ControlCase

Compliance as a Service

You are here: Home / Company / Careers

Current Openings

Senior VP Global Certification 

RESPONSIBILITIES

  • Mange profit and loss of the certification division including revenue retention and budget management.
  • Ensure gross margins and revenue growth of certification division.
  • Manage global customer retention and delivery satisfaction level per business requirement.
  • Develop and implement compliance certification methodology and processes to effectively manage the client certifications to meet the organizational objectives.
  • Manage and maintain staff by recruiting, selecting, orienting, and training employees.
  • Develop the functional scorecards for entire team based on the individual work profile.
  • Perform Final PCI DSS Certification audits for clients with complex payment environments.
  • Develop and implement various security audit framework, processes and metrics in the areas of Operational Security, Compliance and Risks Management. Assess payment applications with POI devices, mobile applications, and secure cryptographic devices such as HSM and encryption / key management solutions.
  • Perform client assessments for HITRUST, HIPPA, ISO 27001, FISMA, Shared Assessments (AUP), EI3PA. Train and lead workshops on PCI/DSS and awareness for clients and their vendors/merchants/services providers as needed for compliance with PCI DSS/PA DSS.
  • Provide continuous trainings in the area of security and compliance to team members for their skills development.
  • Perform P2PE Certification audits for customers with complex payment and encryption systems.
  • Perform PA DSS Certification audits for customers with complex payment and encryption systems.

DESIRED SKILLS

  • Bachelor’s degree (US or foreign equivalent) in Information Technology or a related field. Will accept a single or combination of education, experience, or professional certifications deemed equivalent to a US Bachelor’s degree as determined by a qualified credentials evaluation agency.
  • Six (6) months of managerial experience in QSA certifications. Prior work experience must include 6 months of experience: utilizing Network security testing / vulnerability assessment skills; utilizing AWS cloud infrastructure assessment knowledge; utilizing Encryption and key management review knowledge; utilizing Risk Assessment knowledge; and assessment and configuration review knowledge for following platforms: Firewalls – Cisco ASA, Checkpoint, Juniper, Palo Alto, Fortigate, Watchguard, Routers, Switches, Load Balancers, IDS/IPS, Windows Servers, Linux Servers, Unix Servers, IBM Mainframe Z Systems, Amazon Web Services, VMware, and Oracle and SQL database. Must be CISA or CISSP.
  • Must be ISO 27001 Implementer or auditor.
  • Travel required.

WHAT YOU NEED TO DO NOW

Location: 12015 Lee Jackson Memorial Highway, Suite 520, Fairfax, VA 22033
Work Schedule: 9 am to 5 pm, 40 hours a week.

QUALIFIED APPLICANTS: Please email resume to jobs@controlcase.com and reference requisition #102018-CERT-SVP

User experience (UX) designer
As our Creative UX Designer, you’ll craft the creative visual direction, branding identity, user experience, print and overall design of ControlCase products. You will work with the rest of the Product team to develop and iterate on creating a compelling, engaging, and pleasing user experience.

RESPONSIBILITIES

  • Craft the creative visual direction, branding identity, user experience, print and overall design of ControlCase products
  • Collaborate closely with senior developers to implement UX solutions
  • Support organizational UX process and production needs
  • Work with delivery teams to ensure that design goals are maintained through implementation

DESIRED SKILLS

  • Bachelor’s degree in UX Design or related
  • 3 to 5 years of experience in professional graphic design, preferably in web design
  • Mastery of creative software – including Sketch and Adobe Photoshop, Illustrator, and InDesign – and knowledge of how to turn these designs into working user interfaces. Experience with video editing or animation a plus.
  • Knowledge of UX, graphic, and web design standards
  • Passionate about owning and advancing our visual identity across a variety of media, including web, email, print, t-shirts, and more.
  • Up-to-date knowledge and ability to apply user interface design and user experience principles to responsive, mobile-friendly web design.
  • Ability to manage external design contractors to ensure that we have a consistent look-and-feel and that projects stay on time and on budget.
  • The vision of how different aspects of ControlCase products fit together into a cohesive user experience and what elements need to be changed, added, or removed to improve the experience.
  • The sense of humor, belief in our core values, and desire to change the world.

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

IT Audit Manager (QSA)

The IT Security Audit Manager leads security assessments of client IT environments against various industry standards and regulations including PCI, HITRUST, ISO 27001/2, HIPAA, Sarbanes-Oxley, and others. The Audit Manager (QSA) works with the client, and other ControlCase teams, over the life of the project to ensure that security controls are appropriate and compiles the information gathered in a final assessment report.

RESPONSIBILITIES

  • Leads execution of multiple concurrent technology assurance and project audits primarily as engagement supervisor in accordance with rigorous policy and work paper standards and within tight timeframes
  • Assesses key risks and controls and designs innovative and appropriate broad based coverage across a technology and/or business activity, exhibiting exceptional judgment regarding issue identification, issuing draft findings to client management, and drafting and issuing final audit reports with limited guidance
  • Functions as a team leader and is an expert at organizing and leading teams/projects, helping recruit/hire candidates, and on-boarding, training, providing interim performance feedback and helping coach those team members
  • Transfers knowledge and understanding of audit methods and critical/complex business information
  • Develops valuable and trusting relationships with internal business partners by executing efficient audit work and offering suggestions to enhance risk management based on an enterprise-wide view of technology risk management
  • Managing certification projects along with team to ensure clients meet their compliance and certification goals
  • Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks, exposures, define and implement compensating controls
  • Work independently to collect, consolidate and analyze information required for the evaluation of security controls and gaps
  • Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI, HITRUST, ISO 27001/2, HIPAA, Sarbanes-Oxley, etc.)
  • Extensive travel to client sites as needed

DESIRED SKILLS

  • At least 7-8years of experience in an IT security audit, assessment, and/or compliance role
  • Strong knowledge of the PCI-DSS security standards
  • Current or former PCI-QSA certification, with experience preparing and presenting Reports on Compliance (ROCs)
  • Strong background in auditing IT Security controls. Demonstrated leadership and the ability to successfully manage multi-functional or diverse areas
  • One of the following certifications is must: CISM, CISSP, CISA
  • Ability to travel up to 60% annually
  • Excellent project management and time management skills. Capable of tracking and executing numerous parallel activities, work efficiently and independently with minimal supervision
  • Self-motivated and self-enabler
  • Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
  • Outstanding problem solving and analytical skills with ability to turn findings into strategic imperatives
  • Ability to communicate effectively, in both written and verbal formats, with senior executive-level leaders

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

PCI Qualified Security Assessor (QSA)

The PCI QSA performs security assessments of client IT environments against various PCI SSC standards and regulations including PCI DSS, PA-DSS, P2PE etc. The PCI QSA performs these assessments both remotely and at client sites, gathering evidence of controls in place to assess the controls and identify gaps.

RESPONSIBILITIES

  • Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks and vulnerabilities within the client environments
  • Able to analyze cardholder data flows (business and application data flows) and accordingly identify the risks to cardholder data
  • Provide in-house training to clients on PCI DSS awareness
  • Work independently to collect, consolidate and analyze evidences of clients PCI DSS compliance and meet the internal quality assurance requirements
  • Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI DSS, PA-DSS, P2PE.)
  • Extensive travel to client sites as needed

DESIRED SKILLS

  • Bachelor’s degree in telecommunications or in computer science. A specialization in information assurance is preferred
  • At least 5 years’ overall experience in information security
  • Ability to review network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) configurations and analyze network architectures
  • Ability to review system hardening (Servers/ Virtualization Devices/ Cloud Infrastructure/ Databases)
  • In-depth knowledge and experience in IT Security, including access controls, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption and key management best practices etc.
  • In-depth knowledge and experience with PCI DSS, Risk Management Standards (OCTAVE/ NIST/ISO)
  • Either of the following certifications is mandatory: CISSP/ CISM/ CISA/ GIAC GSNA
  • Good knowledge of common office tools
  • Excellent in English – written and spoken
  • Good project management and time management skills

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

IT AUDITOR

The IT Security Auditor performs security assessments of client IT environments against various industry standards and regulations including PCI, Hitrust, ISO 27001/2, HIPAA, Sarbanes-Oxley, and others. The IT Security Auditor performs these assessments both remotely and at client sites, gathering evidence of controls in place to assess the controls and identify gaps. The Auditor works with the client, and other ControlCase teams, over the life of the project to ensure that security controls are appropriate and compiles the information gathered in a final assessment report.

RESPONSIBILITIES

  • Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks, exposures, define and implement compensating controls
  • Work independently to collect, consolidate and analyze information required for the evaluation of security controls and gaps
  • Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI, Hitrust, ISO 27001/2, HIPAA, Sarbanes-Oxley, etc.)
  • Extensive travel to client sites as needed

DESIRED SKILLS

  • Bachelor’s degree in telecommunications or in computer science. A specialization in information assurance is preferred
  • 3-5 years’ experience in IT security operations
  • In-depth knowledge and experience in IT Security and Telecommunications, including access controls, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, etc.
  • In-depth knowledge and experience with ISO 27000 series, PCI DSS, HIPAA, SOX and risk analysis methodologies and security standards
  • The following certifications are an asset: CISSP, CISM and CISA
  • Good knowledge of common office tools
  • Proficient in English – written and spoken
  • Good project management and time management skills

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

APPLIANCE – APAC & AMERICAS (LOCATION: MUMBAI, INDIA)

RESPONSIBILITIES

  • Able to multi-task and deliver consistently on deadlines.
  • To optimize System performance of SIEM, will be able to provide analysis report to team.
  • Able to roll-out changes across the Board with accuracy.
  • Should be able to act as a Single point of contact for the technical tower in front of the customer management. Ensure proper communication and quick resolution as a crisis manager.
  • Drives day to day operations and work plan allocation/management.
  • Take corrective actions based on the customer satisfaction surveys.

DESIRED SKILLS

  • Expert in Linux operating system any flavor (Red Hat / Ubuntu)
  • Have a solid working knowledge of networking technology and tools, firewalls, proxies, and the OSI Model, including TCP/IP protocols and standards
  • Effective communication (written, verbal and listening), organization and time management skills.
  • Willing/able to handle the client
  • Experience on handling client facing environment.
  • Knowledge of SIEM and information security will be an added advantage.
  • Willing and able to travel (up to 50%)

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

SIEM OPERATION ENGINEER (LOCATION: MUMBAI, INDIA)

RESPONSIBILITIES

  • Study current status of Logging for a customer and bring them to expected state to ensure they are using latest version of ControlCase SIEM, parsing of logs etc. in a predefined period.
  • Develop, Support and Enhance event parsing, log collection and storage, compliance automation and identity monitoring activities.
  • Develop & Enhance processes and procedures around security event management.
  • Configure queries, correlation rules, dashboards, alerts, searches, reports, etc., based on operating systems, platform, data type, and other reporting elements.
  • Troubleshoot log collection from networking devices, operating systems, databases, security applications, and more.
  • Gather and understand technical requirements related to functionality, design, and integration.
  • Install and configure the SIEM including all its components, local & or remote log collectors.
  • Plan & execute SIEM migration activities.
  • Identify, design & implement use cases to address PCI compliance along with specific enterprise security requirement.
  • Preferred Certification: CEH, RHCSS, GIAC, GCIH, GCIA, GREM, SANS.

DESIRED SKILLS

  • Expertise with use of regular expressions.
  • Knowledge of building and managing SIEM rules, reports and offenses.
  • TCP/IP, LINUX operating system and features such as vi, iptables, ssh, cat, tail, grep etc
  • Knowledge about security technologies such as firewalls, encryption using keys, SSL, HTTPS, SSH, intrusion detection, routing switch ACLs, VLAN, Span Ports, Network IDS / IPS platforms.
  • Knowledge of building and managing SIEM rules, reports.
  • Experience with enterprise SIEM architecture and components.
  • Experience with either Alien Vault, AccelOps, Qradar, Splunk, Nitro, LogRythm, ArcSight, OSSIM or others will have added advantage.
  • You need to be dedicated, smart & hunger for learning/experimenting with new technologies/tools etc. Good interpersonal, verbal and written communication skills. Result oriented with good analytical skills.
  • Ability to exercise prudent judgment and offer knowledgeable advice. Ability to work both independently and in a team environment.
  • Knowledge on Security standards like PCI-DSS, ISO 27001, etc.
  • Have a solid working knowledge of networking technology and tools, firewalls, proxies, and the OSI Model, including TCP/IP protocols and standards.

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

CaaS – SECURITY TESTING CONSULTANT (LOCATION: MUMBAI, INDIA)

RESPONSIBILITIES

  • Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for our global clients
  • Review and define requirements for information security solutions
  • Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications)
  • Participate in Security Assessments of networks, systems and applications
  • Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets

DESIRED SKILLS

  • Familiarity with vulnerability scanning techniques
  • Experience with various security tools and products like Nessus, Nexpose, Metasploit, nMap
  • AppScan, BurpSuite, Wireshark and tools available on Kali Linux
  • Broad expertise with multiple operating systems such as Linux and Windows, and network services (HTTP, Databases, etc.) and their inherent security issues
  • Vulnerability analysis and application reversing skills
  • Understanding of cryptography principles
  • Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats
  • Proficient in the use of word processing and spreadsheet based toolsets

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.