Management

Associates

Professional Associations and Certifications

Quick Reference of Useful Sites

Careers

Information Request

Contact Us


Careers

At FDC Associates we focus solely on information security. We offer a variety of IT-GRC management services that cover the entire security life cycle. We are an established company in a growing market. Our security professionals are experienced, well-trained and have a comprehensive understanding of technology security issues. We are seeking mature, talented professionals of high integrity who have at least 10 years experience in technology auditing, network vulnerability reviews and compliance. You are motivated, innovative and willing to join a no-nonsense, high-performance team.

Application process: If you believe you meet the qualifications listed below and desire to join our expanding roster of associates, please send your resume with a cover letter outlining your qualifications and salary history to careers@fdcassociates.com.

Current Openings:


IT Auditor

The IT Auditor will conduct application controls and IT General Controls reviews for compliance with the Sarbanes Oxley Act, GLBA Privacy and HIPAA, Anti-Money Laundering, Bank Secrecy Act and Office of Foreign Asset Controls (OFAC). The Auditor will evaluate IT controls over infrastructure, network, applications and databases. This position requires an individual that is well acquainted with IT Corporate Governance and internal control assessment methodology. Strong verbal and written communication skills are a must, as are professional interpersonal skills. Board and Audit Committee presentations will be required of this position. A minimum of 10 year's experience in technology auditing and the CISA credential is required for this position.

The successful candidate will be highly-motivated, self-disciplined and able to work individually and in a team environment. The ideal candidate will have experience in several of the following areas:
Developing IT Risk assessments
Performing a GAP analysis between existing and required internal controls
Developing network topology documents
Creating IT test plans and documentation requirements
Executing industry standard audit software such as GFI LAN Guard
A strong working knowledge of Active Directory security, and best practices metrics for network security.
Security (CISA or CISSP) and Audit (CIA or CFE) certifications are required, as well as an understanding of IT security standards such as ISO/IEC 27001, COBIT, and DOD 5200.
Experience with Big Four at the Senior Manager level is desirable.



Security Engineer - Penetration Testing

The successful candidate will have at least 5 year's network vulnerability testing experience and 5+ years of technology security auditing and penetration testing experience. This position involves performing risk assessments, audits and penetration testing services for financial institutions, commercial and government clients.

The successful candidate will be highly-motivated, self-disciplined and able to work individually and in a team environment. The ideal candidate will have security experience in several of the following areas:
Prior experience with vulnerability assessment and penetration methods, required
Intimate knowledge of TCP/IP protocols and networking architectures, required
Windows and Unix/Linux operating systems and security, required
Programming language experience in C/C++, Java, Visual Basic, Perl, Python
Knowledge of database, applications, and web server design and implementation
Knowledge of open security testing standards and projects, such as OWASP and OSSTMM
Experience with wireless LAN security (including 802.11 standards)
Experience with firewall, VPN and intrusion detection/prevention systems, required
Familiarity with the certification and accreditation (C&A) security evaluations process for government agencies, such as DITSCAP, NIACAP, and FISMA standards is desired.
Working knowledge of DOD 5200 required for Government contracts.
Desired certifications include: CISSP, CISA, or SANS GIAC as well as an understanding of IT security standards such as ISO/IEC 27001, COBIT, and DOD 5200.