Careers

At FDC Associates we focus solely on information security. We offer a variety of IT-GRC management services that cover the entire security life cycle. We are an established company in a growing market. Our security professionals are experienced, well-trained and have a comprehensive understanding of technology security issues. We are seeking mature, talented professionals of high integrity who have at least 10 years experience in technology auditing, network vulnerability reviews and compliance. You are motivated, innovative and willing to join a no-nonsense, high-performance team.

Application process: If you believe you meet the qualifications listed below and desire to join our expanding roster of associates, please send your resume with a cover letter outlining your qualifications and salary history to careers@fdcassociates.com.

Current Openings:

IT Auditor

The IT Auditor will conduct application controls and IT General Controls reviews for compliance with the Sarbanes Oxley Act, GLBA Privacy and HIPAA, Anti-Money Laundering, Bank Secrecy Act and Office of Foreign Asset Controls (OFAC). The Auditor will evaluate IT controls over infrastructure, network, applications and databases. This position requires an individual that is well acquainted with IT Corporate Governance and internal control assessment methodology. Strong verbal and written communication skills are a must, as are professional interpersonal skills. Board and Audit Committee presentations will be required of this position. A minimum of 10 year's experience in technology auditing and the CISA credential is required for this position.

The successful candidate will be highly-motivated, self-disciplined and able to work individually and in a team environment. The ideal candidate will have experience in several of the following areas:

• Developing IT Risk assessments
• Performing a GAP analysis between existing and required internal controls
• Developing network topology documents
• Creating IT test plans and documentation requirements
• Executing industry standard audit software such as GFI LAN Guard
• A strong working knowledge of Active Directory security, and best practices metrics for network security.

Security (CISA or CISSP) and Audit (CIA or CFE) certifications are required, as well as an understanding of IT security standards such as ISO/IEC 27001, COBIT, and DOD 5200.
Experience with Big Four at the Senior Manager level is desirable.

Security Engineer - Penetration Testing

The successful candidate will have at least 5 year's network vulnerability testing experience and 5+ years of technology security auditing and penetration testing experience. This position involves performing risk assessments, audits and penetration testing services for financial institutions, commercial and government clients.

The successful candidate will be highly-motivated, self-disciplined and able to work individually and in a team environment. The ideal candidate will have security experience in several of the following areas:

• Prior experience with vulnerability assessment and penetration methods, required
• Intimate knowledge of TCP/IP protocols and networking architectures, required
• Windows and Unix/Linux operating systems and security, required
• Programming language experience in C/C++, Java, Visual Basic, Perl, Python
• Knowledge of database, applications, and web server design and implementation
• Knowledge of open security testing standards and projects, such as OWASP and OSSTMM
• Experience with wireless LAN security (including 802.11 standards)
• Experience with firewall, VPN and intrusion detection/prevention systems, required
• Familiarity with the certification and accreditation (C&A) security evaluations process for government agencies, such as DITSCAP, NIACAP, and FISMA standards is desired.
• Working knowledge of DOD 5200 required for Government contracts.

Desired certifications include: CISSP, CISA, or SANS GIAC as well as an understanding of IT security standards such as ISO/IEC 27001, COBIT, and DOD 5200.