+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 45
  1. Member
    Join Date
    Jan 2014
    Posts
    57

    Certifications
    MCP | MCSA:Windows Server 2012 | MCSE:Windows Server 2012 R2 | CCENT | CCNA | VCP-NV
    #1

    Default An Unrealistic Job Posting? - IT Security Engineer III - Active Directory

    So i just came across this.. and when i read it...I was just stunned. You really gotta watch out for stuff like this.. Googling some of this description, listed a few Staffing agencies who have " tried to fill the position. " Which further tells me, this post is even more questionable..

    a few things...

    1) Who in the world is experienced in Coding or basically a Programmer, and has Security experience?

    2) Why would anyone with a Security related certification, have any know-how of Active Directory? I mean the 2 just dont mix.

    3) On top of all of that, who would have Unix, Linux, BSD, or Cisco iOS experience to go along with it?

    4) No mention of a Linux+, Cisco Cert or Microsoft Cert, which in reality is what they are really after?

    5) They want someone with HIPPA and SLA experience but they dont even mention ITIL?

    Just a terrible, horrible job posting.


    JOB SUMMARY
    Designs, develops, configures, and implements solutions to resolve complex and highly complex technical and business issues related to related to information security, identity management, user access authentication, authorization, user provisioning, and role-based access control.
    Designs, develops, and implements solutions to successfully integrate new information security and identity management systems with the existing architecture.
    Provides end-user support as directed by management and works on multiple functions of high complexity. Identifies and recommends functional, technological and/or control solutions.
    May drive one or more projects as part of a Security or Security Risk Management team.
    Acts as a subject matter expert (SME) for one or more security, IDM, or risk management areas.
    May act as team-lead for other security or risk management personnel.

    ESSENTIAL FUNCTIONS
    Coaches and trains engineers integration of systems, including but not limited to databases, applications, network elements and devices, and data storage
    Guides an mentors engineers on the development of custom scripts, programs, and application interfaces to enhance existing monitoring infrastructure as part of project team efforts
    Pursue continuing education to maintain advanced knowledge of best practices, compliance requirements, and threats and trends in identity management and information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team
    Develop root-cause analysis strategies to determine improvement opportunities when failures occur. Contribute as lead and SME on incident research and resolution when appropriate, mentoring incident team members
    Assist in Continual Service Improvement efforts by identifying, and sometimes leading, opportunities for process improvement
    Manage workload, prioritizing tasks and documenting time, and other duties.
    Provides training, coaching, and mentoring for Engineers and Senior Engineers in the IT Security organization
    Assists management in the definition of cross-platform information security and/or identity management policies and procedures as well as a senior contributor on departmental (IT Security) standard operating procedures, processes and guidelines.
    Drive and participate in the collection and documentation of departmental knowledge artifacts; key participant in the development, population, and championing of knowledge management and collaboration systems for the IT Security team.
    Communicates complex technical information to team members and all levels of management.
    Provides identity management advice and support for network systems and applications



    Act as a security advocate for IT operations team"s adherence to Dignity Health policies and industry best practices

    Mentors and guides fellow engineers in the selection, installation, integration, configuration, and maintenance of information security systems.
    Defines Information Security frameworks for existing and new systems.
    Review and perfect diagrams, maps, and documentation of interrelated architecture and systems, pro-actively review solutions to determine possible failure points, coaching engineers accordingly.



    EXPERIENCE


    6+ years" experience in enterprise-scale information security engineering and operations required.

    Experience evaluating and implementing new hardware and software solutions and managing vendor support/SLA required.

    Experience with UNIX/Linux/BSD operating systems preferred.
    4+ years technical project experience designing, developing, integrating, and implementing solutions to resolve complex technical and business issues preferred.
    Coding experience and proficiency (e.g. Python, Perl, Ruby, PowerShell, Java, bash, etc) preferred
    Experience in Windows Office (Work, Excel, etc) required.
    Experience in UNIX/Linux OS and/or Cisco IOS strongly preferred.

    EDUCATION
    Bachelor"s Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required.

    TRAINING/CERTIFICATIONS
    Two or more relevant technical/professional security certifications (such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific) required.

    SPECIAL SKILLS
    Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, PCI, Sarbanes-Oxley preferred.
    Last edited by Thechainremains; 03-04-2015 at 08:51 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #2
    These people are rare, but they exist. Many security engineers definitely have AD experience along with Linux and network management. Scripting is a common skill, perhaps even coding (although that's more rare).

    I don't have a programming background, but I've done AD/Windows, Linux, IOS, ASA, other networking/security devices, endpoint management, etc.. I don't have the auditing or compliance/governance background, but some out there might along with everything else.
    Reply With Quote Quote  

  4. Senior Member joelsfood's Avatar
    Join Date
    Sep 2014
    Location
    Chicago, IL
    Posts
    983

    Certifications
    CCIE:DC, CCNP:DC, CCNA:DC, CCDA, VCP:DCV, VCP:NV, JNCIA-JUNOS
    #3
    There are definitely people out there that fit this. You have to have security knowledgeable people who can code to write the security apps that we all use. Similarly, you can't write and enforce security policies for active directory unless you have some idea of how they work.

    That being said, a lot of the time a post like this is casting the widest net, and then use interviews to find someone who is the actual best match they can find for the job.
    Reply With Quote Quote  

  5. Padawan d4nz1g's Avatar
    Join Date
    May 2013
    Location
    Brazil
    Posts
    430

    Certifications
    CCIE RS, CCNP RS, CCNA RS, CCNA S, ITILF
    #4
    Why is it horrible? Just because you don't fit on it?

    They are looking for a real Security ENGINEER, with reverse engineering, coding and infrastructure experience. It is not unrealistic.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Feb 2015
    Posts
    14

    Certifications
    CCENT, A+
    #5

    Default see them all the time

    I see postings with similar lists of qualifications all the time. I'm sure there are a few people out there with all of these skills, but they are likely few and far between. Just about every security job posting I'm seeing recently has need for Linux and Active Directory, a few have called for programming skills such as PHP, Perl, etc. I'm just wishing I had all those skills!
    Reply With Quote Quote  

  7. Member
    Join Date
    Jan 2014
    Posts
    57

    Certifications
    MCP | MCSA:Windows Server 2012 | MCSE:Windows Server 2012 R2 | CCENT | CCNA | VCP-NV
    #6
    Quote Originally Posted by d4nz1g View Post
    Why is it horrible? Just because you don't fit on it?

    They are looking for a real Security ENGINEER, with reverse engineering, coding and infrastructure experience. It is not unrealistic.
    NO.

    It's horrible because Employers like to copy off each other.. meaning.. if two or three start doing it, than another 5 or 6 will.. Sooner or later.. their will be quarter of the job market looking for ridiculous skill sets that no one will have.

    If they wanted a real security engineer, they would have asked for more Certs like Microsoft/Linux/Cisco. Then at that point.. it makes sense.. but the combination of all those random certs, just doesnt make sense at all..

    It's all over the place.. That's why it's a horrible job description.
    Reply With Quote Quote  

  8. Member
    Join Date
    Jan 2014
    Posts
    57

    Certifications
    MCP | MCSA:Windows Server 2012 | MCSE:Windows Server 2012 R2 | CCENT | CCNA | VCP-NV
    #7
    Quote Originally Posted by castagnolac View Post
    I see postings with similar lists of qualifications all the time. I'm sure there are a few people out there with all of these skills, but they are likely few and far between. Just about every security job posting I'm seeing recently has need for Linux and Active Directory, a few have called for programming skills such as PHP, Perl, etc. I'm just wishing I had all those skills!
    We all wish we had every skill.. You and me both.

    If I had serious programming skills I dont think I would be looking for to work at an employer.. I'd be on my 10th Apple or Android app, raking in the royalty income.
    Reply With Quote Quote  

  9. Senior Member Expect's Avatar
    Join Date
    Jul 2013
    Location
    Canada
    Posts
    247
    #8
    I'm sorry but this is far from being an unrealistic job description

    Security engineers need wide range of experience in many fields, active directory goes under the access control field which is one of the specialties a security guy must have under his/her belt.

    regarding coding, knowing how to code doesn't necessarily mean you have to have a BSc in computer science, you could very well know how to code in Python/PHP/any other and be able to udnerstand languages that you may not necessarily have coding experience in.

    to be able to call yourself a good security engineer you can't just know Microsoft server. I personally know security engineers who are at instructor level of expertise in both Linux and WIndows paltforms, know how to code in various languages and have good understanding in web development.

    take this one for example:
    you purchased a monitoring system from vendor A. vendor A provides you with a Linux image that you simply need to deploy into your VMware vCenter for example, and the web application is ready to use out of the box.

    how will you audit this? you need to udnerstand how Linux hardening works, how to configure your firewall iptable, which sysctl directives are important, which services can be disabled, how to define password policies and expirations. and I'm just talking about OS-level here, what about the web application itself? you need to understand the various attack vectors and weaknesses a web-application might have. Stored/Reflected/DOM XSS, XXE, CSRF, yadda yadda yadda.

    Change the scenario so that vendor A provides you with a Microsoft based image, now you need to understand how to harden a microsoft server. a completely different field of expertise under security.

    In this simple example I have already covered network security, Linux security and web application security...does that sound unrealistic to you? it's the day-to-day work of good security people.
    Last edited by Expect; 03-04-2015 at 02:53 PM.
    Reply With Quote Quote  

  10. Member
    Join Date
    Jan 2014
    Posts
    57

    Certifications
    MCP | MCSA:Windows Server 2012 | MCSE:Windows Server 2012 R2 | CCENT | CCNA | VCP-NV
    #9
    Quote Originally Posted by Expect View Post
    I'm sorry but this is far from being an unrealistic job description

    Security engineers need wide range of experience in many fields, active directory goes under the access control field which is one of the specialties a security guy must have under his/her belt.

    regarding coding, knowing how to code doesn't necessarily mean you have to have a BSc in computer science, you could very well know how to code in Python/PHP/any other and be able to udnerstand languages that you may not necessarily have coding experience in.

    to be able to call yourself a good security engineer you can't just know Microsoft server. I personally know security engineers who are at instructor level of expertise in both Linux and WIndows paltforms, know how to code in various languages and have good understanding in web development.
    I didnt say it had to be all Microsoft Certs.. Im guessing your hinting at the current certs I have...

    Just look at this: such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific.

    Now you tell me, if any of that spells out having expertise in Linux or Windows?

    You could be a Department of Defense Security Guru.. and not know Windows Server.. Again i am just saying this posting is just Misguided..
    Reply With Quote Quote  

  11. Senior Member Expect's Avatar
    Join Date
    Jul 2013
    Location
    Canada
    Posts
    247
    #10
    Quote Originally Posted by Thechainremains View Post
    I didnt say it had to be all Microsoft Certs.. Im guessing your hinting at the current certs I have...

    Just look at this: such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific.

    Now you tell me, if any of that spells out having expertise in Linux or Windows?

    You could be a Department of Defense Security Guru.. and not know Windows Server.. Again i am just saying this posting is just Misguided..

    TBH, i haven't bothered looking at anyones certs, I simply gave an example which involved microsoft server.
    and for your question, no, the certs do not spell out having expertise in linux or windows, but security related roles often combine both becasue most networks involve both Linux and Microsoft servers.

    regarding the certs portion of the job description:

    TRAINING/CERTIFICATIONS
    Two or more relevant technical/professional security certifications (such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific) required.

    they obviously can't list all possible certs, they clearly stated 'such as', doesn't have to be any of those to my understanding...
    Reply With Quote Quote  

  12. Senior Member aftereffector's Avatar
    Join Date
    Dec 2013
    Location
    NC
    Posts
    512

    Certifications
    CISSP, CASP, CCNA R/S, CCNA Security, MCTS
    #11
    This looks like a good job posting from a company that knows more or less what they want. From the first sentence of the Job Summary:

    Designs, develops, configures, and implements solutions to resolve complex and highly complex technical and business issues related to related to information security, identity management, user access authentication, authorization, user provisioning, and role-based access control.
    RBAC, that's your Active Directory requirement right there.

    Guides an mentors engineers on the development of custom scripts, programs, and application interfaces to enhance existing monitoring infrastructure as part of project team efforts
    And there's your coding or scripting. The EXPERIENCE section asks for Python, Perl, Ruby, PowerShell, Java, bash, etc., which are mostly scripting and API languages. Any good security engineer with 6+ years of experience (another requirement) will pick up some scripting along the way just to make her life easier.

    Experience in UNIX/Linux OS and/or Cisco IOS strongly preferred.
    Looks like they have UNIX/Linux systems and Cisco networking devices as well as some Microsoft workstations. As a security engineer, you would need to know how to harden all three of those types of systems - Windows, Linux, and Cisco IOS. The posting isn't looking for a network engineer or systems administrator, which is why they didn't list CCNA/CCNP or MSCA/MSCE as a required certification, but the engineer is still going to have to be familiar with the security ramifications of all of that technology.

    TRAINING/CERTIFICATIONS
    Two or more relevant technical/professional security certifications (such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific) required.
    And there are the security-specific cert requirements. Overall, this looks like a pretty standard job listing for a SECURITY engineer - emphasis mine.
    Reply With Quote Quote  

  13. Senior Member MTciscoguy's Avatar
    Join Date
    Apr 2014
    Location
    Montana
    Posts
    540
    #12
    I don't find it to be unreasonable at all, I have experience in many of those areas and worked on a lot of that type of systems while I was in security and intelligence gathering while at the Pentagon, I had many guys and gals that work for or with me that had those skills as well. I have worked on computers and different operating systems, programming, scripting, etc for over 30 years. So from my standpoint and knowledge level it looks like a very good in depth job listing with the specifics that this company wants and requires.
    Reply With Quote Quote  

  14. xnx
    xnx is offline
    Cisco n00b xnx's Avatar
    Join Date
    Feb 2014
    Location
    UK
    Posts
    453

    Certifications
    BSc IT & CSc, CCNA R&S, CCNP R&S + Other vendor certs..
    #13
    Not unreasonable, these type of people are those who DESERVE a high paying job
    Getting There ...

    Lab Equipment: Using Cisco CSRs and 4 Switches currently
    Reply With Quote Quote  

  15. Padawan d4nz1g's Avatar
    Join Date
    May 2013
    Location
    Brazil
    Posts
    430

    Certifications
    CCIE RS, CCNP RS, CCNA RS, CCNA S, ITILF
    #14
    Yea, maybe they are looking for a pentester.
    Not every security positions are all about watching logs and configuring proxy/firewall rules.
    Reply With Quote Quote  

  16. Senior Member Mitechniq's Avatar
    Join Date
    Jun 2012
    Posts
    275

    Certifications
    CCNA, GIAC G2700, VCP5-DCV C|EH, ISC2 CISSP, AWS-SAP (Most have Expired)
    #15
    The position is exactly what I do...

    I am on a Systems Engineering and Technical Assistance (SETA) contract for the Department of the Army.
    Reply With Quote Quote  

  17. Senior Member rsutton's Avatar
    Join Date
    Sep 2007
    Location
    SF Bay Area, Ca
    Posts
    1,015

    Certifications
    83-640, 70-642, 70-662, ICND1
    #16
    You seem mad... because the employer wants someone with a variety of specific skill sets, and you are worried other employers will copy that? If employers can find these candidates then kudos to them. If they can't they will need to revise their expectations. Why worry about something that is completely out of your control, and has little basis to legitimately be concerned?
    Reply With Quote Quote  

  18. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,662

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #17
    Honestly this sounds like position I would want in a few years... right now I do systems support, and currently working on my networking certs, and after that I plan on learning python and working on my security certs....
    Reply With Quote Quote  

  19. Senior Member MTciscoguy's Avatar
    Join Date
    Apr 2014
    Location
    Montana
    Posts
    540
    #18
    Quote Originally Posted by Mitechniq View Post
    The position is exactly what I do...

    I am on a Systems Engineering and Technical Assistance (SETA) contract for the Department of the Army.
    Exactly, when I was in the Army, we contracted a lot of people with your skill set.
    Reply With Quote Quote  

  20. Achieve excellence daily
    Join Date
    May 2012
    Location
    Washington State
    Posts
    1,380

    Certifications
    CISSP
    #19
    Many of the security folks I know have a development and sysadmin/networking background so this doesn't seem to far fetched to me.
    When you go the extra mile, there's no traffic.
    Reply With Quote Quote  

  21. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,284

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #20
    Doesnt sound too far fetched to me as well. I have a majority of that experience, minus the programming aspect.
    I do know security, *nix, and AD pretty well.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  22. Member
    Join Date
    Jan 2014
    Posts
    57

    Certifications
    MCP | MCSA:Windows Server 2012 | MCSE:Windows Server 2012 R2 | CCENT | CCNA | VCP-NV
    #21
    I guess I (myself) must be a narrow minded fool. If i had that kind of experience, they couldnt pay ME enough to do that job..

    I would be asking for $175,000 a year at the minimum.. at that point they may as well hire 3 people and just pay them cheaply.
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Mar 2011
    Location
    Chicago
    Posts
    1,325

    Certifications
    CISSP-ISSAP, HCISPP GPEN, GSEC, GSNA, GCIH, E|CH, ECSA, Security+
    #22
    Sounds like my job a couple of years ago to be frank about it. Nothing wrong with the description at all other than some of the wording does appear to be boiler plated in from another source.

    As an engineer you should really have a decent idea as to how to write and run a script, sheesh. Sounds like a fairly small shop with intent to grow. Did you recognize the name of the company? Dignity? Know what they do? If not go check them out. Surprised no one bothered to say something. I can only imagine the company promotional posters around the office. Cherie!

    Would this be difficult to fill? Yes, thats why people like me have a phone and voicemail that's always full and I leave it that way on purpose. I am also overqualified for this position. But that isn't why they are, most likely, unable to fill this position. They probably want a very senior engineer type for a bargain basement price. Been pitched many a JD (Job Description) and sounded really fascinating only to find out they want to pay 50k less than what I currently make. Heard it all to often, thanks.

    So what if this isn't your dream security job. For the right person with a bunch of certs and no experience it could be there ticket to big bucks and bigger headaches. Chances are that is who will end up filling this position and why its been "hard to fill".

    - b/eads
    Reply With Quote Quote  

  24. Senior Member aftereffector's Avatar
    Join Date
    Dec 2013
    Location
    NC
    Posts
    512

    Certifications
    CISSP, CASP, CCNA R/S, CCNA Security, MCTS
    #23
    Looks like this one:

    IT Security Engineer III at Dignity Health (Phoenix, AZ)
    IT Security Engineer III - Active Directory Engineer Jobs in Phoenix, AZ - Dignity Health
    Reply With Quote Quote  

  25. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,662

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #24
    So you wouldn't learn a programming language and get a security certification for $175k a year? Looks like you got most of the other stuff they are asking.
    Reply With Quote Quote  

  26. Junior Member
    Join Date
    Sep 2012
    Posts
    3
    #25
    I wish there were positions like that around my area of the woods. Right up my alley. A security position here might open up once every 5 years.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks