IT Security Manager

San Mateo, CA
Sequoia Consulting Group – IT & Security
Full-time
The IT Security Manager will partner with our team to develop cutting edge processes and technology for protecting Sequoia’s information assets.  As we continue to strengthen the company’s security posture, you will focus on conceptualizing, planning, implementing and operationalizing IT security services and technologies for Sequoia globally, as well as testing the company’s systems and applications for security holes. The successful candidate will be based out of our San Mateo or San Francisco office and should demonstrate the desire and ability to learn and grow with our team.  

What You Get To Do

    • Use your deep technical expertise to test and probe all company networks, applications, systems and technologies 
    • Prioritize and fix vulnerabilities that arise from testing and probing 
    • Collaborate with Engineering and other teams to close security holes 
    • Conduct security-related events analysis and provide correlation and response support
    • Participate in IR exercises and incident investigations 
    • Manage and improve the Threat and Vulnerability Management (TVM) program and the remediation of vulnerabilities for web, mobile applications and infrastructure 
    • Set up a bug bounty program to help test and identify gaps 
    • Stay updated on security trends and emerging threats while understanding their impact on Sequoia 
    • Stay abreast of AWS services and security solutions, as well as other technologies and security tools 
    • Partner with the IT team to secure AWS, Azure and all corporate environments and services 

Qualifications

    • Bachelor’s degree required along with at least 5 years of relevant technical experience and at least one relevant certification (e.g., CISSP, CISA, CISM, CEH, GPEN, GXPN, GWAPT, GMOB, GCIH, OSCP, CEPT) 
    • Strong familiarity and experience with OWASP Top 10 and CWE/SANS Top 25 
    • Must be comfortable with systems operations and maintenance in an MS Windows environment (Active Directory, Office365), Unix/Linux/Ubuntu 
    • Knowledge of AWS services and eager to learn more about AWS security 
    • Expertise with tools such as Kali Linux, Metasploit Framework, Burp Suite, AppScan, WebInspect, static code scanners (Veracode, Fortify, SonarQube), Android Studio, qark, MobSF, Frida, Objection, ios-deploy, applesign, Charles Proxy, Pip3line, SublimeText 
    • Some web app, mobile app and other development experience using Java, JavaScript, React, Redux Saga, jQuery, HTML DOM, REST APIs, C, C++, C#, Spring Framework, PHP, Python, Perl, PowerShell, Bash 
    • Pen testing methodology, reverse engineering, vulnerability research and exploit development and ability to clearly write reports and explain findings and remediation 
    • Experience with digital forensics, debuggers, web proxies, web app scanners, network scanners and tools such as Nessus and nmap  
    • Strong networking knowledge of Internet firewalls, WAF, LAN, WAN, TCP/IP and VPN environments 
    • Excellent interpersonal skills are required along with the ability to build productive relationships in a collaborative and fast-paced environment 
    • Most importantly, live our Sequoia values day in and day out 
Sequoia’s Culture – Our most important asset:

Integrity
Passion for service
Innovative
Growth oriented
Caring for others
Promise-centric
Focused on relationship building

Compensation & Benefits

Sequoia provides competitive compensation including base salary, performance based bonus programs, and comprehensive benefits package including 401(k) matching.