Job Description
Job Description
IT Security Tester - SR
MILITARY FRIENDLY & PREFERRED - HOH SPONSOR
SUMMARY
The IT Security Tester - SR is responsible for identifying, assessing, and mitigating information security risks, with a particular emphasis on conducting comprehensive IT Security testing activities across the enterprise including assets, IT systems, networks, and applications. This role includes conducting vulnerability, compliance, security control, applications, and code assessments. The professional will also be responsible for the review of scan results, vulnerabilities and risks and providing mitigations and recommendations. Required to continuously update tools as needed and required. The professional is responsible for the research of risks, vulnerabilities, and new threats to keep the client updated with the latest threats. The IT Security professional is responsible for the development, updating, and automating of IT Security Hardening Guides. The IT Security professional is responsible for developing and updating documentation such as SOP.
ESSENTIAL FUNCTIONS
- Conduct IT Security Testing within the client's environment as captured in the client's IT Security Technical Testing Standard Operating Procedure (SOP) and according to best practices.
- The types of IT Security Testing which is expected is :
Monthly vulnerability and compliance scanning of all operating systems on servers and workstations to support Continuous Monitoring
Security Control Assessments (SCA) utilizing NIST SP 800-53a for systems developed and requesting production deploymentAd-hoc vulnerability and compliance scanning of operating systems on servers and workstations, and databases to support Plan of Action and Milestone (POA&M) closureApplication Security Assessment (ASA)Web ApplicationQuarterly Database scanning to support Continuous MonitoringCloud Security TestingSoftware code analysisPerform in-depth analysis on testing and assessment results, provide solutions and recommendations for remediation efforts, develop reports and conduct briefings on results.Utilize scanning tools may be identified during the period of performance to support cloud-based systems or transition to other scanning tools.Conduct Risk and Vulnerability Assessments, to include but not limited to :Utilize a variety of toolsets with the intention of discovering, analyzing, and reporting on security flaws and vulnerabilities.
Conduct detailed risk assessments of the organization's IT infrastructure, systems, applications, and data.Identify vulnerabilities, threats, and potential attack vectors, evaluating their impact on business operations and assets.Perform assessments of the client's ability to protect its information and information systems from cyber threats by identifying, assessing, and prioritizing risks to information and information systems.Supply Chain Risk Management ServicesDevelopment and implement strategies to manage both every day and exceptional risks along the supply chain, based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.
Vulnerability Testing :Perform systematic vulnerability assessments on networks, systems, and applications.
Utilize a range of tools and techniques to identify and analyze security weaknesses.Collaborate with IT teams to remediate vulnerabilities and enhance security measures.Hardening Guides (HGs) / Secure Configuration Baselines (SCBs) :Develop, document, and test hardening guides for various systems and applications.
Ensure that HG / SCB measures align with industry best practices (e.g., CIS Benchmarks), and client specific and compliance requirements.Continuously update and improve hardening guides based on new threats and vulnerabilities.Update automated scanning configuration files, to automate the system and application compliance with the client's security policies.Ensure compliance with relevant security standards and regulations.Recommend and assist in the implementation of security improvements and best practices.Continuous Monitoring :Prepare detailed reports and documentation on risk assessments, vulnerability tests, and hardening strategies.
Monitor IT environments continuously for new threats and vulnerabilities, updating assessments and security measures as needed.Engage with internal and external stakeholders, including IT teams, management, and team members.QUALIFICATIONS
Required Skill and Experience :
5 years' experience in working experience in IT Security, preferably with conducting vulnerability, security control and application security testing.Experience with vulnerability scanning tools and technologies.Working knowledge of Security principles, techniques and technologies.Strong analytical skills and efficient problem solving.Working technical knowledge of IT systems, applications, services, and protocol.A strong understanding of the vulnerabilities associated with network and application protocols and vulnerabilities effecting the Microsoft Windows operating system.Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities.Experience with NIST Special Publications and guidance.Self-motivated, and able to work and communicate in a team environment.Excellent communication (written and verbal) skills.Experience with a depth and breadth of IT Security tools and technologies, examples of technologies used are as follows :Tenable, AWS Inspector, RSA Archer, Fortify, Burp Suite, Splunk, NMAP, and Core
Education :
Bachelor's degree or higher in computer science, Information Technology, Information Security, or similar fields.Experience maybe used in place of a degree based on approval by the PgM and client.
Certifications :
At least one of the following certifications, or one equal based on DOD 8570, is required :Certified Information Systems Security Professional (CISSP);
GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)Work Location and Business / Core Hours :
Location : LOC HQ, Washington DC with remote work authorized by the COR.Business : 7 : 00 am - 7 : 00 pm EST / Core Hours : 8 : 00 am - 4 : 00 pm ESTAbility to pass a minimum background investigation.
