- Develops security procedures and methods to ensure the safety of information systems.
- Engineers, implements and monitors security measures for the protection of computer systems, networks and information utilizing but not limited to DISA STIG. Documents and implements Standard Operating Procedures (SOPs).
- Assists in security engineering of web, database, system and network architecture. Defines, maintains, and enforces application security best practices. Identifies opportunities for process improvements and leads efforts implement.
- Conducts network vulnerability scanning utilizing Nessus/ACAS as needed and report on IAVM, Pentagon SAR, ARCYBER OPORD and TASKORDS.
- Writes comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
- Identifies additional application security related tools, conducts tool analysis, and provides recommendations on what tools will enhance security protocols.
- Interpret and apply Federal and DoD laws and regulations including but not limited to DoD directives, NIST and AR publications.
- Transition system security policies & documentation from DIACAP to RMF (NIST 800-53).
Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
Active Secret Clearance
Relevant Work Experience:
5-10 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.
Other Job Specific Skills
- Certifications/Licensures: TCNA, Security +, CAP, CASP, CISSP desired
- Must have experience developing Nessus/ACAS scan policies, reading and developing vulnerability reports.
- Experience deploying Security Center and Nessus/ACAS scanner.
- An Understanding of FEDRAMP and system cloud migration requirements.
- Knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
- Understand encryption, hashing, secure random number generation, key derivation, digital signatures, etc.
- Advanced knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols.
- Experience reviewing audit logs utilizing Graylog
- Have working experience and knowledge of Unix/Linux operating system. Experience utilizing HBSS MacAfee ePolicy Orchestrator