Current Openings
ControlCase LLC
Job Title: Associate Vice President – Information Security Audits
Location: 12015 Lee Jackson Memorial Highway, Suite 520, Fairfax, VA 22033
Duties: Responsible for developing and implementing client specific compliance certification methodology and processes to effectively manage the client certifications to meet the organizational objectives. Perform Final PCI DSS Certification audits for clients with complex payment environments. Interface with clients (onsite/remote) to review and analyze complex systems (Applications, Operating systems, Databases, and Network/Security devices, Log review), to identify risks and vulnerabilities within the client environments. Perform Risk assessment, review vulnerability assessment reports and penetration testing reports. Perform onsite assessments for compliance requirements pertaining to PCI-DSS, HITRUST, ISO 27001, SCA/AUP. Perform client assessments and deliver final reports for cyber security regulations and frameworks like Hi-Trust, HIPPA, GDPR, ISO 27001, Privacy shield, Shared Assessments (AUP/SCA), EI3PA. Train and lead workshops PCI/DSS and awareness for clients and their vendors/merchants/service providers as needed for compliance with PCI DSS. Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations.
Work Schedule: 9am to 5pm, 40 hours a week.
Job Requirements: Bachelor’s degree (U.S. of foreign equivalent) in Computer Science, IT, Electronic Engineering or related and five (5) years of experience in the job offered or in a related role. Must have five (5) years of experience with: cybersecurity standards such as ISO 27001, HITRUST or PCI-DSS; network security testing and vulnerability assessments; cybersecurity assessments on cloud, including AWS, Azure, and Google; encryption and key management review; Risk Assessment, Risk management, Risk treatment, and Control implementation; ISO 27001 Implementer or auditor; assessment and configuration review for the following platforms: Firewalls (Cisco ASA, Checkpoint, Juniper, Palo Alto, FortiGate, WatchGuard, SonicWALL), Routers, Switches, Load Balancers, IDS/IPS, Windows Servers, Linux Servers, Unix Servers, IBM Mainframe Z Systems, Amazon Web Services, VMware and Oracle and SQL database; application Security; logging and monitoring, SIEM log review; preparing compliance reports; and reviewing vulnerability assessment and penetration test reports. Position also requires PCI DSS Certification. Travel required up to 50% of the time.
QUALIFIED APPLICANTS: Please email resume to jobs@controlcase.com
IT Security Assessor – UK/Europe Based
The IT Security Assessor performs security assessments of client’s IT environments against various industry standards and regulations including PCI, HITRUST, ISO 27001/2, HIPAA, SOC, GDPR and others. The IT Security Assessor performs these assessments both remotely and at client sites, gathering evidence of controls in place to assess the controls and identify gaps. The Assessor works with the client in a partnership model, and other ControlCase teams, over the life of the project to ensure that security controls are appropriate, and compiles the information gathered in a final assessment report. This Assessor should be based in the UK/Europe.
Responsibilities
- Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks and vulnerabilities within the client environments
- Able to analyze sensitive data flows (business and application data flows) and accordingly identify the risks to sensitive data
- Provide in-house training to clients on security awareness
- Work independently to collect, consolidate and analyze evidences of client’s compliance and meet the internal quality assurance requirements
- Use various automates tools provided by ControlCase to collect evidences and generate reports, and provide feedback to technology department
- Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations
- Travel to client sites as needed
Desired Skills
-
- Bachelor’s degree in telecommunications or in computer science. A specialization in information assurance is preferred
- 4 – 6 years’ overall experience in information security
- Ability to review network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) configurations and analyze network architectures
- Ability to review system hardening (Servers/ Virtualization Devices/ Cloud Infrastructure/ Databases) standards
- In-depth knowledge in IT Security Policies and Procedures that govern client’s Information Security and Privacy programs
- In-depth knowledge and experience in IT Security, including access controls, network security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption and key management best practices etc.
- In-depth knowledge and experience with PCI DSS, Risk Management Standards (OCTAVE/ NIST/ISO), HIPAA, or HITRUST standards.
- HITRUST CCSFP Certification will be an added advantage
- Knowledge of Privacy Controls is desirable
- At least one certification from each group is preferred: Group 1- CISA, CIA, ISO27001 Lead Auditor, Group 2- CISSP, ISO27001 Lead Implementer, CISM.
- Good knowledge of common office tools
- Excellent in English and French – written and spoken
- Good project management and time management skills
What You Need To Do Now
If this looks like an opportunity you’d be interested in right now, please share your updated resume at akirtikar@controlcase.com, mentioning the position title in the subject line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.
IT Audit Manager (QSA)
The IT Security Audit Manager leads security assessments of client IT environments against various industry standards and regulations including PCI, HITRUST, ISO 27001/2, HIPAA, Sarbanes-Oxley, and others. The Audit Manager (QSA) works with the client, and other ControlCase teams, over the life of the project to ensure that security controls are appropriate and compiles the information gathered in a final assessment report.
RESPONSIBILITIES
-
-
- Leads execution of multiple concurrent technology assurance and project audits primarily as engagement supervisor in accordance with rigorous policy and work paper standards and within tight timeframes
- Assesses key risks and controls and designs innovative and appropriate broad based coverage across a technology and/or business activity, exhibiting exceptional judgment regarding issue identification, issuing draft findings to client management, and drafting and issuing final audit reports with limited guidance
- Functions as a team leader and is an expert at organizing and leading teams/projects, helping recruit/hire candidates, and on-boarding, training, providing interim performance feedback and helping coach those team members
- Transfers knowledge and understanding of audit methods and critical/complex business information
- Develops valuable and trusting relationships with internal business partners by executing efficient audit work and offering suggestions to enhance risk management based on an enterprise-wide view of technology risk management
- Managing certification projects along with team to ensure clients meet their compliance and certification goals
- Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks, exposures, define and implement compensating controls
- Work independently to collect, consolidate and analyze information required for the evaluation of security controls and gaps
- Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI, HITRUST, ISO 27001/2, HIPAA, SOC2, etc.)
- Extensive travel to client sites as needed
-
DESIRED SKILLS
-
-
- At least 7-8 years of experience in an IT security audit, assessment, and/or compliance role
- Strong knowledge of the PCI-DSS security standards
- Current or former PCI-QSA certification, with experience preparing and presenting Reports on Compliance (ROCs)
- Strong background in auditing IT Security controls. Demonstrated leadership and the ability to successfully manage multi-functional or diverse areas
- One of the following certifications is must: CISM, CISSP, CISA
- Ability to travel up to 60% annually
- Excellent project management and time management skills. Capable of tracking and executing numerous parallel activities, work efficiently and independently with minimal supervision
- Self-motivated and self-enabler
- Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
- Outstanding problem solving and analytical skills with ability to turn findings into strategic imperatives
- Ability to communicate effectively, in both written and verbal formats, with senior executive-level leaders
-
WHAT YOU NEED TO DO NOW
If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.
PCI Qualified Security Assessor (QSA)
Location – 12015 Lee Jackson Memorial Highway, Suite 520, Fairfax, VA 22033
DUTIES: Perform IT security assessments and audits for organizations in the Payment Card Industry as per security audit standard defined by Payment Card Industry Security Standards Council (involving VISA, MasterCard, Amex, and Discover). Perform computer security reviews for perimeter security devices such as firewalls, IDS/IPS and configuration review for systems such as servers and databases. Carry out IT risk assessment for organizations as per industry best practices (such as IS027005, Octave, NIS1). Perform Business Impact Analysis (BIA) and review for business continuity management of organizational critical services and operations. Conduct IT security awareness training for the organizations as part of their IT Governance, Risk and Compliance requirements. Develop improvements for quality and cost reduction for assignment related to PCI DSS, PA DSS and quality assurance of the ROC. Conduct technical security audits for the payment applications to ensure they are not vulnerable to intrusions through internal or external users. Carry out vulnerability assessment and penetration testing for organizational internal and external networks for security compliance. Handle data discovery within the network under audit for PCI DSS Certification. Analyze logs from computer systems security prospective for the network under audit for PCI DSS Certification.
Work Schedule: 9am to 5pm, 40 hours a week.
POSITION REQUIREMENTS: Master’s degree (US or foreign equivalent) in Computer Science, Information Technology, Engineering Management, or related field and five (5) years of experience in the job offered or in a related role OR Bachelor’s degree (US or foreign equivalent) in Computer Science, Information Technology, Engineering Management, or related field and seven (7) years of experience in the job offered or in a related role. Must have five (5) years of experience with: Designing and performing IT and infrastructure audits related to information security policy, regulations, governance, and other security-related provisions and best practices; Contributing, developing and executing audits to find gaps in software, configurations, policies, procedures, and processes; Network security testing and vulnerability assessments; Encryption and key management review; Risk Assessment; Assessment and configuration review for the following platforms: Firewalls (Cisco ASA, Checkpoint, Juniper, Palo Alto, Fortigate, Watchguard, Sonicwall), Routers, Switches, Load Balancers, IDS/IPS, Windows Servers, Linux Servers, Unix Servers, IBM Mainframe Z Systems, Amazon Web Services, VMware, Oracle and SQL database, and Core Banking; Application Security; SIEM log review; Preparing compliance reports; and Reviewing vulnerability assessment and penetration test reports. The position also requires the following certifications: CISM – Certified Information Security Manager; CISA – Certified Information System Auditor; and Certification as a Payment Card Industry (PCI), Qualified Security Assessor (QSA). Position requires travel up to 50% of the time.
QUALIFIED APPLICANTS: Please email resume to jobs@controlcase.com
IT AUDITOR
The IT Security Auditor performs security assessments of client IT environments against various industry standards and regulations including PCI, Hitrust, ISO 27001/2, HIPAA, Sarbanes-Oxley, and others. The IT Security Auditor performs these assessments both remotely and at client sites, gathering evidence of controls in place to assess the controls and identify gaps. The Auditor works with the client, and other ControlCase teams, over the life of the project to ensure that security controls are appropriate and compiles the information gathered in a final assessment report.
RESPONSIBILITIES
-
-
- Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks, exposures, define and implement compensating controls
- Work independently to collect, consolidate and analyze information required for the evaluation of security controls and gaps
- Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI, Hitrust, ISO 27001/2, HIPAA, Sarbanes-Oxley, etc.)
- Extensive travel to client sites as needed
-
DESIRED SKILLS
-
-
- Bachelor’s degree in telecommunications or in computer science. A specialization in information assurance is preferred
- 3-5 years’ experience in IT security operations
- In-depth knowledge and experience in IT Security and Telecommunications, including access controls, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, etc.
- In-depth knowledge and experience with ISO 27000 series, PCI DSS, HIPAA, SOX and risk analysis methodologies and security standards
- The following certifications are an asset: CISSP, CISM and CISA
- Good knowledge of common office tools
- Proficient in English – written and spoken
- Good project management and time management skills
-
WHAT YOU NEED TO DO NOW
If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.
CaaS – SECURITY TESTING CONSULTANT (LOCATION: MUMBAI, INDIA)
The IT Security Auditor performs security assessments of client IT environments against various industry standards and regulations including PCI, Hitrust, ISO 27001/2, HIPAA, Sarbanes-Oxley, and others. The IT Security Auditor performs these assessments both remotely and at client sites, gathering evidence of controls in place to assess the controls and identify gaps. The Auditor works with the client, and other ControlCase teams, over the life of the project to ensure that security controls are appropriate and compiles the information gathered in a final assessment report.
RESPONSIBILITIES
-
-
- Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for our global clients
- Review and define requirements for information security solutions
- Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications)
- Participate in Security Assessments of networks, systems and applications
- Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets
-
DESIRED SKILLS
-
-
- Familiarity with vulnerability scanning techniques
- Experience with various security tools and products like Nessus, Nexpose, Metasploit, nMap
- AppScan, BurpSuite, Wireshark and tools available on Kali Linux
- Broad expertise with multiple operating systems such as Linux and Windows, and network services (HTTP, Databases, etc.) and their inherent security issues
- Vulnerability analysis and application reversing skills
- Understanding of cryptography principles
- Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats
- Proficient in the use of word processing and spreadsheet based toolsets
-
WHAT YOU NEED TO DO NOW
If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.
Full Stack Developer (Location – Mumbai, India)
We are looking for Ruby-on-Rails and PHP full stack Developers who have a flair for building enterprise application and willing to take up challenging assignments. This position is in the Mumbai, India.
RESPONSIBILITIES
-
-
- Should be committed to meet the teams/projects objectives
- Write clean, maintainable and efficient codes
- Follow industry standards of code writing and documentation
- Design robust, scalable and secure features
- Should be able to work in agile development environment, where we build, test and release modules/features as building blocks
- Contribute in all phases of the development lifecycle
- Should be passionate upcoming technologies and new features
- Should communicate to team and management what new and better can be done
-
DESIRED SKILLS
-
-
- Bachelor’s degree in telecommunications or in computer science with 2-3 years’ experience
- Experience as a Ruby on Rails and PHP full stack developer (Frontend, Middleware, databases and related services)
- Should have worked on end to end implementations. Own features from start to finish: test, development, deployment, and infrastructure
- Demonstrable good knowledge/experience of front-end technologies such as JavaScript, HTML and CSS
- Experience developing highly interactive applications
- A firm grasp of object oriented analysis and design
- Passion for writing great, simple, clean, efficient code
- Good knowledge of relational databases
- Working knowledge of NoSQL, MySQL databases
- Experience with Linux-based infrastructures and AWS and it’s services like Lambda, S3, SES, SNS, SQS, RDS, Auroara, DynamoDB etc. will be an added advantage
-
WHAT YOU NEED TO DO NOW
If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.
DevOps Engineer (Location – Mumbai, India)
We’re in search of a DevOps Engineer who’s ready to help us improve our customer experience by building functional systems. You’ll need to have strong experience in Amazon Web Services, because you’ll be creating terraform, cloud formation templates to build AWS services to support custom PHP and Ruby applications—which means you’ll need to be fluent in PHP and Java too. As a DevOps Engineer, you’ll also be working in conjunction with like-minded departments such as product engineering to deploy these new products and manage our infrastructure, associated processes and systems. It’ll definitely help for you to be detail-oriented and a skilled problem solver, because you’ll also be helping us to streamline our processes—and automating them where applicable. This position is in the Mumbai, India.
RESPONSIBILITIES
-
-
- Bachelor’s degree in telecommunications or in computer science with 2-3 years’ experience
- Effectively manage and assign projects as necessary while lending support to the team
- Building and maintaining tools, solutions and micro-services associated with deployment and our operations platform
- Actively troubleshoot any issues that arise during testing and production, catching and solving issues before launch
- Test our system integrity, implemented designs, application developments and other processes related to infrastructure, making improvements as needed
- Update our processes and design new processes as needed
- Deploy product updates as required while implementing integrations when they arise
- Automate our operational processes as needed, with accuracy and in compliance with our security requirements
- Specifying, documenting and developing new product features, and writing automating scripts
- Establish DevOps Engineer team best practices
- Manage code deployments, fixes, updates and related processes
- Work with CI and CD tools, and source control such as GIT
- Offer technical support where needed, developing software for our back-end systems
- Stay current with industry trends and source new ways for our business to improve
-
DESIRED SKILLS
-
-
- Strong experience with Linux-based infrastructures, Linux/Unix administration, Terraform and AWS and it’s services like Lambda, S3, SES, SNS, SQS, RDS etc.
- Strong experience with databases such as MySQL, Redis, Aurora, and DynamoDB
- Knowledge of scripting languages such as JavaScript, Ruby, Python, PHP, Bash
- Experience with project management and workflow tools such as Agile, Scrum etc.
- Experience with open-source technologies and cloud services
- Experience in working with Puppet for automation and configuration
- Strong communication skills and ability to explain protocol and processes with team and management
- More than two years of experience in a DevOps Engineer role (or similar role); experience in software development and infrastructure development is a plus
- Current with industry trends, IT ops and industry best practices, and able to identify the ones we should implement
- Time and project management skills, with the capability to prioritize and multitask as needed
-
WHAT YOU NEED TO DO NOW
If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.