VariQ

  • Security Assessor/Penetration Tester (Mid CCA Tester)

    Job Locations US-VA
    Job ID
    2019-3421
    # of Openings
    1
    Category
    IT Security
    Clearance
    Public Trust
    Work Authorization
    US Citizens, preferred
    Type
    Full-time
    Posted Date
    05/29/2019
  • Overview

    VariQ has an exciting opportunity for a highly qualified IT Security Assessment Engineer to support our Federal Program (Arlington, VA). The Engineer will perform security assessments to ensure compliance with NIST 800-53A and agency specific requirements. The position will require the ability to technically assess web applications, thick clients, and general support system security configurations and their implementation.

     

    KEY ATTRIBUTES: The Engineer will have prior experience working with a wide variety of technologies, be well versed in the current state of information security, and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc.). The ideal candidate will have prior experience performing Risk Management processes for a federal client including Certification and Accreditation (C&A), FISMA self-assessments, vulnerability scans, and penetration testing.

     

    Additional Information:

    • Work Location: FDIC Arlington (Between Ballston and Clarendon)
    • Salary: Dependent upon experience
    • Security Clearance: Must pass background investigation and credit check
    • Availability: ASAP

    Responsibilities

    ROLE AND RESPONSIBILITIES: The engineer will perform security assessments to ensure compliance with the NIST 800-53a and agency specific requirements. The position will also require the ability to technically assess both application and general support system security configurations and implementation. The Engineer will be conducting physical and logical hands-on technical security evaluations of controls in place. The Engineer will be required to interface with federal employees and contractors in order to perform security assessment activities as well as the presentation of vulnerabilities to the client. The Engineer will be required to review security related documentation (System Security Plans, Configuration Management Plans, etc.). The Engineer will be responsible for overseeing and managing security control assessments from beginning to end.

    Qualifications

    OPTIONAL SKILLS AND EXPERIENCE DESIRED:

    • Professional Security Certification (CAP, CASP, CISSP, etc.)
    • 1+ years of systems administration (Windows or Linux/Unix)
    • 1+ years of experience creating or maintaining security related documentation

     

    QUALIFICATIONS: A degree in Computer Science, Information Systems, Engineering, Business, or other related technical discipline is preferred.

    • 6+ years of IT experience
    • 4+ years of experience performing system testing (security or functional)
    • 4+ years using NIST 800-53/800-53A
    • 4+ years of IT experience
    • 3+ years of Federal C&A experience
    • Bachelor’s degree in information technology related field
      • 5+ years of professional experience with 3 or more years of related work experience will be considered in lieu of a degree

     

    EDUCATION SUBSTITUTION: An advanced degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline may be considered equivalent to two (2) years generalized and two (2) years information security specialized experience. Certificates such as Microsoft’s MCSE may be considered equivalent to two (2) years of general experience and two (2) years of information technology experience. The CISSP certificate may be considered equivalent to two (2) years of information security experience.

     

     

    VariQ is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed