Security Analyst
Sacramento, CA
6+ months
Onsite
Required Skills:
3 years demonstrated experience assessing the security of complex integrated applications with the following characteristics:
o Internet accessible databases containing personal (confidential) information.
o Availability, backup, recovery, and data integrity issues of 24/7 systems.
o Very large database and high-volume online system, that includes over 1 million records and 100K transactions a year Multiple tier application systems.
o 2-factor or other physical security controls.
3 years demonstrated testing experience for each of the following:
o Security and penetration/vulnerability testing
o Cloud and virtualization security
o OS hardening (Windows, Linux)
o HTTP
o TCP/IP
o Encryption
o Routing protocols
o Layer 2 and Layer 3 security
o Database security and SQL vulnerabilities
o DNS architecture and security implications
o IT security best practices
o Microsoft.Net Framework
o Application and database servers
o Azure Government hosting
o Azure Services
o Wide Area Network infrastructure
o IIS
o Microsoft SQL Server
o Web Services security
o Microsoft Windows Services
o Microsoft Active Directory
o Public Websites
Simple Object Access Protocol (SOAP)
Bachelor's Degree in an IT-related or Engineering field.
Valid Certified Information Systems Security Professional (CISSP) Certification
Desired Skills:
3 years' demonstrated experience in providing security planning and implementation services, with at least one large scale government system integration project.
3 years demonstrated experience assessing security risks for applications built with:
o Reporting Services
o Internal Web Applications
o Multi-node (statewide) networks
o Experience with industry standard compliance frameworks (SOX, NIST, etc.)
Understanding of State Administrative Manual (SAM) Section 5300, Information Security.
Naresh Damagalla
Email:
Phone: