News 



Newsletter




We respect your privacy
Subscribe to Beyond SOF News posts by Email

OCTO Senior Application Security Assessment Engineer; Washington D.C.; $75.00/hr 1099

Work Location: OCTO – 200 I Street, SE Washington DC 20003

Submit Before: 4/20/2018

Contract through: 09/30/2018 plus extension
Candidate Pay Rate: $75.00/hr 1099 or comparable

 

As a member of the security team the Application Security Assessment Engineer is responsible for IT system and application vulnerability assessment using Security Assessment tools.

 

As a member of the security Team this role is responsible for IT system and application vulnerability assessment using Security Assessment tools.  This position is also responsible for continuous monitoring, routine scanning, on demand scanning as part of application or system deployment process.

The consultant should have demonstrated experience in assessing and recommending required security controls for enterprise applications. Consultant should be well-versed in conducting vulnerability and security assessments and penetration tests

 

Responsibilities/Duties:

  • Familiarity with OWASP and NIST standards for application and network assessments
  • Perform vulnerability assessments of all network systems including scanning and analysis of the target networks.
  • Perform security assessments of new and existing application by performing periodic scans.
  • Research platform specific disclosed vulnerabilities and analyze the impact to the enterprise
  • Working knowledge of Web Application firewalls is necessary
  • Have a strong understanding of the Ethical Hacker processes and procedures
  • Responsible for creating documentation on specific remediation steps to close vulnerabilities or mitigate risk to acceptable levels
  • Strong Knowledge and ability to operate vulnerability assessment and application assessment tools (e.g. Nexpose, Appspider, Qualys, Tenable)
  • Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus/malware protection technologies — behavioral based a plus).
  • Knowledge of LAN/WAN design and general internetworking technologies. Hands-on experience a plus.
  • Knowledge of Windows and Unix operating systems. Hands-on experience a plus.
  • Manage and maintain assessment platforms.
  • Knowledge of open source packages such as Kali Linux or Metasploit

 

Specific Skills

 

Specific knowledge, skills, and abilities required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:

  • 5+ years of Information Security experience
  • 3-5 years demonstrated operational implementation and use of Nexpose, Nessus, Qualys or similar scanning tools.
  • 3-5 years demonstrated operational implementation and use of Application security assessment tools e.g. Appspider, Trustwave, Fortify, Qualys or similar scanning tools.
  • Demonstrated understanding of patch management tools for Windows and Unix environments.
  • Demonstrated understanding of software development lifecycle and secure coding techniques.
  • Scripting knowledge is a plus (e.g. python, shell scripting, Java script)
  • Able to explain Application vulnerabilities to programmers and application owners

 

Education/Certification

 

 

  • B.A. or B.S. degree in Computer Science
  • Security+ Certification, CEH or other security certifications desired.
  • Basic programming experience is a plus
  • Tool specific certification (Rapid7, Nessus, Fortify, WSUS, BF, SCCM, Heat, Satellite) desired.

 

CONTRACT LABOR CATEGORY DESCRIPTION————————————————————————————–

 

Complete Description

Responsibilities:

  1. Determines enterprise information assurance and security standards.
  2. Develops and implements information assurance/security standards and procedures.
  3. Coordinates, develops, and evaluates security programs for an organization. Recommends information assurance/security solutions to support customers’ requirements.
  4. Identifies, reports, and resolves security violations.
  5. Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
  6. Supports customers at the highest levels in the development and implementation of doctrine and policies.
  7. Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
  8. Performs analysis, design, and development of security features for system architectures.
  9. Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers.
  10. Designs, develops, engineers, and implements solutions that meet security requirements.
  11. Provides integration and implementation of the computer system security solution.
  12. Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
  13. Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
  14. Ensures that all information systems are functional and secure.

 

Minimum Education/Certification Requirements:

Bachelor’s degree in Information Technology or related field or equivalent experience

 

  Skill Required / Desired Amount of Experience
11-15 years of technical experience in the IT System Management Required 11 Years  

 

5-8 years demonstrated operational implementation and use of Rapid7, Nessus, or similar Network Scanning tools. Required 5 Years
5-8 years demonstrated operational implementation and use of Fortify and ParaSoft static code analysis tools. Required 5 Years

 

5 years of experience in enterprise vulnerability management program. Required 5 Years
Scripting knowledge required (e.g. python, shell scripting, Java script) Required 5 Years

 

Demonstrated understanding of software development lifecycle and secure coding techniques. Required 3 Years
8+ years of Information Security experience. Required 8 Years

 

B.A. or B.S. degree in Computer Science, Information Systems or 6 years of equivalent experience in a related field. Highly desired    
Industry Specific (Security+, CEH, CISSP) or tool specific certification (Rapid7, Nessus, Fortify, WSUS, BF, SCCM, Heat, Satellite) desired Highly desired 11 Years

 

11-15 yrs developing, maintaining, and recommending enhancements to IS policies/requirements Not Required 11 Years
11-15 yrs performing vulnerability/risk analyses of computer systems/apps Not Required 11 Years

 

11-15 yrs identifying, reporting, and resolving security violations Not Required 11 Years

Post a Comment

You must be to post a comment.