This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Information Security Manager - Controlscan

From OWASP
Revision as of 14:57, 19 August 2010 by KateHartmann (talk | contribs) (Created page with ''''Information Security Manager''' ''' Description''' The Information Security Manager oversees the consistency and quality of security services delivered by ControlScan, while …')

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Information Security Manager Description

The Information Security Manager oversees the consistency and quality of security services delivered by ControlScan, while directly leading the delivery of the more complex commitments to customers. These services are primarily related to merchant compliance with the PCI DSS, but also include more in-depth security assessments on an engagement basis. Specifically, the position provides oversight of the company’s network and web application vulnerability scanning, ultimate decisions on the acceptance of false positive claims, guidance on vulnerability remediation, and leadership in the area of security policy formulation and implementation. Internally, the Information Security Manager ensures that ControlScan has appropriate security policies, procedures, and infrastructure implemented, and that it meets all requirements for security-related designations and certifications.

Responsibilities

• Assess and disposition customer vulnerability false positive claims that have been escalated by the support team; determine course of action to resolve ambiguous vulnerability situations

• Act as the ultimate go-to resource for security-related issues and questions – both generated internally and submitted by customers and partners

• Lead the ongoing improvement of scanning support processes

• Develop the skills of ControlScan security analysts; provide introductory and ongoing network and web application security training to security analysts

• Validate the scoping of complex vulnerability and web application scanning engagements

• Lead the ongoing evaluation and implementation of security tools and systems utilized by ControlScan

• Lead the efforts related to maintaining ControlScan’s Approved Scanning Vendor designation

• Ensure the quality of penetration testing engagements and their deliverables; assist in delivery of engagements as needed

Qualifications and Skills

• Minimum 5 years experience in information security

• Direct, hands-on experience assessing both network and web application vulnerabilities through scanning and manual penetration testing

• Extensive experience with web application security and zero-day exploits

• Thorough knowledge of Nessus (or similar tool) feeds

• Experience in employing commercial and open-source test tools

• Ability to work both as an individual contributor and as a team lead – experience managing others

• Strong oral and written communication skills

• Experience with system/network administration – particularly network security technologies (IPS/IDS, firewalls, policy management); Windows network administration experience

• Extensive familiarity with network concepts (TCP/IP, layers, routing, etc.)

• Working knowledge of vulnerability research resources

• Working knowledge of penetration testing methodologies and best practices

• Working knowledge of open security testing standards and projects, including OWASP

• CISSP, CISA or CISM certification, or alternatively, a specific plan for reaching certification

• Knowledge of PCI DSS and Approved Scanning Vendor (ASV) requirements a strong plus

• Formal ethical hacking a plus

• Software development and/or scripting skills a plus

How to apply: Send resume and cover letter to [email protected]

Retrieved from "https://wiki.owasp.org/index.php?title=Information_Security_Manager_-_Controlscan&oldid=87785"