Senior ISSE/Penetration Tester TS/SCI Polygraph

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or a related discipline, and at least 12 years of relevant experience. Additional experience may be substituted for a degree.
• Extensive, demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
• In-depth understanding and extensive experience with security practices and policies and hands-on vulnerability testing using Tenable Nessus scanning products and/or nmap (Network Mapper).
• Experience with Defense in Depth Principals/technology, including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture, and applying risk assessment methodology to system development.
• Experience applying Risk Management Framework.
• Experience formulating and assessing IT security policy.
• Experience with secure configurations of commonly used desktop and server operating systems.
• Experience with penetration testing tools.
• Experience developing and implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
• Experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass system development, design, and implementation.
• Comfortable working on multiple systems and components simultaneously in various configurations.
• Able to effectively plan and prioritize tasking and communicate clearly regarding technical options and trade-offs.
• Capable of performing high quality work both independently and with a team in a fast-moving environment.
• Strong verbal and written communications skills.
• Committed to adopting and adhering to best practices.
• Must have TS/SCI with Polygraph.

Nice To Haves

• DoD 8570 compliance with IASAE Level 2 or 3.
• Information Systems Security Engineering Professional (ISSEP) Certification and/or Computer Information Systems Security Professional (CISSP) Certification.
• Experience with scripting languages.
• GIAC Web Applications Penetration Tester (GWAPT)
• GIAC Penetration Tester (GPEN)
• Certified Ethical Hacker (CEH)
• Certified Information Security Manager (CISM)
• Certified Web Application Defender (GWEB)
• Certified Information System Security Professional (CISSP)

Responsibilities

• Validating and verifying system security requirements and establishing system security designs for large-scale systems, major system elements, and interfacing systems that are part of a large complex network environment with geographically distributed components.
• Identifying and implementing appropriate information security architectures and functionality to ensure uniform application of security policy and enterprise solutions.
• Recommending and developing technical solutions, products, and standards based on current and desired system security architecture.
• Assessing and mitigating system security threats and risks throughout the program life cycle.
• Leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for various system and networking operations.
• Collaborating with multiple internal technical experts and communicating with Program Managers and customer POCs when necessary regarding security issues of significant importance.
• Working closely with System Engineering, Test Engineering, and Integration teams to ensure that hardware and software architectures and implementations meet security requirements.
• Analyzing and assessing system implementation against multiple security compliance policies and recommending and implementing enhancements.
• Evaluating security solutions to ensure they meet customer specified requirements for processing information.
• Evaluating the impact of new development on the operational security posture of the system.
• Evaluating, reviewing, and testing critical software.
• Proposing, assessing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.
• Auditing and assessing system security configuration settings using common methodologies and tools.
• Managing and enforcing security strategies and policies that affect various components of geographically distributed systems.
• Participating in Program Increment Planning and related agile team activities.
• Providing configuration management for security-relevant information system software.
• Serving as a subject matter expert in security architecture to include providing advice to Program Managers, customer technical experts, and internal program teams.
• Formulating security compliance requirements for new system features.
• Identifying and remediating security issues throughout the system.
• Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other IA program support functions.
• Working with development teams to enrich team-wide understanding of different types of vulnerabilities, attack vectors and remediation approaches.
• Planning and conducting security verification testing of relevant type 1 devices.
• Performing internal and external pen tests against systems to determine vulnerabilities and develop mitigation strategies.
• Performing web app pen tests.
• Performing vulnerability risk assessments.
• Performing physical pen tests and security engineering analysis and assessing the vulnerabilities/solutions for the pen testing.

Benefits

• Paid Time Off
• 11 paid Holidays
• 401K with a 6% company match and immediate vesting
• Flexible Schedules
• Discounted Stock Purchase Plans
• Technical Upskilling
• Education and Training Support
• Parental Paid Leave