AIS consultants are experts in information systems security, network design and engineering, systems engineering, auditing, digital forensics and ethical hacking. Our clients have included government agencies, Big Four accounting firms, Fortune 100 companies, law firms, small businesses, and private citizens.

Principle Network Security Architect (Contracting Consultant)

You will be responsible for architecture and security technology evaluations/recommendations to clients specifically focused on application development and cloud technologies. You will work in conjunction with lead security architects to evaluate, plan and develop enterprise security technology and security architecture strategy on a project by project basis.

You will be responsible for helping to define best practices, writing policy/standards and driving adoption of new application and cloud architectural designs for clients. You will deliver cloud architectural guidance and conduct regular security consultancies for clients. You will also regularly collaborate with the business and clients to address cloud security and compliance challenges and engage in a wide variety of cloud security-related projects and initiatives.

Qualifications

• Master's degree or Bachelor's degree and years of demonstrable work experience equivalent to or exceeding Master's degree knowledge.
• Ten or more years of relevant work experience in IT security architecture, compliance, and risk management.
• CISSP, CISM, GSEC or AWS Certified Architect.
• 6+ years of experience with standard LAN/WAN/Cloud technologies.
• 6+ years of experience with security including architecture or security management, user, platform and device authentication, and various levels of access controls and authorization, enterprise directories and their integration with other systems in a large, complex environment.
• Experience with enterprise class security products such as Identity Management, Web Access Management and Single Sign On.
• Expertise in application development and dev-ops security technologies and integration such as code scanning, vulnerability analysis, and security for automated deployments.
• Demonstrated knowledge of infrastructure security, including windows, Unix/Linux, desktop/laptop, and mobile security, as well as knowledge on cryptography and PKI.
• Demonstrated ability to think strategically about business, product, and technical challenges.
• Experience with a wide range of IT system components including architecture, authentication, connectivity, system hardware and software components, virtualization, cloud computing, and mobile.
• Ability to manage relationships with other business units, external vendors and stakeholders when IT security risks are present and system or process changes must be made to mitigate risk.
• Working knowledge of IT process modeling to determine risk to corporate systems.
• Working knowledge of application security, including Web Services and SOA, as well as Agile and DevOps, Mobile security and mobile development.
• Proven understanding of security for structured databases and unstructured data, such as access controls, encryption, monitoring and others.
• Experience within the transformation of traditional data center security measures into industry adopted cloud technologies like Amazon Web Services, Azure, etc.
• Proven ability to work with compliance frameworks and requirements such as PCI, HIPAA, SOX etc.
• Demonstrated knowledge on threat landscape, security threat and vulnerability management, and security monitoring and analytics.

Application Penetration Tester (Intern)

Seeking a motivated InfoSec student to learn and grow with our company. We are an equal opportunity company.

responsibilities

• Perform hands-on application security penetration testing and help design and improve the security testing artifacts and process

• Create security test plans and test cases; present test findings and interface with stakeholders

• Provide guidance to developers on recommended controls and countermeasures

• Develop detailed work plans, schedules, resource plans for recurring penetration tests and act as liaison with external third party penetration testers

• Establish and report on metrics to gauge pen testing effectiveness, progress and key risk areas identified through audits, as well as monitor remediation activities

• Maintain awareness of the current security threat landscape

Qualifications

• Must be in an accredited degree seeking program in Information Security or a related field.

• Must be willing to learn and perform the following in a team setting, following the lead of an experienced mentor.

• Preferred:
  • Experience with commercial application scanning tools such as Fortify or NTOSpider, as well as in-depth knowledge of proxying tools such as Paros, Burp, and WebScarab
  • Web application penetration testing experience and familiarity with common penetration testing tools
  • Someone seeking certification as GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), or Certified Ethical Hacker (CEH)
  • Someone willing to work toward other professional certifications such as CISM, CISSP or equivalent is preferred

Apply