[Owasp-sanfran] Job Opportunity

Wilson Henriquez bosshog at gmail.com
Tue Apr 24 14:39:30 EDT 2007


I am posting this on behalf of our security team ( not a recruiter) ...

If you know a strong engineer experienced in application security,
C/C++/Perl/Java/Other languages, Linux, networking, etc. and who you think
might be interested in working for Kaiser Permanente, have them send their
resume my way. If you know or are an excellent developer with experience,
understands security and are interested in moving into infosec, that might
work as well. Our official job posting is below.

Job Description: Security Consultant

Acting as an internal security consultant within Kaiser Permanente, this
individual will work with various initiatives to insure that security risks
are mitigated appropriately. While projects vary, this job necessitates
skillsets across the entire spectrum of security. Typical projects begin by
engaging the business client to identify process, requirements, and
contractual risk and then subsequently insuring that the proper mitigations
are contained within the information technology stack to include
architecture, application, network, and OS level security.

Security consulting/analytical skills needed:

Must be capable of addressing security across the entire software
development lifecycle (SDLC).

Participate in projects with application architects and provide security
oversight, constructive expertise and guidance to implement appropriate
security controls that address business needs.

Scope the marketplace for application security related tools, conduct tool
analysis and provide recommendations.

Conduct in-house security reviews and analysis on software products.

Ability to advise business partners on security risk and cost/benefits of

Ability to perform threat modeling and risk management strategies.

Ability to create and influence technical security direction within at the
customer, corporate, and enterprise security levels.

Partner with external security experts (third party auditor, legal, or
vendor) to identify needs and determine solutions.

Excellent verbal, written, communication and presentation skills to all
organizational levels.

Advanced technical problem solving skills.

Ability to work within a team or as an individual

Security Skills needed

Strong application security skills is a must. The individual must to be able
to develop solutions and communicate them at a code level.

Develop various security related solutions for web based applications
primarily based in Java.

Conduct in-house vulnerability assessments and code-reviews on software
products, ASP integrations, and vendor products.

Consult with development, operations and risk management groups on technical
security issues. Facilitate trade-offs between security, operations,
usability and software functionality; provide risk assessments and
recommendations to management.

Strategically align business objectives and security strategies with
pros/cons analysis for business to manage risk.

Understand and incorporate financial trade-offs associated with threat
analysis versus investment in security mitigations.

Ability to continuously improve IT security processes and assure protection
of assets from new attack vectors and threat profiles.

Technical Skills needed:

Software development experience (combination of Microsoft and Java).

Working understanding of Web Service Security standards.

Working understanding of federated identity solutions.

Good understanding of infrastructure, server and network security. Windows,
AIX, and Cisco experience is a plus

Expert knowledge of and experience with security engineering tasks,
techniques (e.g., passwords, encryption/decryption, PKI, single sign-on),
and tools.

Experience with industry security standards such as ISO 17799, COBIT and
similar standards.

Experience with healthcare applicable security and privacy regulations such
as HIPAA, SOX, PCI, SB1386 and other federal, state and local laws.

Experience in secure application design and implementation. In particular
externally facing web-based applications

Experience in software design, software and network architecture, protocols,
and standards.

Experience with software/application security (auditing, authorization,
vulnerability checking).

Ability to translate enterprise security requirements into a technical
systems model describing the architecture and describe the architecture,
components. and interrelationships.

Familiarity with enterprise tools is required. Tripwire, Watchfire, Qualys,
and Imperva experience are a plus.


Bachelors degree in Computer Science or similar field of study, required

CISSP Certification, GIAC related certifications, preferred


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-sanfran/attachments/20070424/74623b3d/attachment.html 

More information about the Owasp-sanfran mailing list