About the Client: Client is a multi-award winning company founded in 1999. Our Client is a full-service Information Technology (IT) company dedicated to providing value focused services to the Federal Government and the Biomedical Research and Health IT Sector. They offer a collaborative working environment where growth is encouraged and nurtured. In addition, they offer competitive salaries that may include performance bonuses and a comprehensive benefits package.
We are seeking a highly motivated, flexible, organized, and detail oriented Sr. Information Security Engineer - Vulnerability and Risk Assessment to join our Clients dynamic team in Rockville MD.
We are seeking an information security analyst who will be a key member of a consulting team providing advice and support, to federal agencies, in the areas of vulnerability assessment and management.
This role will be primarily responsible for performing assessments of systems and networks within the network environment to identify where those systems/networks deviate from acceptable configurations or policies, and for measuring effectiveness of defense-in-depth architecture against known/detected vulnerabilities as per the federal cybersecurity standards & guidelines.
- Analyze an organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
- Support authorized penetration testing on enterprise network assets.
- Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions;
- Perform vulnerability analysis; Measure the effectiveness of controls against known vulnerabilities.
- Work with stakeholders (system administrators and owners) to manage risks\vulnerabilities.
- Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) impact\risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, supporting infrastructure, and applications).
- Identify systemic security issues based on the analysis of vulnerability and configuration data.
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
- Ensure remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.; Provide clear updates to management on vulnerabilities; Investigate, document, and report on status and emerging trends
- Maintain up-to-date vulnerability profiles, including respective detection and countermeasures.
- Participate in industry task forces and working groups where appropriate to understand current and emerging vulnerabilities to stay up to date.
BA or BS degree in MIS, CS, or related cybersecurity discipline (Masters preferred).
Industry standards such as CEH, CRISC, GRCP or related GIAC (preferred but not required).
Minimum 4 years’ experience in Information Security is required along with a minimum of 2 years of hands-on experience in at least 4 of the following:
- Application of Risk management frameworks and processes.
- Use of vulnerability management tools; AppScan, Tenable, ForeScout and DbProtect preferred.
- Creating\improving risk management policies, procedures, and operations.
- Participating in cross-functional efforts for managing organization-wide risks.
- Conducting Penetration Tests using Kali and\or CoreImpact.
- Collecting, organizing, analyzing and reporting updates, alerts, advisories, and bulletins.
- Use of industry-standards and widely accepted analysis principles and methods.
- Risk management processes (e.g., methods for assessing and mitigating risk).
- Cybersecurity principles, security models, organizational requirements (w.r.t. confidentiality, integrity, availability, authentication, non-repudiation), cyber threats, risks and vulnerabilities, cryptography and cryptographic key management concepts, host/network access control mechanisms (e.g., ACLs), network access, identity, & access management (e.g., PKIs), Computer networking concepts and protocols, and network security methodologies.
- Ethical hacking principles, general attack stages; Specific operational impacts of cybersecurity lapses; programming language structures and logic.
- Basic system administration, network, and operating system hardening techniques.
- Able to communicate, verbally and in writing, complex technical issues with simplicity & clarity.
- Strong Interpersonal skills, excellent attention to detail and analytical skills.
- Able to exercise discretion and maintain confidentiality.
- Proficient in reporting and answering analytical questions using vulnerability data.
- This position requires to have a least 3 years in the US residency and ability to pass public trust clearance.
- Ability to obtain and maintain up to Secret Clearance.