Security Consultant

Minimum of 60 months of experience working for large IT organizations_ 

Minimum of 60 months of experience working in cyber security_ Security+, CEH, or SSCP certification. Must provide copy of certification.

Minimum of 24 months of experience developing and updating SSDLCs (Secure System Development Life Cycle) plans._ CAP, CISSP, CISM, CRISC, or GSEC certification. Must provide copy of certification._ Microsoft, Comptia, or other certification in Operating Systems, servers, Networking, SCADA security, or computer hardware or any GIAC Certification except GSEC, CEH Must provide copy of certification. Must provide copy of certification._ 

Minimum of 12 months of experience with virtualization, AV, Sharepoint, digital forensics, penetration testing, and/or networking

Minimum of 24 months of experience monitoring, analyzing, and responding to routine and critical logs and events _ 

Minimum of 12 months of experience using an industry recognized vulnerability scanning tool_ Minimum of 12 months of experience using McAfee(or a competitive product) AV, EPO, encryption_ Augment ISO staff to perform day to day operations and short / long term Information Security projects._ Perform routine security audits_ 

Respond to Multi State Sharing and Security Center (MS-ISAC) and NYS Cyber Command Center critical event notifications._ Monitoring and analysis of logs/events_ Identify trends and formulate actions for mitigation of threats._ Conduct/manage vulnerability scanning_ Advise on and implement best practices in support of NIST 800-53 and CIS Critical Security Controls compliance._ Draft new/update existing Information Security policies and procedures_ Conduct Audits of user accounts, computers, and network configurations_ Conduct ad hoc ad hoc investigations,_ Have an understanding of computer and cell phone forensics. _ Review new processes, technologies, and system designs._ 

Review vulnerability bulletins and patch releases. _ Conduct or monitor penetration testing according to procedure._ Assist in the creation and execution of the organizational information security awareness program._ Coordinate with and provide security guidance to internal departments and outside agencies_ Assist in the creation and annual review of the required SSDLC (Secure System Development Life Cycles) documentation to support the Public Safety Clusters security program_ Perform other related duties as directed by the Information Security Officer or senior leadership._ Audit Active Directory, Windows Servers, CITRIX Xen, Xen App, and Xen Server._ Backup / Recovery Planning and review_ IDS/IPS (Intrusion Detection Systems/Intrusion Prevention Systems) monitoring_ Analyze/monitor ISA proxy services