Job Openings

This section contains current job openings and other helpful resources on career advancement for SV-ISSA members and other Bay Area security professionalis.

To post new security job openings and other career centric information in this area please send the title, a short description, and the URL for the detailed description to the chapter webmaster at webmaster@sv-issa.org.

 

Solution Analyst (Cybersecurity) in San Francisco - Conde Group

Responsibilities:

  • Document and conform to processes related to security monitoring to identify control weakness and assess effectiveness of existing controls. Provide regular reports on security incidents, service levels and project status. Assess and report on threats, vulnerabilities and residual risk; and recommend remedial action. Participate in knowledge sharing with other analysts and develop solutions efficiently.
  • Analyze artifacts and data from incidents and breaches.
  • Analyze potential infrastructure security incidents to determine legitimate incidents from false alarm. Initiate escalation procedure to counteract potential threats/vulnerabilities. Appropriately inform and advise management on incidents and incident prevention.
  • Monitor and analyze cyber security new and open source intelligence streams.
  • Plans delivery of security solutions; answers technical and procedural questions, as well as interface with other technical personnel and teams; prepares cost estimates.
  • Provide guidance and direction regarding security control elements in policies throughout the organization. Monitor and enforce the effectiveness of Enterprise wide information security programs and policies.

Requirements:

  • Bachelor's Degree in Computer Science or related field or equivalent combination of education and experience.
  • 3 - 6 years of work experience in any of the following areas: computer programming, network administration, system administration, security administration, security operations or security architecture.
  • Experience with security monitoring tools, vulnerability assessments, compliance advising. Knowledge of network infrastructure and protocols. (Routing, switching, firewalls, HTTP,DNS,IP,etc.). Ability to write scripts and small programs using Python or Perl. Basic ability to write regular expressions. Understanding of Unix based operating systems. Excellent problem solving skills. Excellent verbal and written communications skills.
  • Must be capable of passing a level II FBI background check. Occasional work outside of scheduled hours

To Apply contact ksutton@condegroup.com

Application Security Engineer - Staff - Elementum SCM, Inc.

Who is Elementum™?

Elementum helps companies get their products to market faster and more efficiently. Whether it’s a cup of coffee, the latest smartwatch, or life-saving medicine—we're accelerating the $25T product economy. How? With a suite of real-time supply chain apps that are giving traditional enterprise software companies an identity crisis. And here's the most exciting part: we're building out the world’s Product Graph™, a digital mapping of the global product economy—bigger than Facebook’s Social and LinkedIn’s Jobs Graphs COMBINED.

Reporting to the Head of Security, the principal duties and responsibilities of the Senior Application Security Engineer include but are not limited to:

What you’ll be doing

  • Performing technical security assessments on our web applications, mobile clients and architecture designs
  • Efficiently scoping blackbox, whitebox and graybox assessments to optimize security review time and resources
  • Communicating risks effectively to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns for security topics
  • Maintaining and creating secure development practices and programs for our engineering teams and external developers
  • Acting as an ambassador for the secure development lifecycle within Elementum
  • Seeking out opportunities to automate processes when appropriate
  • Identifying risk in code, applications, processes, and architecture
  • Tracking and responding to issues detected during internal reviews or reported via our Vulnerability Assessment, Penetration Testing, and Bug Bounty programs
  • Prioritize issues and assign an appropriate CVSS score and follow up with different teams to address those issues

Requirements

  • Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Checkmarx, Veracode, Sonar Source or similar
  • Knowledge of common security flaws and resolution as published by CVSS, CERT, OWASP, SANS, etc.
  • Deep understanding of web application architecture and design principles
  • Knowledge of authentication mechanisms like SAML, OAuth, JWT, etc.
  • Strong written and verbal communication skills and communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
  • Ability to learn new technologies quickly and provide appropriate security advice
  • Knowledge of how to test code and applications across various platforms (Web, iOS, Mac, Windows, Android, etc) for security and quality
  • Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues

Nice to haves

  • Current or former security training or certifications such as SANS GWAPT, GPEN, CEH or similar is a plus
  • Experience with manual secure code review in languages such as: Java, JavaScript
  • Background in software engineering and common development practices in a collaborative and dynamic environment
  • Public speaking engagements or published research is also a plus
  • Experience with AWS services and familiarity with Supply Chain Management products is a plus
  • Understanding of FEDRAMP, SSAE16 SOC 2, PCI DSS a big plus

Qualifications

  •  5+ years experience in security testing of web applications and native mobile apps
  • Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship and/or work experience; Master’s preferred.

Competitive Benefits:

  • Medical, Dental, and Vision are 100% covered by Elementum for employees
  • 401k matching
  • Free, daily catered lunches
  • Commuter benefits: CalTrain GoPass & WageWorks
  • Company outings
  • Casual dress code
  • Open vacation policy
  • Pets at work!
  • Engage with (and give high-fives to) senior management regularly
  • Get in on the ground floor of a huge opportunity

Apply via https://boards.greenhouse.io/elementum/jobs/1065871?gh_jid=1065871#.Wqmi...