Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Jobs: [SJ-JOB] Security System Administrator, San Jose

[SJ-JOB] Security System Administrator, San Jose

From: <kellycollier_at_thegoalinc.com>
Date: 20 May 2008 22:19:24 -0000
('binary' encoding is not supported, stored as-is) ---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------

JOB DESCRIPTION
---------------------------------------------------
Position: Security System Administrator
Location: San Jose, California, United States
Type: Contract

Closing Date: 2008-06-17

Project Name: Risk Management Analyst &#150; Skybox Security Administrator
Duration: 8 months (thru Dec. 31, 2008 &#150; strong probability to extend through 2009)
Location: San Jose, CA (requires a local resource)

Job Duties:
Client Security has implemented a program utilizing the Skybox Security tool for a customer in San Jose, CA. Based on the dynamic nature of the Skybox system there are ongoing operations and analysis that need to be performed on a daily basis. Client Security was contacted by the customer to provide assistance and has outlined the list of work that will be completed on a week over week basis in support of the current Skybox infrastructure.

The resource for this position will perform the following tasks:

o Running Attack Analysis
The attack analysis can be scheduled to run on its own however the analysis of new threat sources and attack patterns needs to be a human review.

o Remediation of disconnected networks or devices
While in its current state Skybox has been setup to import new configurations and hosts from the vulnerability scanners, there are times when new configurations will arrive and not be connected to the rest of the cloud. Client Security consultants will search out these configurations and review them to ensure they are properly attached to the map, host groups, and geographic locations.

o Removing Inactive Items
Based on the way that current operations groups build replacement devices the automated Skybox configuration fetch process captures both the live device configuration as well as the new system that is being built up. This import task will require daily monitoring as it may create large numbers of false positives in the analysis phase. In addition to the new systems, old systems configurations are often kept on cold standby for many weeks while the production burn-in cycle is completed.

o Report generation
With all the daily imports and configuration changes there are also a number of reports that customer will want to have generated out of the product. The Skybox administrator will set these reports to run on the frequency that is needed and ensure that new reports are created and delivered to the correct people.
o Identifying new Internet connections
Skybox currently relies on its administrators to set certain router interfaces to be show as connected to the Internet. While these connections do not change that often it is imperative that the Skybox administrator work with the network engineering team to ensure any new connection show as an internet connection.

o Investigating Anomalous Configurations
With all the data that is being pumped into Skybox it is easy to see mis-configurations that would create a high risk situation. These oddities need to be investigated from a security standpoint and documented to ensure that the Information Security team is aware of them. If on the other hand these anomalies are not something that the team knows about or are outside the approved security configuration then remediation tickets can be created for the operations teams.

o Notification of significant risk profile changes
Once the attack simulation is being run on a daily basis it will be important to review the daily risk profile metrics and investigate any significant changes. Changes may be because of a mis-configuration or a reporting error, but either way it is important to be able to investigate the delta and ensure that significant changes are properly reported into the team.

o Identifying and adding new threat origins
The current model is setup and has a few very basic threat origins including the Internet, an internal worm outbreak and a disgruntled employee. As new vulnerabilities arise it will be important to run new attacks vectors against the data to understand how the new threats might affect the environment.

o Review of attack analysis data
Daily analysis of the attack maps and the threat landscape will be necessary to ensure that the system is running properly and that no emerging threats have been discovered.

o Compliance Analysis and Support
Throughout the year Skybox can be used to check for regulatory and policy compliance. The skybox system can work with the compliance group to be sure that all systems are meeting compliance throughout the year as well as to ensure that the list of system within scope of the regulatory body is kept up to date. The Skybox administrator can work with the auditor to show the compliance of the systems as well as properly determined the audit boundaries. The setting of boundaries early in the audit will save Information Security from having to answer questions that are outside these boundaries and as such irrelevant to the audit.

o Business units, assets, host group maintenance
As the business changes, new applications and business units are added and assets are brought online, the Skybox administrator will ensure that these new systems will be grouped appropriately. This grouping will ensure that new systems have proper policies applied to them as well as the generated reports are delivering the most current data about the environment.

o Zones and Policy Maintenance
While the policy development team is creating policies it will be important to test these new policies within the environment to understand the impact on the organization. New policies and updated policies will need to be translated into Skybox such that these policies can be enforced and outliers reviewed.

JOB REQUIREMENTS
---------------------------------------------------
Qualifications:

The candidate must be able to demonstrate:

&#149; Experience with Skybox is strongly desired, but not mandatory
&#149; Strong Network Security & Information Security knowledge and experience
&#149; Familiarity with security technologies including but not limited to firewalls, IDS/IPS, vulnerability assessment tools, Security Event Management (SIM), etc.
&#149; Familiarity with networking technology including routers and switches
&#149; Certifications like CISSP are nice to have.
&#149; 3-4 years of information security experience
&#149; Prior experience working in an information security consulting role
&#149; Good communication skills are necessary. The candidate Must be able to effectively communicate with the client:
o Must be able to work well with customers.
o Good writing and documentation skills
o Ability to take direction, ask appropriate questions, and work independently

Effective communication is key to all positions!

CONTACT
---------------------------------------------------
Send resume and telephone-number to kellycollier_at_thegoalinc.com

The Goal Inc.
Kelly Collier
Account Manager
kellycollier_at_thegoalinc.com

---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.

http://www.securityfocus.com/jobs
Received on May 20 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]