VariQ has an exciting opportunity for a highly qualified IT Security Assessment Engineer to support our Federal Program (Arlington, VA). The Engineer will perform security assessments to ensure compliance with NIST 800-53A and agency specific requirements. The position will require the ability to technically assess web applications, thick clients, and general support system security configurations and their implementation.
KEY ATTRIBUTES: The Engineer will have prior experience working with a wide variety of technologies, be well versed in the current state of information security, and be able to interpret the requirements of relevant governing bodies (NIST, OMB, GAO, etc.). The ideal candidate will have prior experience performing Risk Management processes for a federal client including Certification and Accreditation (C&A), FISMA self-assessments, vulnerability scans, and penetration testing.
ROLE AND RESPONSIBILITIES: The engineer will perform security assessments to ensure compliance with the NIST 800-53a and agency specific requirements. The position will also require the ability to technically assess both application and general support system security configurations and implementation. The Engineer will be conducting physical and logical hands-on technical security evaluations of controls in place. The Engineer will be required to interface with federal employees and contractors in order to perform security assessment activities as well as the presentation of vulnerabilities to the client. The Engineer will be required to review security related documentation (System Security Plans, Configuration Management Plans, etc.). The Engineer will be responsible for overseeing and managing security control assessments from beginning to end.
QUALIFICATIONS: A degree in Computer Science, Information Systems, Engineering, Business, or other related technical discipline is preferred.
EDUCATION SUBSTITUTION: An advanced degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline may be considered equivalent to two (2) years generalized and two (2) years information security specialized experience. Certificates such as Microsoft’s MCSE may be considered equivalent to two (2) years of general experience and two (2) years of information technology experience. The CISSP certificate may be considered equivalent to two (2) years of information security experience.
VariQ is an equal opportunity employer.