NinjaJobs

03/29/2021

We’re excited to announce a new version of NinjaJobs! The latest platform release has a modern look and offers a lot more to the job seeker. Registration is encouraged, but not forced in order to search or view jobs. Expect to see continued development and big updates in the coming weeks!

NinjaJobs is a community-run job platform developed by cybersecurity professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience and excell in placement services.

10/05/2020

New week! New Month! New Roles!!

See below for some of our new openings. Message me or anyone at NinjaJobs for more info.

- SOC Lead (Day Shift) - Fully Remote
- SOC Lead (Mid Shift) - Fully Remote
- Mid-level Threat Analyst - Fully Remote
- Mid-level IR Specialist - NY/NJ Metro
- Sr. DFIR - Fully Remote
- Security PM - Fully Remote
- Sr. Python Engineer - Fully Remote
- Sr. Cloud Security Engineer - DC

Unable to provide sponsorship for these roles.

09/24/2020

*Must be located in the US*
*Cannot provide visa sponsorship*

Senior Forensic Analysts are the frontline leads of our digital forensics and investigative function. This position will plan and build capabilities to address the forensics program needs of key stakeholders throughout the company. Successful candidates will have extensive experience understanding business functions, IT systems, networking, network exploitation and common threat actors.

Responsible for conducting live host forensics, log analysis, and data collections as well as the technical and non-technical written and verbal communications, documentation and presentation of these communications. Responsible for ex*****on of daily enterprise forensics activities, supporting incident response activities and maturing the security program.

Conduct detailed technical analysis of internal systems to find indicators of compromise, identify malicious activity, establish timelines of events, and propose technical fixes. Provide tactical expertise during the ex*****on of high and critical severity crisis management engagements to actively defend the company. Build and execute new forensics capabilities to support the strategic direction.

Knowledge and experience in the following areas:
• Understand the strategic priorities, objectives and challenges of the business.
• Map core business components to critical technology and information components.
• Build and deliver non-technical and technical briefings to organizational stakeholders
• Safely perform collection of live forensics evidence (hard disk, memory, log, etc..) off a wide variety of applications and operating systems.
• Perform in-depth technical analysis and reporting of investigation results (including endpoint, network and malware analysis)
• Develop new forensics capabilities, identify requirements and collaborate with IT Security and traditional IT teams

09/11/2020

🇺🇸 🇺🇸 🇺🇸 🇺🇸 🇺🇸

08/10/2020

*Currently remote and will eventually be on-site in DC post COVID*

*Salary range $100-$140k/year*

*Must be able to obtain Public Trust clearance*

This position is a hands-on technical position. You will be based in our offices in Washington, DC and will be part of our Cyber Risk practice. This group supports client facing challenges developing and implementing tailored concepts and technologies for risk recognition, measurement, and control.

This includes gathering and analyzing information, formulating and testing hypotheses, and developing (technically & functionally) and communicating recommendations. You will use your expertise and handle a variety of cyber risk topics, including IT infrastructure, Software development, and technology risk. You will help us to integrate strategic perspectives and approaches with actual operations and process redesign capabilities.

Additionally, you will help Dragonfli develop our expertise in this area and you’ll have the opportunity to shape this fast-growing initiative. As a consultant, you will receive exceptional training as well as frequent coaching and mentoring from colleagues.

University degree ideally in computer science, mathematics or business degree with specialization in technology management
Relevant work experience in a professional services environment or industry/tech company
Demonstrated aptitude for analytics
Proven experience in cyber security strategy, technology development, and risk-based digital resilience transformations
Practical knowledge in IT risk management, information security and technology risk
Proven record of leadership in a work setting and/or through extracurricular activities
Ability to communicate complex ideas effectively – both verbally and in writing
In addition to the above Role Description and Qualifications, below outlines the initial day-to-day responsibilities in client delivery and Dragonfli capability development.
This position is a hands-on technical position leading a cybersecurity SOC. This is a client-facing position that will be working with one or multiple of our top client partners. In this role, you will be performing hands-on technical and functional risk management work. Below outlines potential day-to-day delivery work for one of our global critical infrastructure clients.
Coordinate response to threats through managing team members effectively. Running the SOC on a day-to-day bases, hands-on.
Documenting processes and recording incidents.
Utilize cyber SOC tools and operating systems
Coordinate and monitor patch/remediation discovery, assessment, testing and deployment activities
Collect and document patch testing and deployment evidence
Document change control/release management tickets
Coordinate Mitigation plan development and management
Interface with appropriate vendors when troubleshooting activities arise from patching
Address concerns, issues, or problems with remediation activities
Develop lessons learned and continuous improvement process
Must have superior communications skills (both verbal and written) as this role will serve as the "face" of the department's security team to component agencies. Candidate must provide writing samples.
Public Trust Clearance (only) and 5-panel drug screen pre-employment required

07/30/2020

***This position is remote but the candidate must sit on the East Coast***

The Cyber Security Team is looking for a Cloud Security Manager to provide hands on leadership in defining cloud security strategy and requirements; and then implementing our cloud continuous monitoring solution. This solution will be used to measure and enforce security policies and detect threats across both GCP And Azure. This candidate will work across our Cloud Center of Excellence, Security Engineering, Security Architecture, Incident Response, and Governance, Risk, and Compliance functions in the implementation of the solution.
Responsibilities
• Manage a small team of security analysts through a direct or matrixed environment
• Develop company Cloud security strategy for IaaS, PaaS, and SaaS
• Be the subject matter expert for various teams to rely on vis-a-via cloud security
• Design and implement cloud security continuous monitoring solution
• Responsible for technical development/testing standards within the team
• Work with the Cloud owners to understand Cloud vision and requirements
• Work closely with the Strategic Business Units, Cloud Center of Excellence, Security Architecture, and Governance teams to codify security policies across the GCP and Azure environments
• Assist in developing automated runbooks to remediate policy findings
• Bring a passion to stay on top of latest technologies; identify and lead the team through opportunities to improve our cloud security portfolio with latest technology as appropriate
Required Skills
• 5+ years development experience with programming languages such as Python, Go, Java, etc.
• 3+ years’ experience developing tools on, or hardening of, Azure or GCP platforms
• Experience with software build, deployment, and configuration technologies
• Ability to pick up new technologies and languages quickly as projects require
• Strong problem-solving skills
• Good personal communication skills are vital
• Information Systems, Computer Science Bachelor's Degree OR equivalent experience
• Experience working with Information Security teams and technologies
Desired Skills
• Experience working with cloud continuous monitoring solutions
• Experience with security related regulatory requirements in the cloud such as NIST, NERC-CIP, PCI, etc.

07/22/2020

This position is REMOTE with up-to 25% travel (post COVID). No travel currently and entire hiring process is virtual.

*** Must be based in the US ***
*** Cannot provide visa sponsorship ***

Immediate need for a technical IR Lead. Looking for a strong IR professional who is willing to lead and grow an IR team. This person should be technical enough to participate in IR activities as needed along with managing the day to day activities of the IR team. It would be split about 50/50 between technical IR work and IR program management.

• Responsible for managing a team of security analysts who are charged with the analysis and management of incident response data from a variety of sources
• Determine work requirements, priorities, and maximize the effectiveness of analysts through efficient scheduling and cross training
• Provide oversight to incident response activities (triage, root cause analysis, escalations, notifications, communication, etc)
• Determine the severity level of incidents, act as a conduit for escalation and ensure accordance with requirements
• Provide technical investigative support to other departments as required
• Develop and maintain IR Procedures to ensure incident response policy, procedures, and work instructions stay current and effective
• Provide regular reporting of IR metrics with specific attention to efficiency and effectiveness measures • Recommend courses of action based on analysis of both general and specific threats
• Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments
• Advanced knowledge of networking, operating systems fundamentals
• Having one or more security certifications such as SANS/GIAC, CISSP, CEH, OSCP
• Advanced computer forensic or network forensic certifications
• Excellent communication skills

07/14/2020

** Not able to provide visa sponsorship **

** Candidate must be able to work on-site in Reston, VA **

DevOps Engineer II will coordinate and manage the entrance of new hardware and software into the IT computing environment and define the process for release package assembly, version control, migration control, release preparation and acceptance, communication and installation

Responsibilities:
• Independently plans and delivers specific functionality within their expertise.
• Presents and or defends the work to the team or other organizations. Has defined specialties in primary areas of responsibility
• Collaborates using open communication and reaching across functional borders
• Develop sound version control best practices based CM systems (Clearcase, SVN, GIT , etc.), including branching and merging strategies
• Perform configuration management for all different applications running on all environments and manage the production release process that ensures the reliability and availability of the platform
• Maintain up to date and relevant play books and documentation in support of the different platforms/programs
• Contribute in developing best practices for infrastructure as code (eg : Puppet, Shell scripting), software build tools (Maven, ANT, Shell ) and continuous integration tools (Jenkins, Hudson), and infrastructure automation (VM Ware, Puppet, Chef, etc)
Requirements:
• 5+ years of hands on AWS development experience using Python, Java, node.js and scripting.
• 5+ years of work experience with AWS code pipeline, AWS deployment automation, AWS Service Catalog.
• Must be familiar with working in a Federated Access AWS environment.
• Understanding of information security scanning and monitoring tools.
• Familiar with DataSunrise, Guardium or Varonis is a plus.
• Demonstrated ability to learn new technologies and business requirements
• Proven analytical and problem-solving skills
• Experience with implementation methodologies
• Strong communication skills, both written and oral; Ability to build and deliver presentations to all levels of the business and effectively explain complex issues and concepts in simple, understandable language
• Ability to work under minimal supervision
• Effective oral, presentation, and written communication skills

07/13/2020

This role is for a resourceful cybercrime intelligence analyst to conduct web-based research and produce analytic reports in a fast-paced, product-driven environment.

Job Duties:
Research and analyze content from unindexed areas of the internet
Produce concise, written analysis and visual presentation of findings
Quickly understand and deliver on company and customer requirements
Write tactical and strategic assessments under deadlines
Experience with information security, network security, or computer network operations
Produce short and long term research and investigative support to support understanding of emerging cyber threats

Requirements:
Ability to operate in a fast-paced, product-driven environment
Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures
Knowledge of and the ability to detect and prevent business crimes that involve computers/networks as instruments
Advanced understanding of cyber slang and the workings of the cyber underground economy
Operate semi-autonomously to conduct collection, create solutions and support intelligence production per the standard operating procedures, with minimal guidance from your supervisors.

Would like to see:
Proficiency in at least one of following: Python, JavaScript, C #, or other computer language
Experience refining source information and raw data into intelligence products
Experience in a cyber threat intelligence organization to include military, intelligence community or commercial
Experience in link, pattern and trend analytical techniques and analytical platform
Security+, Net+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or related certifications preferred

07/13/2020

This is a remote job opportunity. Position requires candidates to be located in the US for occasional travel. Cannot provide sponsorship for candidate to work in the US.

POSITION: Software Developer
EXPERIENCE: Minimum 3-5 years
LOCATION: USA Remote
We are looking for a passionate back-end developer who is deeply driven by a passion for
building highly scalable products that customers love. You would be building technology
solutions for the Cybersecurity domain, but your job is not just to build, but also ideate on what
would be best for our customers. You will drive the development of features from proposals to
polished end results and earn experience in working with cross-functional teams to design, build
and roll-out products that deliver the company’s vision and strategy.

Responsibilities
● Develop features from proposal to polished end result
● Manage and review code contributed by the rest of the team and work with them to get it
ready for production
● Take initiative in improving the software in small or large ways to address pain points in
your own experience as a developer
● Keep code easy to maintain and keep it easy for others to contribute
Skills and Qualifications
● Bachelor’s degree or higher, in Computer Science, Engineering, IT or a related discipline
● 1-2 years of practical experience in building Django applications is a huge plus.
● Knowledge in Python, with the ability to build efficient REST API using Django REST
Framework
● Knowledge of scheduling framework or event-driven programming in Django.
● The ability to naturally follow good development practices like test automation, CI/CD,
source version control, GitHub, etc.
● Experience in designing scalable micro-services required
● Understanding of the threading limitations of Python, and multi-process architecture
● Good understanding of server-side templating languages
● Knowledge of user authentication and authorization between multiple systems, servers,
and environments
● Understanding of fundamental design principles (including MVC).
● Good hands-on experience in working on a scalable AWS environment
● Experience with different RDBMS and NoSQL databases like MySQL, MongoDB, etc.
● Understanding of caching architecture and usage of different datastore like Redis,
Memcache, etc.
● Strong unit testing and debugging skills
● Proficient understanding of code versioning tools such as Git
● Knowledge of different message brokers like Rabbitmq, Kafka, Redis, etc.
● Knowledge about caching mechanism using Redis, Memcache, etc.
● Strong proficiency in data structure and algorithms
● Knowledge of different RDBMS or NoSQL databases. Understanding of the associated
use cases and application of both the technologies

● Knowledge of container technologies like Docker, k8s, etc.
● Knowledge of OOPS and different design patterns like strategy, adapter, etc. to build a
modular and scalable solution
● Good understanding of the RBAC controls
● Understanding of secure coding principles
● Self-driven approach to enjoy technical challenges and is eager to explore new
technologies
Bonus
● Experience in developing product from scratch
● Good understanding of Elasticsearch
● Experience of working in startup culture

07/13/2020

We are looking for a Digital Forensic Examiner in the Cyber Security and Digital Forensics Department – currently consisting of 8 people. We need a highly driven, motivated, creative, reliable, diligent, and clever person. We are in a competitive environment and we need to “hack it” with innovative approaches. The desired candidate should have some hands-on technical experience and theoretical understanding of Forensic Science, Cyber Security experience, and be able to roll up their sleeves and do some work on his own as needed.

Requirements/Qualifications:
• Minimum of 3 years of cyber/digital forensic investigative experience
• Minimum of 1 years of Incident response experience
• Minimum of 3 years of experience in Windows desktop, server OS, Linux
• 1 professional certifications such as: GCFA, CISSP, EnCE, CISA, GCFE, GCIH, CEH required
• Technology skills with Cyber Security/Forensic Software (AccessData, Encase, etc.) and Microsoft Office (PowerPoint, Excel, Word, Outlook); experience preferred
• Ability and confidence to communicate effectively and coordinate with the internal team
• Drive to join the Technology Cyber Security profession
• Confident and dynamic personality with Strong communication skills
• Work in a fast-paced emerging startup environment
• Ability to work under strict deadlines and work independently or as part of a team
• Creative “hack-it” type of thinking

Responsibilities:
• Manage Cyber Security and Digital Forensics engagements for clients, team leader and responsible for Lab organization, including policy and physical location
• Manage on boarded clients with IR retainers from technical perspective
• Digital forensic investigations and remediation, including after breach recovery and technical assessments
• Responsible originator and implement internal security, policies and procedures for IT security areas
• Cyber Security assessments including threat assessments such as threat hunting, and product demos
• Working on various projects for clients – implementations, integrations, consulting and advisory
• Preparing technical and awareness training for internal staff and clients
• Present at conferences and industry events
• Independently lead computer incident investigations, determining the cause of the security incident and preserving evidence for potential legal action
• Perform detailed forensic analysis on computers, phones, any other digital media interface with business function owners, legal, human resources, technical personnel and others
• Make recommendations on corrective action for incidents
• Produce security incident and investigation reports/briefings
• Willing to be called upon as an expert witness at criminal/civil trials
• Analyze infrastructure security incidents to determine if incident qualifies as a legitimate security breach
• Teach other team members advanced techniques in forensic investigations
• Office hours are 9am-6pm schedule and some weekends; Reports directly to Forensics Management
• Able and willing to travel between 30-40% of the time whenever necessary
• Secure evidence and lab equipment management
• Examination and reviewing of forensic evidence and cases
• Creation/modification of forensic reports based on examination results
• Testing new forensic tools and updates, with documentation creation
• Virtual machine and workstation management for Cyber Security and forensic purposes
Preferred Skills:
• Experience with memory analysis software such as Volatility or Redline
• Knowledge of laws related to computer intrusions and data privacy requirements
• IT Security Architecture
• Data Privacy
• Understanding of data networking and computer hardware
• Knowledge of Mac and Linux OS
Professional Skills:
• Excellent problem solving skills
• Strong oral and written communication skills
• Ability to multi-task and prioritize workload
• Detailed oriented in investigations and communications
• Ability to communicate technical investigation results to non-technical functions such as HR or legal
• Very strong sense of ethics/values — ability to handle confidential investigations with discretion

07/09/2020

We are seeking an experienced Associate Director of Pe*******on Testing with over 10 years of Cyber Security experience (minimum 5 years managing teams that support pe*******on testing and/or red team programs) to join our Enterprise Information Protection team. The candidate will lead our Pe*******on Testing program and drive key initiatives to increase our program maturity.
Pe*******on Testers carry our offensive security assessments to enumerate weaknesses, identify needed security improvements, and validate our security control effectiveness.
The Associate Director will focus on continuing to build out the teams, developing vision and strategy for pe*******on testing, continuously optimize capacity and efficiency of pe*******on testing, and partner with the CISO and other stakeholders to determine which assets to prioritize testing for.

Primary Responsibilities
• Lead a team of Pe*******on Testers focused on ethical hacking and simulated attacks against web, mobile, cloud and network assets.
• Must have prior Kanban experience and be comfortable leading a Kanban team.
• Strong engagement skills with experience discussing security requirements and issues with senior management from both the business and technology, as well as with developers and technologists.
• Develop a model to support a continuous lifecycle of pe*******on testing that align with the business and focus on the highest risk areas of the company.
• Focus on continuous process optimization and coverage to achieve capacity gains without necessarily adding more people.
• Provides direction and thought leadership to enterprise-wide initiatives applying security principles such as access control, encryption, and host security as well as state of the art and emerging technologies such as cloud computing, mobile computing, and next generation architecture.
• Collaborate with IT and Developers to design and implement remediation solutions.
• Knowledge with tools and industry standards such as Mitre ATT&CK, PCI, SOx, NIST, HiTrust, and OWASP.
• Solid knowledge and understanding of systems development life cycle (SDLC), CI/CD pipelines and Agile methodologies
Required Qualifications
• Bachelor's degree in an IT-related field required; post-graduate degree is a bonus, but not required.
• 6 or more years of experience in or leading Threat and Vulnerability Management, Pe*******on Testing, or Red Teaming
• 2 or more years of management experience
• Must be passionate about contributing to an organization focused on continuously improving consumer experiences
Location Requirements
Preferred locations are Washington D.C. or Louisville Kentucky.