Location: Washington D.C.
Clearance: TS/SCI (DHS suitability preferred)
Serves as a Team Lead and Vulnerability Assessment Engineer for the Vulnerability Assessment Team on the Client’s Risk Management Framework (RMF) Team. Leads, guides and directs systems security analysis, vulnerability assessment/management, compliance audits, risk assessments, independent certification testing, security test and evaluation, and verifies the accuracy and completeness of the reports associated with each of those activities. Uses best of breed tools to assess the full scope of the vulnerability and compliance status of all classified IT systems.
An ideal candidate will have a strong knowledge and background in Blue/Red Team testing, Web Application, Vulnerability, and Compliance assessments. Penetration testing experience is a plus. This person will apply their knowledge and expertise to lead and develop a team of motivated technical Engineers providing Blue Team and Penetration testing capability at the client.
Applies broad information security knowledge relating to automation, networking and telecommunications, to plan and evaluate sufficiency of information security controls. Responsible for all reports and deliverables for the team. Continually looks for areas of improvement in order to increase the rigor of assessments.
Applies broad information security knowledge and extensive experience of information systems to provide technical support, advice, and guidance for preparation of information system plans, systems design plans, test plans, Statements of Work (SOWs), and specifications for major information systems.
- Leads the Vulnerability Assessment and Penetration Testing Team as part of the RMF Team.
- Interface with System Owners and System Administrators in order to coordinate and perform vulnerability and compliance testing on a wide range of classified IT systems.
- Provides technical security and administrative direction for personnel performing System Administration.
- Coordinates with the Program Manager to ensure Assessment and Authorization (A&A) process adheres to approved timelines.
- Assesses Security Controls, reviews documentation, prepares A&A packages, and makes recommendations, for approval of major/minor/support systems installations.
- Tracks Plan of Actions & Milestones to completion with System Administrators and Stakeholders.
- HS Diploma and a minimum of 9 years relevant experience
- Associate and a minimum of 7 years relevant experience
- Bachelor Degree and a minimum of 5 years relevant experience
- Master’s Degree and a minimum 3 years relevant experience
- PhD and at least 1 year relevant experience
- Experience performing Blue/Red Team assessments, preferably in a team lead capacity is a plus! Knowledge of the latest and greatest penetration testing hardware and software tools;
- Extensive experience in performing vulnerability assessments and compliance audits of computer systems, networks, applications, etc.;
- Experience using various security assessment tools to include: Nexpose, Nessus, Security Center/ACAS, WebInspect, AppDetective, Nmap, Metasploit, Burp Suite, SCAP Compliance Checker, STIGS, etc;
- Familiarity with ICD 503, 4300A/B/C, NIST 800-53 Rev3/Rev4, Risk Management Framework (RMF), Security Technical Implementation Guides (STIG’s), and other compliance guidelines.
- Attention to Detail - Is thorough when performing work and conscientious about attending to detail;
- Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately; and
- Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
- Require up to 25-30 percent travel
- Must be able to pass a government background investigation