Location: Falls Church, VA
This position will require a thorough understanding of how to assess vulnerabilities and accurately configure each of the security verification technologies and tools to generate scans and find potential vulnerabilities. Experience in security verification technologies to include a Deep Dive into the networks and packets (e.g., deep packet analysis; network vulnerability assessment) with resources skilled in a wide range of security verification technologies and skills:
- Security Tools (Application): AppScan; AppDetective; CobaltStrike; WedInspect;
- Knowledge of how websites are developed, deployed, and managed (understanding of Python.)
- Infrastructure Tools: Nessus; NMAP;Metasploit
- Network Infrastructure: Tivoli; Weblogic; Raptor Firewalls
- Intrusion Detection: Wireshark/Etheral; TCPDump/Windump; ArcSight
- Understanding of how the different Linux tools work. Perform analysis of Linux tools and report observations.
- PCI/DSS- ability to interpret the 3rd party scans to identify findings. PCI SSC ASV; StateScan; PCI Scout; Alert Logic ASV; AppSec Certified; AT&T Surescan; 1 STOP PCI Scan; Retina; Cipher PCI ASV; CloneGuard PCI; PCI Scan360
- Conduct security control assessments, perform testing, and prepare briefings of testing results
- Prepare security evaluation documents and provide guidance in support of Security Authorization
- Prepare remedial options and supervises correction of information security vulnerabilities
- Review information systems security plans and other documents for all applications
- Participate in technical meetings, conduct onsite observations, and prepare technical papers
- Conduct information system security analysis to determine appropriate security requirements during the design stage of an application
- Coordinate schedule on deployment of new systems and modifications of legacy systems
- Bachelor s degree in Engineering, Computer Science, Information Technology, or related field
- 4-5 years of IA or related experience. Experience may be substituted for a formal education.
- Understanding of IT security in NIST SP 800 series guidance to produce Security Authorization documentation for General Support Systems.
- Writing skills sufficient to develop and assimilate ideas and produce finished documents in the IT security environment.
- Ability to speak and understand security terminology, especially those related to Information Assurance.
- CISSP, GIAC, CEH, or other industry standard security certifications is a plus.
About SimonComputing, Inc.
We are dedicated to simplifying the process of building software. Agile has been an integral part of that approach since the day we started in August of 2002. Back then, we were into Extreme Programming and we received our first Scrum Master certificate in 2003.
With our approach, we specialize in developing technically challenging applications, and serve clients in the public and private sectors.
Employees receive a generous benefits package which includes:
- Competitive salaries
- Comprehensive medical, dental, and vision coverage
- Flexible Spending Accounts (FSA)
- Disability and life insurance
- 401(k) retirement plan
- Paid leave (holiday, sick and vacation)
- Employee referral bonuses
- 529 college savings plan
- Education reimbursements
TO APPLY: Send cover letter and resume to info
SimonComputing, Inc. is an Affirmative Action/Equal Opportunity Employer.