Founded in 2001, Blue Canopy is an award-winning provider of business solutions in the public and commercial sectors. We're focused on delivering outcomes that matter by combining the best use of technology, process improvement, and the system of governance. Our Mission is to serve our clients and help them achieve success by combing governance, industry experience, and information technology excellence.
At Blue Canopy, innovation, collaboration, and teamwork are the driving force behind our success. We are committed to hiring, retaining, and developing best-in-class professionals because we recognize that our team is what differentiates us in the marketplace as an industry-leader. We are driven by excellence, committed to integrity, and inspired to achieve limitless possibilities.
Blue Canopy is currently seeking a Full-Time Mid SCA (IV&V) Engineer to provide Onsite and Offsite support in Washington, DC/Reston, VA; 10% - 15% travel required.
The individual will lead and assist with security testing and security advisory activities for federal applications and general support systems to ensure compliance with the NIST SP 800-53 Rev. 4 and agency specific requirements. The candidate will have experience leading and conducting security control assessments to verify and validate security control implementations, and advising technical stakeholders in preparation for Security Control Assessments (SCAs). The position will also require the ability to technically assess both major application and general support system security configurations and implementation. The candidate will have had prior experience working with a wide variety of technologies, be well versed in the current state of Information Security, and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc) and secure baselines (CIS, DISA, etc.). The individual will be required to interface with federal employees and contractors in support
of security assessment preparation activities. Additionally, this individual is responsible for assisting in the presentation of the vulnerability findings and remediation recommendations to the client. The ideal candidate will have prior experience performing full scope Risk Management processes for a federal client, to include Certification and Accreditation (C&A), FISMA Self Assessments, Technical Assessments (Vulnerability analysis, penetration testing), and Risk Assessments. Finally, the candidate should have experience using vulnerability and security testing tools and reviewing the results from tools such as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.
* Assist customer prepare for security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
* Analyze results from vulnerability scanning tools such as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.
* Interface with the clients related to the overall security control assessment program and all security control assessment prep activities which the candidate is responsible for leading.
* Develop and/or review Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plan of Action and Milestone (POA&M) Reports.
What You Need To Bring To The Table:
* 2+ years leading and supporting security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.
* Advanced understanding of the NIST Risk Management Framework (RMF)
* Experience conducting analysis of vulnerability scan results
* Professional understanding of Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems
* Working knowledge of general purpose vulnerability scanners (e.g., QualysGuard, Nessus)
* Experience implementing and auditing against security configuration checklists (e.g., DISA STIGs, CIS Benchmarks)
* Advanced understanding of NIST Special Publications (e.g., 800-53, 800-37)
* Strong documentation and communication (written and verbal) skills.
* Familiarity with Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, and Open Source Security Testing Methodology Manual (OSSTMM)
* CAP, CISSP, Security+, or GSEC certification
* Familiarity with scripting in UNIX shell, Perl, Python, or Excel macros
* Working knowledge of network firewalls, WAFs, VPNs, and other security technologies
* Ability and willingness to travel approximately 10-15% of the time within in the Continental US.
* Bachelor's degree (Information Technology or Cybersecurity related field preferred, however not required).
* 4+ years of professional experience in Cybersecurity related area
* Experience configuring and conducting technical assessments using tools such as Nessus, HP WebInspect, AppDetective, BurpSuite, and QualysGuard.
* Understanding of/experience implementing DHS Continuous Diagnostics and Mitigation (CDM) program and requirements.
* Proficiency understanding the technical architecture of IT systems built using Windows, UNIX, Linux, IBM AIX, VMware, Citrix, Oracle and MySQL platforms.
* Self-motivated and able to work in an independent manner.
* Must be able to obtain a High Risk level 6C "Public Trust" clearance. (SF-85 and SF-86 submission required)
As a full-time employee of Blue Canopy, you are eligible for an attractive benefits package, which includes medical, dental, life insurance, and short-term and long-term disability insurance. Our benefits also include paid holidays, Paid-Time-Off (PTO), a company-sponsored 401(k) plan, tuition reimbursement plan, and flexible spending accounts to allow you to pay for Health, Dependent care and Commuter costs with pre-tax income.
Blue Canopy, LLC is EOE/AA/M/F/Vet/Disability