Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
The Technical Security Assessment Engineer will be a key team member of a security assessment team that will conduct monthly on-site IT security assessments for a federal government client.
- Determining the technical scope for security assessments
- Performing network enumeration activities to identify systems, devices, and network services available on a network
- Conducting network and application vulnerability assessments
- Validating vulnerability assessment results and eliminating false positives
- Conduct web application security assessments
- Developing recommendations for security issues and vulnerabilities identified during assessments
- Communicating results to clients ranging from technical staff to executive management
- Developing tools to increase the level of automation for security assessment methodologies
- Provide ongoing subject matter expert support for clients
- 8 or more years experience in analyzing security controls and developing solutions to security problems
- 5 or more years experience working with NIST IT security guidance
- CISSP and/or CISA certification
- Excellent communications and oral presentation skills
- Experience in identification, exploitation, and remediation of system, network, and application vulnerabilities.
- Experience in performing vulnerability assessments using Nessus, Qualys, Foundscan, Appscan, Core Impact, NGS, nCircle, Fortify, Rapid7, nmap, metasploit, or other assessment tools
- Experience in validating vulnerability scanning results and false positives
- Experience in performing manual and/or automated security configuration reviews of network devices, servers, and workstations based on secure configuration checklists such as CIS, NSA, DSA, SANS, Microsoft, Cisco, etc.
- Experiece in performing network architecture assessments and sensitive data flow analysis
- Experience conducting NIST 800-53 security control assessments