Vulnerability Assessment Engineer

Nessus, ACAS, RMF, Secret clearance
Full Time
Telecommuting not available Travel not required

Job Description

General Summary

ASM Research is seeking highly motivated individuals with strong vulnerability scanning and analysis experience. Candidate will perform vulnerability scanning utilizing tools such as ACAS/Nessus, SCAP and other tools as required and provide IAVM and security compliance reporting.

Candidate will work closely with team members to define security best practices, perform manual STIG reviews, support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, operating systems, and platforms.

Essential Duties and Responsibilities

  • Conducts network vulnerability scanning utilizing Nessus/ACAS and report on IAVM, Pentagon SAR, ARCYBER OPORD and TASKORDS.

  • Writes comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.

  • Engineers, implements and monitors security measures for the protection of computer systems, networks and information utilizing but not limited to DISA STIGs. Documents and implements Standard Operating Procedures (SOPs).

  • Assists in security engineering of web, database, system and network architecture.

  • Defines, maintains, and enforces security best practices. Identifies opportunities for process improvements and leads efforts implement.

  • Interpret and apply Federal and DoD laws and regulations including but not limited to DoD directives, NIST and AR publications.

  • Author system security policies & documentation from DIACAP to RMF (NIST 800-53).

Minimum Qualifications

  • Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience. Master's Degree preferred.

  • 5-10 years of experience as a Vulnerability Assessment Engineer, Cybersecurity Systems Engineer, or equivalent.

Knowledge, Skills, and Abilities

  • Must have experience developing Nessus/ACAS scan policies, reading and developing vulnerability reports.

  • Experience deploying Security Center and Nessus/ACAS scanner.

  • Understanding of FEDRAMP and system cloud migration requirements.

  • Experience reviewing audit logs utilizing SIEM tools

  • Experience utilizing HBSS MacAfee ePolicy Orchestrator

  • Understanding of encryption, hashing, secure random number generation, key derivation, digital signatures, etc.

  • Advanced knowledge of network based, system level and application layer attacks and mitigation methods, and TCP/IP, HTTP/S, and related protocols.

  • Have working experience and knowledge of Unix/Linux operating system.

  • Knowledge of web application vulnerabilities such as cross-site scripting (XSS), sessions hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.

Certifications/Licensures: TCNA, Security +, CAP, CASP, CISSP


Posted By

ASM Research

Dice Id : 10238000
Position Id : 20161215-662
Have a Job? Post it

Similar Positions

Cyber Security Consultant
  • NetSource, Inc.
  • Herndon, VA
Application Security Engineer
  • Target Labs
  • Mclean, VA
Application Security Specialist -- Need Locals
  • Saven Technologies
  • Bethesda, MD
Vulnerability Assessment Analyst
  • Base One Technologies
  • Washington, DC
Cyber Security Analyst Vulnerability Management TS/SCI Required - Washington, DC
  • General Dynamics Information Technology
  • Washington, DC
Security Engineer
  • V.L.S. Systems, Inc
  • Rockville, MD
Security Engineer - Pen Tester
  • CompuGain Corporation
  • Rockville, MD
Cyber Security Penetration Tester
  • Information Technology Engineering Corporation
  • Alexandria, VA
Application Security Engineer
  • Zolon Tech Solutions Inc
  • Rockville, MD
Application Security Assessor/PEN Tester
  • Blue Canopy Group LLC
  • Arlington, VA