IT SECURITY TESTER

IT SECURITY TESTER
MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

The IT Security Tester is responsible for conducting vulnerability, security control, application, and code assessments. The tester will also be responsible for the review and analysis of scan results, vulnerabilities and risks and providing mitigations and recommendations. Required to continuously update technologies and tools used and recommend new tools. The tester will also be responsible for the research of vulnerabilities and new threats in order to keep the client updated with the latest threats. Analyzation and updating of documentation such as configuration guides, security policies, SOP's, harden guides (secure configuration baselines) and processes is required, along with the development of assessment and audit reports.

ESSENTIAL FUNCTIONS

• Conduct vulnerability testing and security assessments within the client's environment as defined in their IT Security Technical Testing Standard Operating Procedure (SOP) and according to best practices.
• Conducts Vulnerability/Security Assessments and Audits to include:

• Automated vulnerability scanning
• Configuration Settings / Compliance Scanning
• Database security testing
• Web Applications
• IT and Desktop Applications
• Operating Systems
• Security control testing (Security Control Assessments) utilizing NIST SP 800-53a (Independent Verification and Validation)
• Monthly vulnerability and compliance scanning of all operating systems on servers and workstations to support Continuous Monitoring
• Ad-hoc vulnerability and compliance scanning of operating systems on servers and workstations, and databases to support Plan of Action and Milestone (POA&M) closure
• Software code analysis

• Performs cybersecurity tool and systems analysis, along with system and network administration in support of the organizations IT Security tools and technologies
• Perform manual testing of systems and implementation of security controls.
• Assist with the research and planning of new IT Security technologies through the SDLC.
• Experience with a depth and breadth of IT Security tools and technologies, examples of technologies used are as follows:
• Tenable, AWS Inspector, Fortify, Burp Suite, Netronome SSL Inspector, NMAP, Wireshark, and CoreImpact, etc.

• Develop test plans and perform kickoff meetings.
• Perform in-depth analysis on testing and assessment results, provide solutions and recommendations for remediation efforts, develop reports and conduct briefings on results.
Review, update and develop security configuration baselines (SCBs) and SOPs as required.

QUALIFICATIONS

Required Skill and Experience:

• 3-5 years' experience in working experience in IT Security, preferably with conducting vulnerability, security control and application security testing (source code review and application testing).
• Experience with vulnerability scanning tools and technologies.
• Working knowledge of Security principles, techniques, technologies and procedures.
• Good understanding of network protocols, design and operations.
• Strong analytical skills and efficient problem solving.
• Working technical knowledge of network and host-based intrusion detection and prevention systems.
• A strong understanding of the vulnerabilities associated with network and application protocols and vulnerabilities effecting the Microsoft Windows operating system.
• Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities.
• Experience with NIST Special Publications and guidance.
• Self-motivated, and able to work and communicate in a team environment.
• Excellent communication (written and verbal) skills

EDUCATION:

• Bachelor's degree or higher in Computer Science, Information Technology, Information Security, or similar fields.
• Experience maybe used in place of a degree based on approval by the PgM and client.

CERTIFICATIONS:

• At least one of the following certifications, or one equal based on DOD 8570, is required::

• Certified Information Systems Security Professional (CISSP);
• GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
• CompTIA Security
• CEH

WORK LOCATION & HOURS OF OPERATIONS:

• Location: Remote
• Business Hours: 7:00 am - 7:00 pm | Core Hours: 9:00 am - 3:00 pm