Enterprise Vulnerability Assessment Program (EVAP)

Job Description

ECS is seeking an Enterprise Vulnerability Assessment Program (EVAP) to work in our Washington, DC office.

In support of a premier Law Enforcement agency, we are looking to expand our industry-leading, high-impact, Enterprise Vulnerability Assessment Program. The job will be to perform an unbiased comprehensive assessments that produces actionable security recommendations that are tailored to the assessed environment, to include vulnerability assessment and vulnerability management.

Salary Range: $150,000 - $190,000

General Description of Benefits

Required Skills

• Ability to conduct Vulnerability Assessments using industry tools - NESSUS, Tenable, etc. Experience with Tenable (Tenable.io or Tenable.sc) in an enterprise environment highly preferred.
• Experience in vulnerability management strategies, standards, procedures and technologies across infrastructure and application-level vulnerabilities.
• Experience scanning Windows, RHEL and Centos Operating Systems and troubleshooting scans, to include the ability to communicate with customers on a daily basis describing the results of scans.
• Experience scanning Virtual environments to include VMware vSphere infrastructures, Network devices, Databases (Oracle, MSSQL, MySql, Postgres), and websites web with tenable.sc
• Intermediate to advanced knowledge of the following platforms in an enterprise environment: Windows and RHEL, routing, switching, IDS, IPS, Firewalls.
• An understanding of mapping and scanning applications and systems, including port scanning, identifying services and configurations, application flow charting, and session analysis.

Desired Skills

• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Comprehensive knowledge in the one or more of the following areas: information security, network security, Windows security, UNIX/Linux security, and web application security.
• Demonstrated success and understanding of accepted frameworks such as, ISO/IEC 27001, COBIT, and NIST, including 800-53 rev 5 and the ATO process
• Research new trends, techniques, and packaging of malicious software to stay current and ready to identify and handle zero-day exploits.
• Provide technical solutions to a wide range of difficult problems
• Ability to manage time with minimal supervision
• Excellent communication skills, both written and verbal.
• Certifications:
  • MCSE (Microsoft Certified Solutions Expert), RHCSA (Red Hat Certified System Administrator), AWS CSAA (Certified Solutions Architect - Associate), CCSP (Certified Cloud Security Professional), Microsoft 365 Certified: Enterprise Administrator Expert, GIAC Public Cloud Security (GPCS), GIAC Cloud Penetration Tester (Google Cloud PlatformN), GIAC Cloud Security Essentials (GCLD), Certified Information Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), SANs GIAC certification ( e.g., GPEN or GW APT), and EC-Council Certified Ethical Hacker (CEH).

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.