Information Systems Security Engineer (ISSE) / Penetration Tester - FULLY CLEARED with POLYGRAPH REQUIRED

Constellation Technologies, Inc•Annapolis Junction, MD

17h•Onsite

About The Position

This role is for an Information Systems Security Engineer (ISSE) / Penetration Tester who requires full clearance and polygraph. The position involves extensive work with Risk Management Framework (RMF), common security tools, and vulnerability testing. The candidate will be responsible for implementing security measures, assessing IT security policies, and supporting application development with security certifications. The role requires the ability to work with multiple systems simultaneously, plan and prioritize tasks effectively, and perform high-quality work both independently and as part of a team in a fast-paced environment.

Requirements

Must be a US Citizen
Must have TS/SCI clearance w/ active polygraph
Must have ten (10) years of experience with both ISSE and Penetration Testing
Must have extensive, demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
Must have in-depth understanding and extensive experience with security practices and policies and hands-on vulnerability testing using Tenable Nessus scanning products and/or NMAP (Network Mapper).
Must have experience with Defense in Depth Principals/technology, including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture, and applying risk assessment methodology to system development.
Must have experience applying Risk Management Framework.
Must have experience formulating and assessing IT security policy.
Must have experience with secure configurations of commonly used desktop and server operating systems.
Must have experience with penetration testing tools.
Must have experience developing and implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
Must have experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass system development, design, and implementation.
Must be comfortable working on multiple systems and components simultaneously in various configurations.
Must be able to effectively plan & prioritize tasking and communicate clearly regarding technical options and trade-offs.
Must be capable of performing high quality work both independently and with a team in a fast-moving environment.

Nice To Haves

Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or a related discipline.
DoD 8570 compliance with IASAE Level 2 or 3.
Information Systems Security Engineering Professional (ISSEP) Certification and/or Computer Information Systems Security Professional (CISSP) Certification.
Experience with scripting languages.
GIAC Web Applications Penetration Tester (GWAPT) Certification
GIAC Penetration Tester (GPEN) Certification
Certified Ethical Hacker (CEH) Certification
Certified Information Security Manager (CISM) Certification
Certified Web Application Defender (GWEB) Certification
Certified Information System Security Professional (CISSP) Certification

Responsibilities

Perform extensive, demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
Conduct in-depth understanding and extensive experience with security practices and policies and hands-on vulnerability testing using Tenable Nessus scanning products and/or NMAP (Network Mapper).
Apply Defense in Depth Principals/technology, including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture, and applying risk assessment methodology to system development.
Apply Risk Management Framework.
Formulate and assess IT security policy.
Configure secure configurations of commonly used desktop and server operating systems.
Perform penetration testing using penetration testing tools.
Develop and implement integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
Provide information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass system development, design, and implementation.
Work on multiple systems and components simultaneously in various configurations.
Effectively plan & prioritize tasking and communicate clearly regarding technical options and trade-offs.
Perform high quality work both independently and with a team in a fast-moving environment.

Benefits

Affordable healthcare options with 80% employer paid premium PLUS a company-funded HSA
Comprehensive Dental package
Vision with 80% employer paid premium
Employer paid Life insurance 100%
Employer paid Short-term and Long-term disability 100%
Annual training, continued education, and professional memberships reimbursement
Unlimited access to Red Hat Enterprise Linux, AWS, and NetApp training and accreditation
Annual reimbursement for technology i.e. phones, computers, printers, etc...
401(k) with company match up to 5% with 100% immediate vesting (after 90 days of employment)
Professional development investment and paid time off for training