Location:
VirginiaJob Description:
- Conduct web and network-based penetration tests
- Conduct vulnerability scans (Web, OS and Database)
- Analyze vulnerability scan results, report vulnerabilities and facilitate vulnerability remediation strategies with Points of Contacts (POCs)
- Identify false positives and risk acceptance candidates
- Clearly understand and communicate risks associated with vulnerabilities
- Conduct logical security audits and hands-on technical security evaluations and implementations
- Conduct physical security assessments
- Develop subject matter expertise of focused capabilities in the topics of database security, wireless security or application and development security
Demonstrated technical experience with:
- Network & Web Application Penetration Testing
- Vulnerability Scanning and Analysis
- Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems
- Switching/Routing and TCP/IP
- Databases (e.g., MS SQL, Oracle, DB2)
- Web application vulnerability scanners (e.g., Qualys WAS, WebInspect, AppScan)
- Database vulnerability scanners (e.g., AppDetective, DbProtect)
- General purpose vulnerability scanners (e.g., QualysGuard, Nessus)
- Security configuration checklists (e.g., DISA STIGs, CIS Benchmarks)
- NIST Special Publications (e.g., 800-53, 800-37)
Technical writing experience:
- Security assessment reports
- Standard operating procedures documents
- Formal policy and procedure documents
- Management and executive reports