to delivery within time limits and budgets is critical to the success of this position.

Certifications • has completed all primary certifications in area of specialty. CISSP, ITIL v3, CCFE, CHFI or other forensics certification desired. MUST HAVES: Fedramp, PCI, IDS / forensics, Windows administration and security, security certifications like cissp , or sans certifications*