The #1 Site for IT and Engineering Jobs - search all IT and Engineering  jobs.
I2s3sh6sxw5vkqlkyc8

Software Vulnerability SME - Must have Top Secret Clearance

Job Description


Software Vulnerability SME
 
Security Clearance required: Top Secret
US Citizenship Required
Location: Seaside, CA
 
Project Summary: This position will be responsible for supporting the operation and maintenance of a cybersecurity operations center (CSOC). Including but not limited to: maintaining the security posture of information systems from its conception to retirement through the integration of Information Systems Security and sound information assurance practices, facilitate use of Cybersecurity technical information in the design, development, testing, evaluation, operations, and maintenance of information technology for the customer's systems, implement Real-time Threat Detection and Mitigation Toolsets, provide proactive cybersecurity threat hunting and penetration testing teams searching the network for gaps and or/signs of attackers before a compromise turns into a full breach, and to resolve incidents and problems and ensure the delivery of high-quality services delivered as rapidly and effectively as possible.
 
Position Responsibilities:
  • Participate as system security and cyber subject matter expert in support of engineering design teams and functional interoperability assessments.
  • Support the cybersecurity architecture by providing active and engaged solutions to IT teams relative to security design and review processes. Ensure the effective operations of existing and future Cybersecurity IT.
Central Application Vulnerability Management:
  • Provide CAVM key performance metrics and reports, alert immediately on any outages
  • Add newly released vendor updates such as security rule packs
  • Scan all applications at least once a year and provide support for all on demand scanning for over 1,000 + applications. Troubleshoot unsuccessful scans with IT teams and developers, create the required tickets and change orders.
  • Monitor artifact audit files to validate scans are running without errors. Troubleshoot and resolve any errors associated with the scans.
  • Manage which Log Correlation Engines each organization has access to and what repositories the LCE will correlate against.
  • Manage external data feeds (Dynamic Application Security Testing, Static Application Security Testing, Open Source Vulnerability Scanner, etc.) Security Center is integrated to.
  • Provide a weekly 15-day and 30-day scanning vulnerability report for the enterprise that outlines the number of outstanding findings and guidance on scanning results.
  • Follow the Cyber-hardening Scanning process and provide results to the requestor.
  • Track the findings and scanning for each application submitted for pre-production; report to the Application Security Officer if the process is not being adhered to.
  • Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization's needs.
  • Understand the DevSecOps process and provide support for the integration process.
Static Application Security Testing (SAST):
  • Provide SAST product suite installation, configuration and tuning.
  • Facilitate and assist with the installation of any accounts, plugins, and software require by the developers.
  • Integration of SAST with software security center.
  • Use SAST to produce base-line scans for all applications
  • Communicate technical application security concepts to customer staff including developers, architects, and managers.
  • Customize the implementation of SAST and CAVM in production and test environments.
  • Collaborate with Product owner, developers and Engineers to enhance the SAST.
Dynamic Application Security Testing (DAST):
  • Provide DAST product suite installation, configuration and tuning.
  • Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization's needs.
Open-Source Library Vulnerability Scanner:
  • Add applications as requested and track changes in the ticketing system.
  • Perform scans as requested and provide results to the requestor.
  • Ensure that all applications are being scanned prior to release to production. Ensure that policies failing application build are working properly when applications are not meeting policy or are non-compliant with organization's security policy.
  • Work with Solution Engineers, developers, and DTL team in order to implement block/divest policy.
  • Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization's needs
  • Understand the DevSecOps process and provide support for the integration process.
  • Understand and apply new policies released by vendor.
  • Manage and evaluate policy violations.
 
Essential Skills, Experience, and Certifications:
  • US Citizenship is a requirement of this position in accordance with 8 U.S.C. § 1324b(a)(2)(C)
  • 5+ years of experience as an application developer
  • 3+ years of experience with management and operations of Static, Dynamic, open-source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.
  • Experience managing and integrating SAST, DAST, OAST, IAST, and RAST with Central Application Vulnerability Management (CAVM) Solution.
  • Must have an active DOD 8570 IAT III Certification (CASP+CE, CISSP, CISA, CCNP Security, GCED, GCIH)
  • Must have Computing Environment (CE) certification(s) relating to the environment or specific tools pertinent this position 
     
Physical Demands and Work Environment:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  • Physical Demands: While performing the duties of this job, this position requires the ability to sit for potentially long periods of time throughout the workday. Hearing sufficient to understand conversations, both in person and on the telephone. Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components for potentially long periods of time without experiencing abnormal hand, wrist, or eye strain. Occasional inspection of cables in floors and ceilings. Lifting and transporting moderately heavy objects, such as computers and peripherals. Must be able to lift up to 50 pounds.
  • Work Environment: Includes a typical office environment, with minimal exposure to excessive noise or adverse environmental issues, including exposure to heat, cold, inclement weather conditions, and occasional environmental hazards. Local, regional, and national travel may be required.
 
Epsilon Benefits:
Medical, Dental, Vision Plan
AD&D and Life Insurance
Paid Federal Holidays
Paid Time Off
401(k) Retirement Plan
Education reimbursement
Referral Bonuses
 

Epsilon is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. EEO/AA: Minorities/Females/Disabled/Vets.
 
Please click here to review your rights under EEO policy.
 
If you are an individual with a disability and need special assistance or reasonable accommodation in applying for employment with Epsilon, Inc., please contact our Recruiting department by phone 828-398-5414 or by email careers@epsilon-inc.com.

Job Requirements

 

Job Snapshot

Location US-CA-Seaside
Employment Type Full-Time
Pay Type Year
Pay Rate N/A
Store Type IT & Technical
Apply

Company Overview

Epsilon, Inc.

Working at Epsilon: Epsilon’s core values of Consideration, Simplicity, and Improvement are the pillars of who we are and how our team members operate. Whether you are working at our headquarters in Weaverville, NC or on a Government site across the nation, we treat each other with respect and consideration, value the ideas and ingenuity of our team members and appreciate each other’s work style. Our team members build bridges across departments, think beyond the status quo, and develop creative solutions. Learn More

Contact Information

US-CA-Seaside
Snapshot
Epsilon, Inc.
Company:
US-CA-Seaside
Location:
Full-Time
Employment Type:
Year
Pay Type:
N/A
Pay Rate:
IT & Technical
Store Type:

Job Description


Software Vulnerability SME
 
Security Clearance required: Top Secret
US Citizenship Required
Location: Seaside, CA
 
Project Summary: This position will be responsible for supporting the operation and maintenance of a cybersecurity operations center (CSOC). Including but not limited to: maintaining the security posture of information systems from its conception to retirement through the integration of Information Systems Security and sound information assurance practices, facilitate use of Cybersecurity technical information in the design, development, testing, evaluation, operations, and maintenance of information technology for the customer's systems, implement Real-time Threat Detection and Mitigation Toolsets, provide proactive cybersecurity threat hunting and penetration testing teams searching the network for gaps and or/signs of attackers before a compromise turns into a full breach, and to resolve incidents and problems and ensure the delivery of high-quality services delivered as rapidly and effectively as possible.
 
Position Responsibilities:
  • Participate as system security and cyber subject matter expert in support of engineering design teams and functional interoperability assessments.
  • Support the cybersecurity architecture by providing active and engaged solutions to IT teams relative to security design and review processes. Ensure the effective operations of existing and future Cybersecurity IT.
Central Application Vulnerability Management:
  • Provide CAVM key performance metrics and reports, alert immediately on any outages
  • Add newly released vendor updates such as security rule packs
  • Scan all applications at least once a year and provide support for all on demand scanning for over 1,000 + applications. Troubleshoot unsuccessful scans with IT teams and developers, create the required tickets and change orders.
  • Monitor artifact audit files to validate scans are running without errors. Troubleshoot and resolve any errors associated with the scans.
  • Manage which Log Correlation Engines each organization has access to and what repositories the LCE will correlate against.
  • Manage external data feeds (Dynamic Application Security Testing, Static Application Security Testing, Open Source Vulnerability Scanner, etc.) Security Center is integrated to.
  • Provide a weekly 15-day and 30-day scanning vulnerability report for the enterprise that outlines the number of outstanding findings and guidance on scanning results.
  • Follow the Cyber-hardening Scanning process and provide results to the requestor.
  • Track the findings and scanning for each application submitted for pre-production; report to the Application Security Officer if the process is not being adhered to.
  • Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization's needs.
  • Understand the DevSecOps process and provide support for the integration process.
Static Application Security Testing (SAST):
  • Provide SAST product suite installation, configuration and tuning.
  • Facilitate and assist with the installation of any accounts, plugins, and software require by the developers.
  • Integration of SAST with software security center.
  • Use SAST to produce base-line scans for all applications
  • Communicate technical application security concepts to customer staff including developers, architects, and managers.
  • Customize the implementation of SAST and CAVM in production and test environments.
  • Collaborate with Product owner, developers and Engineers to enhance the SAST.
Dynamic Application Security Testing (DAST):
  • Provide DAST product suite installation, configuration and tuning.
  • Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization's needs.
Open-Source Library Vulnerability Scanner:
  • Add applications as requested and track changes in the ticketing system.
  • Perform scans as requested and provide results to the requestor.
  • Ensure that all applications are being scanned prior to release to production. Ensure that policies failing application build are working properly when applications are not meeting policy or are non-compliant with organization's security policy.
  • Work with Solution Engineers, developers, and DTL team in order to implement block/divest policy.
  • Implement any necessary REST APIs in order to provide access to core features for custom implementations as require in order to meet organization's needs
  • Understand the DevSecOps process and provide support for the integration process.
  • Understand and apply new policies released by vendor.
  • Manage and evaluate policy violations.
 
Essential Skills, Experience, and Certifications:
  • US Citizenship is a requirement of this position in accordance with 8 U.S.C. § 1324b(a)(2)(C)
  • 5+ years of experience as an application developer
  • 3+ years of experience with management and operations of Static, Dynamic, open-source, and web vulnerability scanning; and/or manual review of source code for vulnerabilities.
  • Experience managing and integrating SAST, DAST, OAST, IAST, and RAST with Central Application Vulnerability Management (CAVM) Solution.
  • Must have an active DOD 8570 IAT III Certification (CASP+CE, CISSP, CISA, CCNP Security, GCED, GCIH)
  • Must have Computing Environment (CE) certification(s) relating to the environment or specific tools pertinent this position 
     
Physical Demands and Work Environment:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  • Physical Demands: While performing the duties of this job, this position requires the ability to sit for potentially long periods of time throughout the workday. Hearing sufficient to understand conversations, both in person and on the telephone. Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components for potentially long periods of time without experiencing abnormal hand, wrist, or eye strain. Occasional inspection of cables in floors and ceilings. Lifting and transporting moderately heavy objects, such as computers and peripherals. Must be able to lift up to 50 pounds.
  • Work Environment: Includes a typical office environment, with minimal exposure to excessive noise or adverse environmental issues, including exposure to heat, cold, inclement weather conditions, and occasional environmental hazards. Local, regional, and national travel may be required.
 
Epsilon Benefits:
Medical, Dental, Vision Plan
AD&D and Life Insurance
Paid Federal Holidays
Paid Time Off
401(k) Retirement Plan
Education reimbursement
Referral Bonuses
 

Epsilon is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applications will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. EEO/AA: Minorities/Females/Disabled/Vets.
 
Please click here to review your rights under EEO policy.
 
If you are an individual with a disability and need special assistance or reasonable accommodation in applying for employment with Epsilon, Inc., please contact our Recruiting department by phone 828-398-5414 or by email careers@epsilon-inc.com.

Job Requirements

 
Sologig Advice

For your privacy and protection, when applying to a job online: Never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.Learn More

By applying to a job using sologig.com you are agreeing to comply with and be subject to the workinretail.com Terms and Conditions for use of our website. To use our website, you must agree with theTerms & Conditionsand both meet and comply with their provisions.
Software Vulnerability SME - Must have Top Secret Clearance Apply now