Senior ISSE/Penetration Tester

About The Position

Requirements

• At least 10 years of relevant experience with both ISSE and Penetration Testing.
• Extensive, demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark.
• Extensive knowledge of hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
• In-depth understanding and extensive experience with security practices and policies.
• Hands-on vulnerability testing using Tenable Nessus scanning products and/or nmap (Network Mapper).
• Experience with Defense in Depth Principals/technology, including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture.
• Experience applying risk assessment methodology to system development.
• Experience applying Risk Management Framework.
• Experience formulating and assessing IT security policy.
• Experience with secure configurations of commonly used desktop and server operating systems.
• Experience with penetration testing tools.
• Experience developing and implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.
• Experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass system development, design, and implementation.
• Comfortable working on multiple systems and components simultaneously in various configurations.
• Ability to effectively plan and prioritize tasking.
• Ability to communicate clearly regarding technical options and trade-offs.
• Capable of performing high quality work both independently and with a team in a fast-moving environment.
• Strong verbal and written communications skills.
• Committed to adopting and adhering to best practices.
• United States Citizenship.
• Position appropriate security clearance (e.g., Active TS/SCI security clearance with customer appropriate polygraph).

Nice To Haves

• Bachelor's degree or master's degree in Computer Science, Information Assurance, Information Security System Engineering, or a related discipline.
• DoD 8570 compliance with IASAE Level 2 or 3.
• Information Systems Security Engineering Professional (ISSEP) Certification and/or Computer Information Systems Security Professional (CISSP) Certification.
• Experience with scripting languages.
• GIAC Web Applications Penetration Tester (GWAPT) Certification.
• GIAC Penetration Tester (GPEN) Certification.
• Certified Ethical Hacker (CEH) Certification.
• Certified Information Security Manager (CISM) Certification.
• Certified Web Application Defender (GWEB) Certification.
• Certified Information System Security Professional (CISSP) Certification.

Responsibilities

• Validating and verifying system security requirements and establishing system security designs for large-scale systems, major system elements, and interfacing systems within a complex network environment.
• Identifying and implementing appropriate information security architectures and functionality to ensure uniform application of security policy and enterprise solutions.
• Recommending and developing technical solutions, products, and standards based on current and desired system security architecture.
• Assessing and mitigating system security threats and risks throughout the program life cycle.
• Leading and/or contributing to security planning, assessment, risk analysis, risk management, certification, and awareness activities.
• Collaborating with internal technical experts and communicating with Program Managers and customer POCs regarding security issues.
• Working closely with System Engineering, Test Engineering, and Integration teams to ensure hardware and software architectures meet security requirements.
• Analyzing and assessing system implementation against security compliance policies and recommending enhancements.
• Evaluating security solutions to ensure they meet customer specified requirements.
• Evaluating the impact of new development on the operational security posture of the system.
• Evaluating, reviewing, and testing critical software.
• Proposing, assessing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.
• Auditing and assessing system security configuration settings using common methodologies and tools.
• Managing and enforcing security strategies and policies that affect geographically distributed systems.
• Participating in Program Increment Planning and related agile team activities.
• Providing configuration management for security-relevant information system software.
• Serving as a subject matter expert in security architecture, advising Program Managers, customer technical experts, and internal teams.
• Formulating security compliance requirements for new system features.
• Identifying and remediating security issues throughout the system.
• Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other IA program support functions.
• Working with development teams to enhance understanding of vulnerabilities, attack vectors, and remediation approaches.
• Planning and conducting security verification testing of relevant type 1 devices.
• Performing internal and external pen tests against systems to determine vulnerabilities and develop mitigation strategies.
• Performing web app pen tests.
• Performing vulnerability risk assessments.
• Performing physical pen tests and security engineering analysis and assessing vulnerabilities/solutions.

Benefits

• Company automatically contributes an additional 12% of each employee's gross compensation to the company 401k plan, with no requirement for employee matching.
• All 401k contributions are fully vested from day one.
• Choice of Medical Plan Options, some with Health Savings Account (HSA).
• Vision and Dental insurance.
• Additional 12% of employee's gross compensation to be used for benefits, any remaining funds are then forwarded to the employee as taxable income.
• Life and AD&D Benefits (Company Paid).
• Short and Long-Term Disability (Company Paid).