One of SGAs major financial clients is seeking an IT Security Professional as a full-time employee in Florham Park, NJ.

The individual is a contributor to implement and execute a program that monitors, detects, and responds to information security threats, vulnerabilities and incidents as well as application security issues. This individual identifies, analyzes, and responds to current threats to and vulnerabilities of the companys information assets. The individual must also perform intelligence gathering to collect information about the business and determine whether there are potential information leaks, threats, trademark infringements, criminal activities, or other items that may present a risk to the company. In addition, the individual must be versed in application security, secure coding techniques, and remediation techniques.

Responsibilities:  


* Strong working knowledge and experience in Information Security, policies, standards, technologies, and industry best practices

* Application vulnerabilities (SQL injection, XSS, Buffer overflow, DDOS, MIM, Session hijacking, etc.)

* Multi-Factor Authentication Implementation

* Penetration tools and techniques

* Static code scanners

* Coordinate application and infrastructure vulnerability assessments with vendors, clients, and internal groups

* Strong experience in analyzing and prioritizing threats and vulnerabilities

* Demonstrated expertise in designing and coordinating testing of applications and infrastructure.

* Knowledge of current vulnerabilities and threats

* Strong experience in a security incident response program, participating in forensic investigations, and legal-evidentiary handling requirements

* Ability to respond effectively and be level-headed in crises, providing clear leadership in incident management

* Participate in security related committees, workgroups, and projects

* Ability to read and interpret laws and policies and apply them

Required Skills:  


* 5 years in Information Security

* Application Security

* CISSP, CEH or equivalent

* Strong working knowledge and experience in information security and privacy laws, policies, standards, technologies, and industry best practices

* Designing and conducting testing of systems and IT security controls (ethical hacking/pen testing, vulnerability scans, etc.)

* Be able to maintain current knowledge of hacking techniques, vulnerabilities and threats

* Strong experience in executing a corporate CSIRT program, conducting forensic investigations, and legal-evidentiary handling requirements

* Must be able to respond effectively and be level-headed in crises, providing clear leadership in incident management

* Must be an intelligent, highly organized, articulate, professional and persuasive leader who can serve as an effective member of the Global Information Security Office, appropriately represent the Global Information Security Office to Management, and has ability to communicate information security-related concepts to a broad range of technical and non-technical staff