Thursday, May 10, 2007

CISSP IT Security Auditor in Dallas, TX

A GoTechNow client is requesting an IT security audit. The main purpose of this audit is to simply identify their security weaknesses and to get advice on how to address each of them. We are looking for a local professional to handle this effort. Our client only has one location and the environment is small: A single domain LAN with connection to the Internet, and roughly 30 Windows XP Pro workstations, 5 Windows 2003 servers, and a development server running Red Hat Fedora 6.0. They are also running the Microsoft Dynamics 8.0 financial suite (formerly Great Plains) on one Windows servers with LAN access only. There are 5-6 web site applications running on a dedicated Linux host at Rackspace. The applications are architected on the LAMP stack. The main application is a custom-developed mission-critical application that allows our client to fulfill service contract claims. It has employee users and non-employee users located outside the corporate office. There are approximately 15 employee users, and several hundred non-employee users. They are also running OpenSource SugarCRM on this server. They share transaction files daily via FTP with some of their partners. These are formatted text files. The email is hosted on their server at Rackspace and self-administered using Plesk. The internal IT staff is 4 full-time IT professions: 2 web developers, a LAN and network administrator, and an IT director. When applying, include answers to the following: How long does a typical security audit for a company with this size and complexity take? How do you price your services? Which security certifications do you have? How many security audits have you done? Will you provide our client with a sample report on what our client would get at the end of the audit? What sort of things will you look at as part of the audit? Our client is moving towards the end of June. Should they wait to do the audit until after the move? Are you willing to provide us with customer references in Dallas? Experience: A Certified Information Systems Security Professional ( CISSP ) is required. You must have conducted security audits in the past and be capable of exposing any outside threat weaknesses, and the biggest inside threats and weaknesses. You MUST provide a sample of your past IT security audit reports for other customers, complete with customer references. To Apply to this job go to http://www.GadBall.com or click here