Technical Security Assessment Engineer
Knowledge Consulting Group - Reston, VA

This job posting is no longer available on Knowledge Consulting Group. Find similar jobs: Technical Security Assessment Engineer jobs - Knowledge Consulting Group jobs

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.

The Technical Security Assessment Engineer will be a key team member of a security assessment team that will conduct monthly on-site IT security assessments for a federal government client.
  • Determining the technical scope for security assessments
  • Performing network enumeration activities to identify systems, devices, and network services available on a network
  • Conducting network and application vulnerability assessments
  • Validating vulnerability assessment results and eliminating false positives
  • Conduct web application security assessments
  • Developing recommendations for security issues and vulnerabilities identified during assessments
  • Communicating results to clients ranging from technical staff to executive management
  • Developing tools to increase the level of automation for security assessment methodologies
  • Provide ongoing subject matter expert support for clients
  • 8 or more years experience in analyzing security controls and developing solutions to security problems
  • 5 or more years experience working with NIST IT security guidance
  • CISSP and/or CISA certification
  • Excellent communications and oral presentation skills
  • Experience in identification, exploitation, and remediation of system, network, and application vulnerabilities.
  • Experience in performing vulnerability assessments using Nessus, Qualys, Foundscan, Appscan, Core Impact, NGS, nCircle, Fortify, Rapid7, nmap, metasploit, or other assessment tools
  • Experience in validating vulnerability scanning results and false positives
  • Experience in performing manual and/or automated security configuration reviews of network devices, servers, and workstations based on secure configuration checklists such as CIS, NSA, DSA, SANS, Microsoft, Cisco, etc.
  • Experiece in performing network architecture assessments and sensitive data flow analysis
  • Experience conducting NIST 800-53 security control assessments

About this company
4 reviews