TISTA Science and Technology Corporation, a CMMI Maturity Level 3 company, focuses on delivering information technology and professional services to Federal and State agencies. TISTA is recognized in 2019 by Inc. 5000 as one of the fastest growing private companies in the US. TISTA is also a recipient of 2019 Top Veteran-Owned Companies by the Washington Business Journal. TISTA also received a 2018 Moxie Award in the GovCon category.
Here at TISTA Science and Technology we value our Veterans and encourage all to apply!
The IT Security Tester is responsible for conducting vulnerability, security control, application, and code assessments. The tester will also be responsible for the review and analysis of scan results, vulnerabilities and risks and providing mitigations and recommendations. Required to continuously update technologies and tools used and recommend new tools. The tester will also be responsible for the research of vulnerabilities and new threats in order to keep the client updated with the latest threats. Analyzation and updating of documentation such as configuration guides, security policies, SOP s, harden guides (secure configuration baselines) and processes is required, along with the development of assessment and audit reports.
Conduct vulnerability testing and security assessments within the client s environment as captured in the client s Technical Reference Model or according to best practices.
Conducts Vulnerability/Security Assessments and Audits to include:
o Software code analysis
o Database security testing
o Web Applications
o IT and Desktop Applications
o Operating Systems
o Automated vulnerability scanning
o Security control testing (Security Control Assessments) utilizing NIST SP 800-53a
o Independent Verification and Validation
Performs cybersecurity tool and systems analysis, along with system and network administration in support of the organizations IT Security tools and technologies
Perform manual testing of systems and implementation of security controls.
Assist with the research and planning of new IT Security technologies through the SDLC.
Experience with a depth and breadth of IT Security tools and technologies, examples of technologies used are as follows:
o Qualys / Fortify / CoreInsight / CoreImpact / RSA Archer / Tenable Security Center / Netronome / Application Security AppDetective
Update and develop appropriate documentation.
3-5 years experience in working experience in IT Security, preferably with conducting vulnerability, security control and application security testing (source code review and application testing).
Experience with vulnerability scanning tools and technologies.
Working knowledge of Security principles, techniques, technologies and procedures.
Good understanding of network protocols, design and operations.
Strong analytical skills and efficient problem solving.
Working technical knowledge of network and host-based intrusion detection and prevention systems.
A strong understanding of the vulnerabilities associated with network and application protocols and vulnerabilities effecting the Microsoft Windows operating system.
Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities.
Experience with NIST Special Publications and guidance.
Self-motivated, and able to work and communicate in a team environment.
Excellent communication (written and verbal) skills
Bachelor s degree or higher in Computer Science, Information Technology, Information Security, or similar fields.
A minimum of at least one (1) certification must be active relating to information security such as:
o Certified Information Systems Security Professional (CISSP);
o GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
o CompTIA Security +
Ability to obtain a Public Trust
TISTA is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.