Security Tester
Dowless & Associates, Inc. - Herndon, VA

This job posting is no longer available on Dowless & Associates, Inc.. Find similar jobs: Security Tester jobs - Dowless & Associates jobs

Dowless & Associates, Inc. is looking for two Security Assessment Testers (SATs) to coordinate planning, scheduling, and testing of the Sponsor's projects in the Certification and Accreditation (C&A) process. The duties of this task include examining information systems to determine if vulnerabilities exist and, if they are found, what mitigating strategies can be applied. The end goal is to ensure the integrity of Sponsor systems by identifying and mitigating potential avenues of exploitation, including system level attacks and user level attacks.

General Duties:
· Review and make recommendations on program-level documentation (e.g. requirements specification, system architecture, design documents, test plans, security plans, etc.).
· Develop and document security evaluation test plan and procedures.
· Assist in researching, evaluating, and developing relevant Information Security policies and guidance.
· Actively participate in or lead technical exchange meetings and application review boards, documenting actions items/results of these events.
· Brief management, as needed, on the status of action items and/or results of activities.
· Clarify security requirements and recommend security countermeasures.
· Read and analyze SSPs and develop understanding of systems and applications into security test plans.
· Coordinate system testing with appropriate project personnel and other program elements conducting security testing.
· Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures.
· Perform network security analysis and risk management for designated corporate networks.
· Assess/calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing.
· Identify mitigating countermeasures to identified threats, vulnerabilities, and shortfalls.
· Develop, assemble, and submit C&A testing results reports that document testing activity and results to support the creation of C&A risk assessments and C&A approval packages.
· Identify needs for testing equipment and gaps in testing capabilities; conduct research on and evaluation of automated testing tools and provide summaries and reports to sponsor on the tool capabilities, in support of potential procurement by sponsor.
Specific Duties for the Security Assessment Tester:
· Prepare reports citing system vulnerabilities and suggested courses of action.
· Review the findings from the Information System Security Scans of corporate systems identifying vulnerabilities and system owners, while pursuing remediation of the vulnerabilities found.
· Track and monitor outstanding remediation efforts.
· Coordinate scanning activity with appropriate boards and system managers in the Sponsor's organization.
· Support scheduled system vulnerability scanning in support of FISMA data collection.
· Perform the above duties using vulnerability assessment tools such as Nessus, AppDetective, WebInspect, and SMS.
· TS/SCI with Polygraph required
· This position requires a Bachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline.
· Possession of either a ISC2 CISSP certification or SANS GSEC certification is required (if not already held, then within 6 months of starting on program).
· Requires 3-5 years experience in using automated Information Assurance test and risk assessment tools such as Nessus, AppDetective, WebInspect, and SMS.
· Possess an understanding of networks, network protocols, routers, and switches and how they interact with automated Information Assurance test tools.
· Possess broad knowledge of network architectures and network management tools.
· Possess strong technical skills and analytic abilities, as well as experience performing network security analysis and risk management.
· Demonstrated ability to perform complex technical tasks in pursuit of overall goals with minimal direction.
· Possess first rate written and oral communications skills.
· Possess the ability to translate an understanding of systems and applications into security test plans and perform hands on security testing.
· Possess knowledge of risk management methodologies.
· Demonstrated ability to analyze test results and suggest mitigations for security problems
· Possess a broad knowledge of Information Security policies and guidance such as DCID 6/3, ICD 503, and NIST 800-series, and how the C&A process relates to them.
· Possess knowledge of the Sponsor's standard project cycle.

About this company
Dowless & Associates provides Information and Cyber Security, IT Integration, Organizational Change Management and Integrated Training...