Geeklog Site

FBI Computer Scientist Position

Mon, 04 Aug 2008 12:05:03 -0700

Company: FBI, San Diego, CA

Contact: CS Jennifer Kolde - FBI San Diego Division

Status: Position Open

Type: Full Time

The FBI, San Diego Field Office, National Security Cyber Squad, will post a position for a Computer Scientist in the near future. The Computer Scientist (CS) is responsible for providing technical support and subject matter expertise to FBI Special Agents and Intelligence Analysts related to sensitive computer network intrusions and intelligence matters. While the CS will perform a variety of duties, his/her primary responsibility is identifying computer network attacks and data compromise using techniques such as malware analysis, forensic analysis, log file analysis, large-scale data analysis (correlation / trending), network traffic analysis, and the development of tools and / or programs to assist with or automate the same.

The CS will work in a team environment in the production of relevant written reporting and briefings within the FBI and other U.S. Government entities. As such, strong written and oral communications skills are essential. In addition, as a subject matter expert, the CS is expected to monitor and provide insight into trends in the security community (vulnerabilities, threats, exploits, changing techniques, risks, etc.).

The position will be at the GS13 or GS14 level with an adjustment for San Diego locality pay. The salary grade and step are determined from the selected candidate’s experience and prior employment.

Interested candidates must meet the following minimum requirements to apply:

US Citizen
Ability to obtain a Top Secret-SCI clearance
Completion of a four-year course of study at an accredited college or university (e.g., Bachelor's degree or higher)
Minimum of 30 semester hours of mathematics, statistics, and computer science

Once posted, the position will be open to applicants for only a short window of time (usually 10 days). As such, we encourage you to forward this information to anyone who may be interested in applying so that interested candidates can become familiar with the hiring process, especially the need to apply immediately and completely when the position is posted. The application process requires submission of a current resume, official college / university transcripts, and completion of an online application (to include a set of multiple choice / essay questions describing the candidate's relevant experience). Interested candidates are strongly encouraged to visit the FBI Jobs web site (http://www.fbijobs.gov) to register and review the application process.

Additional information about employment with the Federal Bureau of Investigation can be found on the following web sites:

1. FBIJobs: www.fbijobs.gov

- Job posting and application web site.

2. Office of Personnel Management: www.opm.gov

- Salary, benefits, and other information related to Government employment

3. FBI: www.fbi.gov

- FBI web site

Candidates who are interested in applying for the position should register on the FBIJobs web site, and sign up for email notification to receive an alert when the position is posted.

SDISSA General Membership Meeting 13 August 2008

Fri, 20 Jun 2008 08:22:56 -0700

Please spread the word and support the security community with your attendance at our next "OPEN" General Membership meeting and bring a friend.

Please register for the chapter meeting ONLINE at Acteva!!!

Registration fee for meeting:

$10 – ISSA Members
$20 – Non-ISSA Members

NEW MEETING LOCATION: Admiral Baker Clubhouse

Presenter:

Faizel Lakhani, Vice President of Products and Marketing
Reconnex

Subject:

Data Loss Prevention: Best Practices

Presentation Abstract:

Data loss has garnered headlines with very public breaches recently. These are the breaches that organizations have been forced to disclose; imagine all the leaks occurring that go undetected. This session will provide industry best practices for the processes around data loss prevention and a methodology for identifying and protecting sensitive data that can be applied at any organization.

Presenter's Bio:

Faizel Lakhani is responsible for product strategy at Reconnex. Prior to joining Reconnex, Lakhani was Vice President of Products at ConSentry Networks, a leading LAN security company, responsible for overall product strategy and direction. Prior to ConSentry, Faizel was Vice President of Products at Caspian Networks, a flow-based routing company.

Faizel began his career at Nortel Networks holding a number of executive roles in product management for new and emerging products. Faizel holds a Masters Degree In Engineering from Carleton University, an MBA from the University of Ottawa and a Bachelor of Engineering in Electrical Engineering from McMaster University.

Date: Wednesday, 13 August 2008

Time: 11:30 - 1:00 PM

Schedule:

11:15 – 11:45 Networking/Lunch
11:45 – 12:00 Chapter Announcements/Attendee Self-Introductions
12:00 – 12:40 Presentation (write down your questions for Q&A)
12:40 – 12:50 Q&A
12:50 - 1:00 Plaque Presentation to Speaker/Raffle (Chapter Members and qualified prospective Members only)

Location: Admiral Baker Clubhouse, 2400 Admiral Baker Rd, San Diego, CA 92120 (619) 556-5502

Registration fee for meeting:

$10 – ISSA Members
$20 – Non-ISSA Members

Please register or RSVP to (secretary@sdissa.org) no later than 8 August so that lunch preparations can be made to satisfy the expected audience size.

Remember: If you are a CISSP or SSCP, meeting attendance qualifies for a CPE credit towards recertification.

The Admiral Baker Clubhouse

Wed, 04 Jun 2008 09:15:50 -0700

NEW MEETING LOCATION
Located just East of Friars road and Highway 15

The Admiral Baker Clubhouse
At 2400 Admiral Baker Rd, San Diego, CA 92120
(619) 556-5502

Take Fairs road east until Santo Road, take a left and very soon veer right onto the Admiral Baker Clubhouse. Then stay left and follow the road around to the clubhouse. No base sticker or government badge is needed.

You’re going to love the setting, ambiance, and history of the place!

Driving Directions from Highway 15:

1) Take Friars Road exit East. Pass through the first stoplight (Rancho Mission).
2) Turn left at the second light (Santo Road).
3) Make an immediate right turn onto Admiral Baker Road.
4) Follow the road to its end at the golf course clubhouse.

San Diego Chapter of ISSA to Present Student Scholarship

Wed, 07 May 2008 15:00:00 -0700

Scholarship to be presented at the Hoover High School’s Academy Awards

San Diego, CA – May 8, 2008 – The San Diego Chapter of the Information Systems Security Association (ISSA) announced that they will present a $1,500 scholarship at this year’s Hoover High School Academy Awards on Thursday, May 15, 2008. The scholarship will be awarded to a student belonging to the Academy of Information Technology (AOIT), an organization emphasizing the importance of technology and integrating its uses in a variety of subjects.

“By supporting organizations in our community such as the AOIT we can help ensure that information technology continues to be an area of continued educational growth, the earlier students are exposed to the capabilities of technology the better prepared they will be for college and the work force”, says Peter Bybee, President of the San Diego ISSA chapter, “if we want to continue to see advances in the world of technology, we have to invest in its future – these students are the future”.

The AOIT has been gaining popularity in high schools nationwide, and for good reason; “In partnership with the community, the AOIT provides a leading edge, rigorous, career-focused education which prepares students for post-secondary education and an increasingly technology-oriented society” says Ellen Towers who heads the academy at Hoover High adding “the support from ISSA and their scholarship really helps students get started in college”.

The winning student is selected based on GPA, volunteer experience, Internships, technology courses completed, a detailed essay, and a panel interview. The award ceremony will be held at Hoover High School, 4474 El Cajon Blvd San Diego, CA 92115 and begins May 15, 2008 at 5:30 pm with a light dinner and presentation starting at 6:15 pm.

IA/Security resources, references, guides

Mon, 17 Dec 2007 15:12:12 -0800

Useful web sites (Main ones)

https://infosec.navy.mil/docs/index.jsp

http://iase.disa.mil/techguid/index.html

And these others

http://www.sse-cmm.org/lib/lib.asp

https://www.fleetforces.navy.mil/netwarcom/navycanda

https://www.us.army.mil/suite/portal/index.jsp

http://csrc.nist.gov/

http://www.nsa.gov/ia/index.cfm

http://www.iatf.net/

http://www.cert.org/

http://www.commoncriteriaportal.org/

http://www.amc.army.mil/amc/ci/matrix/policy/policy_new.htm

https://www.sans.org/about/sans.php

http://iac.dtic.mil/iatac/

http://www.cerias.purdue.edu/

http://security.sdsc.edu/

Main Statues / Directives / Guidance

Clinger-Cohen Act (CCA), 1996
Government Information Security Reform Act (GISRA), 2000
Federal Information Security Management Act (FISMA), 2002
OMB Circular A-130, 2000
DoDD 8500.01E - Information Assurance (IA), April 2007 (changed from 8500.1)
DoDI 8500.2 - IA Implementation, Feb 03
DoDI 8580.1 - IA in the Defense Acquisition System, July 04
Information Assurance Technical Framework (IATF), Sep 2000 (www.iatf.net)
GIG IA Architecture, ICD (6 Mar 06) and Strategy (and related GIAP artifacts, plans, priorities)
NSTISSP 11 - National Security Telecommunications and Information Systems Security
DoDI 8510.bb - DoD Information Assurance Certification and Accreditation Process (DIACAP)

Also see:

- DoDD 5000.1 - The Defense Acquisition System, May 03

- DoDI 5000.2 - Operation of the Defense Acquisition System, May 03

- Section 2224 of title 10, US Code “Defense Information Assurance Program”

http://iase.disa.mil/policy-guidance/index.html#DoD

Preferred Product Lists (PPL) - Generally programs should still to using PPL devices / processes in building their systems. Other than the type-1 COMSEC devices, which require individual certification letters held by the companies, the list below is probably the 90% solution without getting industry groups such as ICSA labs.

NIST FIPS 140 certifications: http://csrc.nist.gov/groups/STM/cmvp/index.html

NIST algorithm certifications: http://csrc.nist.gov/groups/STM/cavp/index.html

NIAP/Common Criteria: http://niap.bahialab.com/cc-scheme/

DISA IASE: http://iase.disa.mil/index2.html

NSA IAD: http://www.nsa.gov/ia/index.cfm

NOTE - A PPL list can range from algorithms to specific equipment configurations. For example, one radio might have FIPS approval when ordered using model number 123 and an NSA type-1 certification when ordered using model number 456. Same is true for a router, IPS,... Yet even if a device has a CC EAL-4 certification, you still need to ensure that the protection profile used and the security target meets your specific application.

DoDD 8500.01E, October 24, 2002 ( ENCLOSURE 1, REFERENCES (Continued))

(e) DoD CIO Memorandum 6-8510, "Guidance and Policy for Department of Defense Global Information Grid Information Assurance," June 16, 2000 (hereby canceled)

(f) DoD 5025.1-M, "DoD Directives System Procedures," March 5, 2003

(g) Executive Order 12333, "United States Intelligence Activities," December 4, 1981

(h) DoD Directive 5144.1, “Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer (ASD(NII)/DoD CIO),” May 2, 2005

(i) National Security Telecommunications and Information Systems Security Instruction (NSTISSI) No. 4009, "National Information Systems Security Glossary," September 20002

(j) OMB Circular A-130, "Management of Federal Information Resources, Transmittal 4," November 30, 2000

(k) DoD Directive 5000.1, "The Defense Acquisition System," May 12, 2003

(l) Sections 1423 and 1451 of title 40, United States Code, "Division E of the Clinger-Cohen Act of 1996"

(m) DoD Directive O-8530.1, "Computer Network Defense," January 8, 2001

(n) DoD 5200.2-R, "DoD Personnel Security Program," December 16, 1986

(o) DoD 5200.1-R, "DoD Information Security Program Regulation," January 14, 1997

(p) DoD Directive 5230.11, "Disclosure of Classified Military Information to Foreign Governments and International Organizations," June 16, 1992

(q) DoD Directive 5230.20E, "Visits and Assignments of Foreign Nationals," June 22, 2005

(r) DoD Instruction 5230.27, "Presentation of DoD-Related Scientific and Technical Papers at Meetings," October 6, 1987

(s) DoD Directive 5230.9, "Clearance of DoD Information for Public Release," April 9, 1996

(t) DoD Instruction 5230.29, "Security and Policy Review of DoD Information for Public Release," August 6, 1999

(u) DoD Instruction 5200.40, "DoD Information Technology Security Certification and Accreditation (C&A) Process (DITSCAP)," December 30, 1997

(v) DoD Directive C-5200.5, "Communications Security (COMSEC)," (U) April 21, 1990

(w) National Security Telecommunications and Information Systems Security Policy (NSTISSP) No. 11, "National Policy Governing the Acquisition of Information Assurance (IA) and IA-enabled Information Technology Products," January 2000

(x) DoD Directive 3020.40, “Defense Critical Infrastructure Program (DCIP),” August 19, 2005

(y) DoD 5220.22-M, "National Industrial Security Program Operating Manual," January 1995 and "National Industrial Security Program Operating Manual Supplement," February 1995

**** CJSCSI 6510.1E, Information Assurance And Computer Network Defense.

a. Joint Pub 1-02 Series, “Department of Defense Dictionary of Military and Associated Terms”

b. CNSS Instruction No. 4009 Series, “National Information Assurance (IA) Glossary”

c. DOD Directive 8500.1 Series, “Information Assurance (IA)”

d. DOD Directive O-8530.1 Series, “Computer Network Defense (CND)”

e. DOD Instruction 8500.2 Series, “Information Assurance (IA) Implementation”

f. DOD Instruction O-8530.2, 9 March 2001, “Support to Computer Network Defense (CND)”

g. CJCSM 6510.01 Series, “Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND)”

h. DOD Directive 8100.1 Series, “Global Information Grid (GIG) Overarching Policy”

i. DOD CIO Memorandum, 6 July 2006, ”Department of Defense (DoD) Information Assurance (IA) and Certification and Accreditation (C&A) Process Guidance”

j. DOD Instruction 8551.1 Series, “Ports, Protocols and Services Management (PPSM)”

k. CJCSI 6211.02 Series, “Defense Information System Network (DISN): Policy, Responsibilities and Processes”

l. CNSSP-1 Series, “National Policy for Safeguarding and Control of Communications Security Materials”

m. DOD Regulation 5200.1-R Series, “Information Security Program”

n. National Security Agency, 2003/2004, “Information Assurance Manual”

o. Title 10, United States Code, Section 2315

p. NSTISSP No. 11 Revised, June 2003, “National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology Products”

q. Title 15, United States Code, Section 278g-3

r. ASD(NII) memorandum, 28 May 2003, "Open Source Software in the Department of Defense"

s. NIST Special Publication 800-59, August 2003, “Guidelines for Identifying an Information System as a National Security System”

t. DOD Instruction 8552.01 Series, "Use of Mobile Code Technologies in DoD Information Systems"

u. NTISSP No. 200, 15 July 1987, “National Policy on Controlled Access Protection”

v. DOD Regulation 5200.2-R Series, “Personnel Security Program”

w. ASD(C3I) memorandum with amendment, 11 January 2002, “Web Site Administration, Policies and Procedures”

x. DOD Directive 5230.9 Series, “Clearance of DOD Information for Public Release”

y. DOD Instruction 5230.29 Series, “Security and Policy Review of DOD Information for Public Release”

z. DOD CIO Memorandum, 25 April 2006, "Guidance to Facilitate Information Sharing on DoD Information Technology Systems (U)"

aa. DOD Directive 1035.1 Series, “Telework Policy for Department of Defense”

bb. DOD Directive 5200.1 Series, “DOD Information Security Program”

cc. DOD Directive 5200.2, 9 April 1999, “DOD Personnel Security Program”

dd. CJCSI 3213.01 Series, “Joint Operations Security”

ee. NTISSD No. 600, 10 April 1990, “Communications Security (COMSEC) Monitoring”

ff. DOD Directive 4640.6, 26 June 1981, “Communications Security Telephone Monitoring and Recording”

gg. Title 18, United States Code, Section 2510, et seq.

hh. Title 50, United States Code, Section 1801, et seq.

ii. DISA, 4 October 2002, “Application Security Developer’s Guide, Version 1.0”

jj. ASD(C3I) memorandum, 16 January 1997, “Policy on Department of Defense Electronic Notice and Consent Banner”

kk. DOD General Counsel memorandum, 27 March 1997, “Communications Security (COMSEC) and Information Systems Monitoring”

ll. DOD Directive 8520.2, 1 April 2004, “Public Key Infrastructure (PKI) and Public Key (PK) Enabling”

mm. DOD Directive 8570.1 Series, "Information Assurance Training, Certification, and Workforce Management"

nn. DOD 8570.01-M Series, "Information Assurance Workforce Improvement Program"

oo. NSTISSP No. 101, 14 September 1999, “National Policy on Securing Voice Communications”

pp. FIPS 140-2, 25 May 2001, “Security Requirements for Cryptographic Modules”

qq. DOD CIO memorandum, 3 July 2007, "Encryption of Sensitive Unclassified Data at Rest on Mobile Computing Devices and Removable Storage Media"

rr. USSTRATCOM, 11 August 2006, "Joint Concept of Operations for Global Information Grid NetOps"

ss. DOD Directive 3020.40, 19 August 2006, "Defense Critical Infrastructure Program"

tt. DCID 6/3, 5 June 1999, “Protecting Sensitive Compartmented Information Within Information Systems”

uu. CJCSI 3213.01 Series, "Joint Operations Security"

vv. CJCSI 3121.01 Series, “Standing Rules of Engagement/Standing Rules for the Use of Force”

ww. CJCSI 6510.06 Series, “Communications Security Releases to Foreign Nations”

xx. CJCSI 6212.01 Series, “Interoperability and Supportability of Information Technology and National Security Systems”

yy. CJCSI 3137.01 Series, “The Joint Warfighting Capabilities Assessment Process”

zz. CJCSI 3170.01 Series, “The Functional Capabilities Board Process”

aaa. ASD(C3I) memorandum, 26 February 2003, “Guidance for Computer Network Defense Response Actions”

bbb. DOD Directive 8581.1E Series, "Information Assurance (IA) Policy for Space Systems Used by the Department of Defense "

ccc. Strategic Command Instruction (SI) 1009-01, 1 August 2006, "Information Assurance (IA) Implementation for Space Systems Used by the Department of Defense"

ddd. CJCSI 2300.01 Series, ”International Agreements”

eee. CJCSI 5130.01 Series, “Relationships Between Commanders of Combatant Commands and International Commands and Organizations”

fff. CJCSI 5221.01 Series, “Delegation of Authority to Commanders of Combatant Commands to Disclose Classified Military Information to Foreign Governments and International Organizations”

ggg. DOD Directive 4630.5, 5 May 2004, “Interoperability and Supportability of Information Technology (IT) and National Security Systems (NSS)”

hhh. DOD 000-151-94, 24 May 1994, “Department of Defense Intelligence Production Program (DoDIPP)”

iii. DIA message 021727Z JUN 98, “Indications and Warning for Information Warfare/Information Operations (CNA-WATCHCON)”

jjj. NSD-42, 5 July 1990, “National Policy for the Security of National Security Telecommunications and Information Systems”

kkk. Initial Capabilities Document (ICD), 6 March 2006, "Initial Capabilities Document (ICD) for Global Information Grid (GIG) Information Assurance (IA)"

lll. NSTISSD No. 503, 30 August 1993, “Incident Response and Vulnerability Reporting for National Security Systems”

mmm. Strategic Command Directive (SD) 527-1, 27 January 2006, "Department of Defense (DOD) Information Operations Condition (INFOCON) System Procedures"

nnn. CJCSM 3402.01 Series, “Alert System of the Chairman of the Joint Chiefs of Staff”

ooo. Military Extraterritorial Jurisdiction Act of 2000, 18 U.S.C. 3261, et seq.

ppp. DOD Instruction 3020.41 Series, “Contractor Personnel Authorized to Accompany the U.S. Armed Forces.”

qqq. JTF-GNO Technical Bulletin 06-005, 191500Z May 2006, "Coordinating Authorized Scanning Activity Across DOD Networks"

rrr. CJCSI 3401.01 Series, “Chairman’s Readiness System”

sss. CJCSI 3401.03 Series, “Information Assurance (IA) and Computer Network Defense (CND) Joint Quarterly Readiness Review (JQRR) Metrics”

ttt. CJCSI 6731.01 Series, “Global Command and Control System Security Policy”

uuu. Deputy Secretary of Defense memorandum, July 2000, “Use and Protection of Portable Computing Devices”

vvv. DOD Directive 8100.2 Series, "Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DOD) Global Information Grid (GIG)"

www. DOD Directive, C-5200.19, 16 May 1995, “Control of Compromising Emanations”

xxx. ASD(NII) memorandum, 2 June 2006, "Use of Commercial Wireless Local-Area Network (LAN) Devices, Systems and Technologies in Department of Defense (DoD) Global Information Grid (GIG)"

yyy. PL 104-191, 21 August 1996, Health Insurance Portability and Accountability Act of 1996"

zzz. Title 5, U.S.C., Section 552a, et seq.

aaaa. DOD Directive C-5200.5 Series, “Communications Security (COMSEC)”

bbbb. CJCSI 6510.02 Series, "Cryptographic Modernization Planning"

cccc. CJCSN 6510 Series, "Information Assurance Cryptographic Equipment Modernization Requirements"

dddd. Special Publication 800-34 Series, “Contingency Planning Guide for Information Technology Systems”

eeee. DOD Directive 5200.8, 25 April 1991, “Security of DoD Installations and Resources”

ffff. Title 44, U.S.C. Section 3542, Federal Information Security Management Act of 2002

gggg. American National Standard for Telecommunications, 28 February 2001, “Telecom Glossary”

hhhh. National Military Strategy for Cyberspace Operations, November 2006

Information Systems Auditor Sr.

Mon, 29 Oct 2007 10:56:00 -0700

Company: Scripps Health, San Diego, CA

Contact: Human Resources - esparza.veronica@scrippshealth.org

Status: Position Open

Type: Full Time

Join a dynamic organization where you will be challenged and grow with a fast-paced, technology driven, leading healthcare organization with over 11,000 employees. This position is a key member of a nationally prominent Audit & Compliance Services Department and Information Security Team. Responsibilities will include, but are not limited to: reviews of implemented clinical and business application system controls, IT general controls for key infrastructure components, and new implementation projects.

The position will lead team reviews and oversee activities or other auditors, conduct audits and review processes and safeguards to protect the organization’s information system resources and their data confidentiality, integrity, and availability, as well as assess related security system vulnerabilities for: application software systems, operating systems, telecommunication networks, disaster recovery, as well as Scripps policies, Information Technology procedures, and standards. Also, the position will provide support for compliance and investigative audit projects that are part of the annual audit plan or initiated based on new implementation projects, develop plans for remediation of internal control gaps and deficiencies, reducing costs, and or improving operational efficiency and effectiveness.

Basic Qualifications: Bachelor’s degree required in Accounting, Management Information Systems, Computer Engineering, Computer Science, or a related discipline. At least two of the certifications of CISA, CIA, and CPA designations in good standing at the time of hire are required or successful active pursuit of these designations within 12 months of hire. Required experience/Specialized Skills: Ability to evaluate and audit complex information systems and related information security safeguards. Technical knowledge of information security concepts, information technology internal controls and safeguards, technologies, system vulnerabilities, and applicable rules and regulations. Understanding of key clinical information systems and processes in an integrated healthcare delivery environment. Knowledge of the IIA professional auditing standards, as well as internal and information security control frameworks and principles. Demonstrated effective interpersonal, written, and verbal communication skills. High level of personal accountability for accuracy, attention to detail, task prioritization, and timely completion. Ability to work independently under conditions of changing priorities due to investigations and special requests; important deadlines; and rapid response to security incidents. Strong technical skills and ability to learn and deploy computer assisted audit techniques (CAAT) through ACL audit software and other tools.

Preferred Qualifications: Master's preferred.

Please send your resume together with your salary requirements. Initial salary will be commensurate with experience and qualifications. The position will remain open until filled. To apply, visit us online at:

Website: www.scripps.org

For further information, please contact:

esparza.veronica@scrippshealth.org – Human Resources

Address: Scripps Health-CP2

4275 Campus Point Court

San Diego, CA 92121

EEO/ AA

Where do I get a copy of the presentation from last month�s meeting?

Fri, 21 Sep 2007 08:25:31 -0700

Did you attend last month’s meeting and wish you had gotten a copy of the PowerPoint presentation?
Are you looking to network with other local security professionals and peers?
Are you looking to improve your own career opportunities or are trying to fill a security position within your department?
Do you want to get a discount at the next annual security conference?
Would you like a forum to discuss with your peers the latest trends in technology, Information Assurance, governance, and risk management?

These are all reasons why you should consider joining the San Diego Chapter of the ISSA. There are of course lots more benefits, so what we’ve listed here only scratches the surface. Once you become a member, you can receive a logon access to the secure portion of our chapter website where you can have full access to all of the resources described in the questions above. Click here to get more information about becoming a member.

Security Engineer

Thu, 20 Sep 2007 16:51:00 -0700

Company: Network Vigilence
Contact: Network Vigilence Human Relations hr@netvig.com
Status: Position OPEN

Title: Security Engineer - Step Up your Career into Network Security

Do you want to step up your career into one of the most challenging and rapidly growing IT professions?

Are you an experienced Network Engineer that understands how to be consultative and personable with clients?

Can work under a time crunch, figure just about anything out, and quickly learn new technologies even if it means doing it on your own time?

Have you been looking for that perfect career growth opportunity that will allow you to go to the next level, building upon your solid network experience with security expertise?

Do you have a deep interest in the world of IT security including hacking/cracking, risk assessments, penetration testing, computer forensics, Network Access Control, Firewalls, intrusion detection, security incident management, encryption, honeypots, and other security technology?

Then, this might be the perfect opportunity for you. Network Vigilance is a nationally known, 17 year-old information security firm based in San Diego, California. We excel in providing security consulting/guidance, IT risk assessments, Firewall/VPN implementations, IDS/IDP NAC, endpoint, remote access and wireless security solutions, forensic analysis, and managed security services.

We are seeking an a Senior Network Engineer, who we can develop into a competent Security Engineer, one who has excellent troubleshooting skills, is motivated to learn the security trade, can give great customer service and can perform implementation of various security products, including Check Point Cisco, Juniper, Symantec, Secure Computing, Websense, SourceFire, and others.

This individual would ideally assist with risk assessments, provide technical product support to existing clients, roll out new security deployments, baseline and tune security devices and systems, implement anti-spam and Web filtering technologies, provide end-user network technical support including occasional weekend and after hours support if necessary.

Ideal certifications would include MCSE, CCNA, CCNP, A+, N+, MCP, Citrix, VMWare, GIAC, or other security certifications, however experience is more important than certs.

An excellent background for this role would include high level network administration/network support on Microsoft Server based products, (Windows 2000/2003 Server, IIS, SQL Server, Exchange, ISA, etc.), high level system troubleshooting, Linux/Unix servers, routing and switching, deployment of enterprise firewalls, IDS/IPS, and past deployment or consulting experience with network/security products or services.

If this seems like appears like the perfect opportunity for you and please send us your resume at hr@netvig.com. Please note that there is no relocation assistance offered for this position. Also, an in-person interview if not multiple interviews in San Diego will also be required, including a technical assessment.

Security Engineer

Thu, 20 Sep 2007 11:50:11 -0700

Company: Cardinal Health

Contact: Cardinal Health Staffing chris.price@cardinalhealth.com

Status: Position OPEN

I. Basic Function:

This candidate will be a member of a cross functional security team that is responsible for the Certification and Accreditation (e.g., DITSCAP/DIACAP) of products deployed in a government setting as well as for implementing and monitoring of the Company’s information security policies and procedures to ensure that electronic protected health information (ePHI) is handled in an appropriate manner and meets all legislative requirements, such as those required by HIPAA.

II. Specific Duties, Activities, and Responsibilities:	% of time
· Develop and maintain company information security policies and procedures ensuring compliance with HIPAA security rules as well as government specific (e.g., DIACAP) rules and regulations o Perform security scans and audits of various systems in order to ensure all compliance regulations are met	30%
· Reviews updates and provides compliant specifications for operating systems, databases, and third party software as required o Ensures that all CTS products maintain status as DITSCAP/DIACAP accredited and adhere to HIPAA regulatory standards, rules, or regulations with respect to technical security of product and information within the product o Tests systems and ensures that all certified product security related issues are identified, and issues corrective actions as necessary	25%
· Advises appropriate business units on current technical security regulation o Conducts appropriate reviews, audits, and metrics of accredited products o Coordinates completion/updates for product certification and accreditation	25%
· Establishes/maintains appropriate QMS policies and guidelines for product teams o Maintains on-going lifecycle accreditation for certified products o Conducts assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information (ePHI)	15%
§ Performs special projects, assists in problem solving and quality initiatives as required	5%

III. Position Requirements:

Reports to: Sr. Security Engineer

Supervises: Self

Education or Equivalent: BA/BS in related field or equivalent combination of education and experience.

Experience/Knowledge/Skills Requirements:

· Bachelors degree in Information Systems or equivalent experience

· 6 years experience in information systems with at least 2 years focus on network security

· Experience with network/system security scanning tools

· Healthcare experience and CISSP is highly desirable

· At least two years experience administering or directing security risk management and network compliance programs

· Knowledge and expertise in Federal government regulations (DITSCAP/DIACAP, NICAP, OMB 130, DoD 5800.2 NIST 800-37, FIPS 140-1, &2, FIPS 199, HIPAA, etc).

· Being a highly motivated self-starter with the ability to handle multiple tasks

· Possess excellent conflict resolution and negotiation skills

· Demonstrate strong decision-making and problem-solving skills

· Excellent verbal and written communication skills

These are only minimum qualifications for this position at this grade level. Other factors taken into consideration when deciding what position and grade level to place an employee such as performance level, capable contribution and company need.

Work Environment: Works out of and performs primary duties in the San Diego Corporate Office.

Compensation: Competitive compensation based upon experience with an excellent benefits package.

Seeking Subject Matter Experts

Mon, 14 May 2007 17:46:00 -0700

Are you a Subject Matter Expert (SME)? Would you like to assist the chapter answering questions on your subject of expertise? From time-to-time SD ISSA receives calls from local media, schools, and businesses for our opinion, judgment, discernment on various information security topics. If you would like to be included on our SME Listing please contact Peter Bybee. Peter will follow up with you on your SME nomination. We need you're expertise to service our community.