Information Security Consultant

Hello

Hope you are safe and well.

If you’re interested, please give me a call back on 15106814444 EXT: 237 or you can reply to me back with your resume on kritika.sharma@infostride.com

Title: InfoSec Consultant

Location: Remote PST time zone

Hours: 20 hours / week, part-time

LOA: 3 months+

client needs an InfoSec Consultant with the technical know-how to implement the tools and automation that their internal GRC auditor has already identified as required.

They are looking for a InfoSec Engineer to help them with their SOC 2 Type 2 evidence period which starts on June 1st and runs through the end of the summer. They had a consultant helping them with this on a part-time basis, but he recently accepted an FTE role, so they need a consultant to help them out.

They would like a consultant with a little bit of experience in SOC2 Type 2 (preferably one cycle)

AWS experience, they are an AWS shop, they are using IDP, DLP, Vulnerability Scanning

Someone with knowledge of DLP, IDP IDS, Jira, they have no DataCenter, no Firewall.

They are a small company, about 20 employees.

They got there SOC 2 Type 1 certification in December

There current consultant was helping them with automation setup, monitoring, JIRA, and helping drive review sessions

Anetac cleaned up their work backlog for this fractional IT/Infosec Engineer. Below is what we need delivered in the next few months:

Implement SSO across the company (20 people + 15 applications) using Azure EntraID & build a detailed runbook – we need someone who has done this before – very little knowledge in-house.

Tune Cyberhaven DLP, clean up logging & alerting – I have PS hours I can use to help ramp.

QA our SOC 2 logging infrastructure, validate proper monitoring and alerting – PROD, S3 buckets (both in AWS).

QA our SOC 2 FIM and IDP/IDS implementation.

Test our back-up & restore process for PROD.

Get Secureframe tests to pass, if possible

Run our DR BCP tabletop test and document results.

Manage our Risk Register and run our semi-monthly evidence review meetings.

Provide InfoSec expertise and input as we work on our SOC 2 Type 2 audit.

Automate what they implement so they can easily track and manage changes once the initial implementation is complete. They want to avoid having to manually configure things as much as possible. They would prefer someone with Terraform or Ansible experience, but would be fine also with Shell, or Python, etc.

The Main Skills profile would be:

Some Security Compliance experience with SOC2 Type2 audits.

Experience implementing MS Azure EntraID for SSO.

Experience implementing Security tools like Cyberhaven (DLP), IDP/IDS, Secureframe.

Some programming experience with Terraform or Ansible or Shell or similar to automate the tracking and managing of changes once the initial implementation is complete.