ASM Research is seeking highly motivated individuals with strong vulnerability scanning and analysis experience with Tenable Security Center. Candidate will architect and engineer vulnerability scanning solution for large enterprise environment. Candidate will works closely with team members to define security best practices, support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, operating systems, and platforms. Essential Duties and Responsibilities
- Develops security procedures and methods to ensure the safety of information systems.
* Engineers, implements and monitors security measures for the protection of computer systems, networks and information utilizing but not limited to DISA STIG. Documents and implements Standard Operating Procedures (SOPs).
* Assists in security engineering of web, database, system for Tenable network architecture .
* Defines, maintains, and enforces application security best practices. Identifies opportunities for process improvements and leads efforts implement.
* Conducts network vulnerability scanning utilizing Tenable Security Center/Nessus as needed and build reports.
* Writes comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
* Identifies additional application security related tools, conducts tool analysis, and provides recommendations on what tools will enhance security protocols.
* Interpret and apply Federal and DoD laws and regulations including but not limited to DoD directives, NIST and AR publications.
* Transition system security policies & documentation from DIACAP to RMF (NIST 800-53).
Knowledge, Skills, and Abilities
- Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
- 5-10 years of experience as an Application Security Developer, Application Security Analyst, or equivalent.
- Must have experience developing Nessus/ACAS scan policies, reading and developing vulnerability reports.
* Experience deploying Security Center and Nessus/ACAS Scanner
- Experience reviewing audit logs
* Have working experience and knowledge of Unix/Linux operating system.