| Security Engineer / Security Auditor Job Description The Security Engineer/ Security Auditor will perform vulnerability security testing and reviews of web applications, databases, Operating System, commercial IT devices, Network Devices and production environments. Ensure that assessment activities effectively evaluate compliance of IT systems with the agency security policies and standards. Responsibilities Include: Conduct the full life cycle of technical vulnerability assessments including all aspects of IT security on both government and contractor sites Experience with web application vulnerability testing and quality assurance Experience with web development and web application implementation Web Application Penetration Tester Training Experienced in programming languages, including but not limited to Perl, PHP, C#, or .Net. Hands on experience in conducting vulnerability scans using tools such as: Nessus, Burp Suite, HP WebInspect, IBM AppScan, and AppDetective Provide oversight to engineering of new and current systems in Linux, Web Applications, Microsoft Infrastructure & active directory, MS SQL, Exchange 2003 & 2007. Analyze automated scan results, conduct interviews, perform physical security assessments, and analyze Cisco routers/switches/firewalls configuration files to create a vulnerability matrix that lists all valid findings mapped to the appropriate security requirements and include mitigation recommendations Develop audit reports to summarize the results of the audit for senior executives Travel about 25% of the time. Required Skills 5+ years experience with vulnerability assessments/scanning tools and networking Experience with both UNIX and Windows platform Experience analyzing network (Router/Switch/Firewall) configuration files, databases (Oracle, SQL) and web application security scanning Operational experience with automated vulnerability assessment tools including, but not limited to, ISS, Nessus, Nmap, Fluke Analyzer, WebInspect, AppDetective, NetStumbler or Hailstorm Must have knowledge of vulnerabilities of OS's, Web Applications, Databases etc. Must have knowledge of Web Application vulnerabilities scanning and testing in both manual and automated mode Must have knowledge of OS’s such as Linux, Windows Server 2003 & 2008, Sun Solaris Must be able to receive a security clearance Preferred: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Authorization Professional (CAP) Certified Ethical Hacker (CEH) or possess a similar security professional certification. Strong relevant experience and education can substitute for these certifications. Understanding C&A and FISMA processes Education: Bachelor of Science Degree |
