Job Description

Reference # : 17-05756Title : Application Security /Security Engineer Sr.
Location : Herndon, VA
Position Type : Contract
Experience Level : Start Date / End Date : 06/12/2017 / 12/31/2017
Description

Security Certification (CISSP, CISA, CISM, Security+ or similar)
Task Description:

Security Engineer with 5+ years of hands-on IT experience specializing in security vulnerability management with understanding of web application technologies, security architecture, and NIST 800-53. Must understand application security to include mitigating threats (i.e. Denial of Service, Brute Force, Buffer Overflows, Input Validation, etc.).

Support technical team with code review in relation to application service pack releases. Participate in requirements reviews, environments compliance support to ensure security best practices are included in the builds. Participate in architecture reviews, change control board reviews, and assist with validation of CCB approved changes.

Perform application vulnerability assessments, security control validations, and document and track findings to closure. Analyze application vulnerability findings and POA&Ms to provide recommendations and assist with implementation of changes. Review system logs to validate remediation fixes and perform incident response investigations.

Duties: (Add Percentage of time spent on each duty)

? Perform analysis for application and web specific vulnerability scan results (Nessus, Appdetective, webinspect, Appscan) 30%

? Coordinates with Technical Team Leads and Security Administrators for remediation plans 10%

? Provide guidance on and oversee secure application coding practices conducted by other technical teams 20%

? Support technical team with code review in relation to application service pack releases - Participate in requirements reviews, meetings support, environments compliance support, ensuring POA&Ms are included in the builds when needed 20%

? Execute external attack and penetration testing, Red team exercises (CoreImpact, Kali Linux) 10%

? Validation of software inventory 5%

? Provide Architectural Review Board (ARB) Support for applications 5%

REQUIRED SKILLS:

General knowledge of basic office software such as MS Office Suite as well as good communications skills are a given.

1. POA&M remediation experience for Web, Application, and Database (Apache, Oracle, and PostgreSQL)

2. Access Control Management

3. Red Hat Enterprise Linux

4. Understanding and experience with OWASP Top 10

5. Experience with log collection and analysis

6. Enterprise level java based system integration

7. Understanding and experience with TCP/IP, networking, and DNS, SMTP, and HTTPS

Security Certification (CISSP, CISA, CISM, Security+ or similar)

NICE TO HAVE SKILLS

? Hands on experience with AWS Cloud Platforms and products

? Open Source security tools

? Experience working with Teable Nessus, McAfee Security Scanner for Databases, Webinspect, Core Impact or similar

? Experience with search engines (i.e Elastic search), database systems (Oracle and PostgreSQL)

? Industry Static content experience (Alfresco, Solr or similar)


Task Description:
Security Engineer with 5+ years of hands-on IT experience specializing in security vulnerability management with understanding of web application technologies, security architecture, and NIST 800-53. Must understand application security to include mitigating threats (i.e. Denial of Service, Brute Force, Buffer Overflows, Input Validation, etc.).
Support technical team with code review in relation to application service pack releases. Participate in requirements reviews, environments compliance support to ensure security best practices are included in the builds. Participate in architecture reviews, change control board reviews, and assist with validation of CCB approved changes.
Perform application vulnerability assessments, security control validations, and document and track findings to closure. Analyze application vulnerability findings and POA&Ms to provide recommendations and assist with implementation of changes. Review system logs to validate remediation fixes and perform incident response investigations.
Duties: (Add Percentage of time spent on each duty)
? Perform analysis for application and web specific vulnerability scan results (Nessus, Appdetective, webinspect, Appscan) 30%
? Coordinates with Technical Team Leads and Security Administrators for remediation plans 10%
? Provide guidance on and oversee secure application coding practices conducted by other technical teams 20%
? Support technical team with code review in relation to application service pack releases - Participate in requirements reviews, meetings support, environments compliance support, ensuring POA&Ms are included in the builds when needed 20%
? Execute external attack and penetration testing, Red team exercises (CoreImpact, Kali Linux) 10%
? Validation of software inventory 5%
? Provide Architectural Review Board (ARB) Support for applications 5%
REQUIRED SKILLS:
General knowledge of basic office software such as MS Office Suite as well as good communications skills are a given.
1. POA&M remediation experience for Web, Application, and Database (Apache, Oracle, and PostgreSQL)
2. Access Control Management
3. Red Hat Enterprise Linux
4. Understanding and experience with OWASP Top 10
5. Experience with log collection and analysis
6. Enterprise level java based system integration
7. Understanding and experience with TCP/IP, networking, and DNS, SMTP, and HTTPS
Security Certification (CISSP, CISA, CISM, Security+ or similar)
NICE TO HAVE SKILLS
? Hands on experience with AWS Cloud Platforms and products
? Open Source security tools
? Experience working with Teable Nessus, McAfee Security Scanner for Databases, Webinspect, Core Impact or similar
? Experience with search engines (i.e Elastic search), database systems (Oracle and PostgreSQL)
? Industry Static content experience (Alfresco, Solr or similar)

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online