Careers

back Back to Jobs

Information Assurance Engineer

Location: Chantilly, VA, United States
Job # 5253667
Date Posted: 04-28-2015
Summary:
Individual would be responsible providing technical assessments and expertise to specific projects. This would require being able to understand a complex system in a short amount of time, determine its security weaknesses at all layers to include hosts, databases, middleware, and applications and then generating clear, descriptive reports that include corrective actions to help guide the developer on how to mitigate the weaknesses.
 
Responsibilities:
  • Web Application Penetration Testing using a proxy tool and manual techniques
  • Assessment of applications against the OWASP Top 10 and SAN top 25 to include how that guidance maps to NIST 800-53
  • Perform manual verification of DISA Security Technical implementation guides against web and host configurations to include Unix and Windows based systems
  • Write custom SCAP content customization
  • General manual testing scripts in either perl or python (powershell a plus)
  • Be able to follow and understand ASP.net, C#, Ruby, Scala and Java programing languages and their associated runtime environments
  • Navigate and assess industry leading DBMS such as Oracle, MSSQL, and mySQL
  • Review security architecture design and configurations to include IDS, SIEM, Firewall, Web Proxies, endpoint protection etc. to determine their level of effectiveness and compliance
  • Ability to use industry leading tools such as Metasploit, Burp Suite, Kali Linux, Nessus, AppDetective, Web Inspect, Acunetix, Fortify – HANDS-ON EXPERIENCE required
  • Communicate with the system owner, senior leadership, and developer regarding security considerations of the system engineering life cycle
  • Develop and maintain security accreditation artifacts to include the Security Requirements Traceability Matrix (SRTM), System Security Plan (SSP), and others
  • Manage system Plan of Actions and Milestones (POA&M) to include the drafting of expectations and waivers as appropriate
  • Conduct assessments of system safeguards and controls and respond to external audits as required
  • Interview system administrators and support personnel to extract system functionality narratives
  • Control, label, virus scan and appropriately transfer data (upload/download) between information systems at varying classification levels
  • Conduct research and perform security analysis on the impacts of system designs, modifications, and technological initiatives.
  • Write and validate NIST 800-53Rev 4 control responses based on system documentation
  • Experience with DHS 4300 A policy a plus
Clearance Required: TS/SCI Clearance
 
Emergent is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected Veteran status.
this job portal is powered by CATS
Return to top ↑