VariQ has an exciting opportunity for a highly qualified Application Security Assessor/Penetration Tester to support the Federal Deposit Insurance Corporation (FDIC) in Arlington, VA.
Performs on-demand vulnerability scanning and compliance monitoring. Provides incident handling support for incident detection, analysis, coordination, and response.
Documents incident correlation requirements, selects incident correlation engines and recommends configuration guidelines. Performs analysis to determine the optimum configuration of network and host sensors. This analysis includes traffic load analysis, performance impacts of monitoring, determination of potential attack characteristics based on mission and infrastructure, and determination of site-specific data collection requirements.
Provides support in the identification, documentation, and development of computer and network security countermeasures. Performs penetration testing on enterprise network. Identifies network and operating systems vulnerabilities and recommends countermeasures. Supports the deployment and integration of security tools. Analyzes and recommends resolution of information security problems based on knowledge of the major information security products and services, an understanding of their limitations, and a working knowledge of the disciplines of information security. Provides Security Testing and Evaluation support for applications, systems and networks that is fully compliant with NIST guidance. Conducts research and develops security policies relevant to client environment and analyzes outside security information for relevance to FDIC. Develops, updates, and maintains internal Standard Operating Procedure for all internal assigned functions. Knowledge of IT controls, security and privacy related regulations, guidance and processes to include, but not limited to FISMA, NIST, OMB, and GAO.
A degree in Computer Science, Information Systems, Engineering, Business, or other related technical discipline is preferred. This position requires six (6) years of general experience, four (4) years of information security specialized experience, and two (2) years of information technology experience.
EXPERIENCE: General Experience: Includes six (6) years of experience in the development and/or analysis, interpretation, and compliance with federal and agency IT security policies and regulations at progressively increasing levels of responsibility.
Information Security Specialized Experience: Four (4) years of experience in information security. Experience in vulnerability assessments and incident response handling. Knowledge of computer hardware and operating systems (Windows and UNIX). Knowledge of information security products, regulations, standards, and guidelines. Experience in network monitoring using host-based and network based intrusion detection systems. Knowledge of incident response handling policy and procedures. Knowledge of intrusion detection systems and other information security products, regulations, standards and guidelines.
Information Technology Experience: Two (2) years of experience integrating, developing or deploying security products in enterprise level technology upgrades.
EDUCATION SUBSTITUTION: An advanced degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline may be considered equivalent to two (2) years generalized and two (2) years information security specialized experience. Certificates such as Microsoft’s MCSE may be considered equivalent to two (2) years of general experience and two (2) years of information technology experience. The CISSP certificate may be considered equivalent to two (2) years of information security experience.
VariQ is an equal opportunity employer.