Do you like puzzles? Are you a gamer? Did you jailbreak your iPhone or root your Droid? Do you thrive on challenges? Can you explain the difference between encoding & encryption? Do you believe work and fun are not mutually exclusive?
Then maybe, you’re the one we’re looking for. We need team players who are smart and creative, who love IT security and who want to grow with a growing company.
We are looking for the right person who is up to the challenge of working with some of the world’s leading organizations to ensure the security of their networks, applications and data.
At Pivot Point Security, we’re not necessarily looking for certifications and years of expertise. We are willing to train the right person. We’re looking for candidates who are highly intelligent, eager to learn, and cut from the finest moral fiber. While we are less concerned with skills and qualifications we will not compromise on your ability to deliver superior results.
Current Positions:
- Information Technology/Security Auditor
This position is responsible for helping to set the strategic vision for and executing the day-to-day functions that support our Information Security Auditing Practice.
Key Objectives Include:
- Provide consulting & support to clients in meeting regulatory and industry requirements around ISO-27001, Sarbanes-Oxley, PCI, HIPAA/HITRUST, FDIC, COBIT, NIST, ISO-20000, ISO-22301.
- Identify risk areas, prepare audit scope and objectives, create audit work programs, conduct fieldwork, generate reports with recommendations for control enhancements, and work closely with clients across various industries (finance, healthcare, government, energy, etc.)
- Assess compliance with information technology controls by executing audit program steps, testing infrastructure technologies, development projects, data center operations, security, and information technology related work processes; examine and analyze records, reports, operating practices, and documentation.
- Assess risks and internal operating controls by identifying areas of non-compliance and identifying operational weaknesses, inefficiencies, and issues.
- Work collaboratively with other Pivot Point Subject Matter Experts (Database, Network, Audit, System specific) in more holistic Security assessments that provide greater scrutiny including: Penetration Testing, Code Review, Information Systems Auditing (control environment) to ensure the security of the application as a whole.
- Work collaboratively with PPS’s marketing, sales, and product development professionals to ensure that your industry and Subject Matter Expertise is reflected in our marketing materials, sales proposals, and service offerings.
- 10% – 35% travel required.
Beneficial Competencies & Experience Include:
- Excellent communication (including verbal and written), organizational, and project management skills.
- Knowledge of Information Technology/Security regulations/frameworks (ISO-27001, SOX, PCI, HIPAA, NERC COBIT, NIST, HITRUST, ITIL, ISO-20000, ISO-22301).
- Information Security Assessment / Tiger Team
Key objectives of the role include:
- Perform Network and Application Penetration testing from both external/internal perspectives against business critical systems for leading organizations across diverse market segments including: government, financial, medical, and F1000.
- Work collaboratively with other Pivot Point Subject Matter Experts (Database, Network, Audit, System specific) in more holistic Security assessments that include Penetration Testing, Code Review, Information Systems Auditing (control environment).
- Help advance a leading edge, custom designed Security Information Event Management solution that auto magically identifies anomalous activity.
We are looking for multiple people. Pluses include:
- General Security Knowledge (Vulnerability Assessments, Penetration Testing, Secure Network Architecture, Security Event Management, Cryptography)
- System Administration Knowledge (Linux, Windows, Exchange, SQL Server, Oracle).
- Networking Knowledge (Routing, VLAN’s, VPN’s)
- Auditing Knowledge (ISO27001, NERC, HIPAA, PCI-DSS)
- Programming Knowledge (Java, Perl, .Net, Flash, SQL, HTML, JavaScript, etc.)
- Security Consultant - Application Security Focus
This position is responsible for helping to set the strategic vision for and executing the day-to-day functions that support our Application Security Practice Area.
Key objectives of the role include:
- Refine/advance our Application Testing Methodology and Reporting consistent with OWASP guidance.
- Conduct Application Vulnerability Assessment/Penetration Testing efforts against business critical systems containing high risk data for leading organizations across diverse market segments including: government, financial, medical, and F1000. Identify and document application level vulnerabilities (e.g., SQL injection, cookie poisoning, buffer overflows, Cross Site Scripting). Provide clear and actionable remediation guidance.
- Work collaboratively with other Pivot Point Subject Matter Experts (Database, Network, Audit, System specific) in more holistic Security assessments that provide greater scrutiny including: Penetration Testing, Code Review, Information Systems Auditing (control environment) to ensure the security of the application as a whole. Jointly identify, document and provide remediation guidance at a holistic level
- Program new requirements for a leading edge, custom designed Security Information Management solution that gathers 100M+ security events per day (firewalls, VPN, IDS) from dozens of clients.
- Lead Application Design and/or code reviews of mission critical applications with high risk profiles for governmental and financial institutions. Leverage your expertise in disparate technologies including; cryptography, Java, J2EE Application servers, ERP, RDBMS. etc.
Beneficial Experience Includes:
- Development experience in one or more of the following: JAVA, .NET. Perl, PHP, Flash, SQL.
- Excellent communication (including verbal and written), organizational, and project management skills.
- Knowledge of Information Security and/or regulatory compliance frameworks (e.g, Sox, HIPAA, NERC, ISO27001)
- Security Consultant - SIEM Focus
This position is responsible for helping to set the strategic vision for and executing the day-to-day functions that support our Application Security Practice Area.
Key objectives of the role include:
- Work with IT Security & Compliance personnel to understand SIEM requirements and translate them into a solution
- Develop Reference SIEM Architectures based on client requirements
- Design and deploy SIEM tools (e.g., Alien Vault, OSSIM, Sentinel) for mid-tier through F50.
- Develop supporting SIEM processes including: incident management, knowledge Management, compliance monitoring and reporting
- Act as Level3 SOC analyst to support clients staff.
- Participate in Incident Investigations at the clients direction.
Beneficial Experience Includes:
- General Security Knowledge (Vulnerability Assessments, Penetration Testing, Secure Network Architecture, Security Event Management, Cryptography)
- Knowledge of OSSIM, Alien Vault, and Sentinel
- Networking Knowledge (Routing, VLAN’s, VPN’s)
- Auditing Knowledge (ISO27001, NERC, HIPAA, PCI-DSS)
- Programming Knowledge (Java, Perl, .Net, Flash, SQL, HTML, JavaScript, etc.)
- Compliance Knowledge (PCI-DSS, SARBOX, ISO-27001, HIPAA)
Above & beyond your base salary, we offer a bonus plan, medical, dental, vision, HCFSA, 401K w/ company contribution, 529 College Savings, Adoption assistance, vacation and personal days.
If you have an enthusiasm for technology and enjoy working on multiple projects in a dynamic environment – then Pivot Point Security may be the right place for you.
