Previous Job
Previous
Information Security Engineer
Ref No.: 18-05633
Location: Arlington, Virginia
Position Type:Direct Placement
Pay Rate : $ 100,000.00 - 130,000.00 /Year
Information Security Engineer

Responsibilities:
The information security team is responsible for managing security tools, security initiatives & programs, and mitigating risks faced. This is a highly technical, hands-on role that requires a wide and deep experience in the technical aspects of security as well as the soft skills needed to move at the speed of business. This position requires practical knowledge of web application security, vulnerability assessment tools, secure coding methodologies, and data privacy & protection.

  • Maintain, Configure, Support and Administer Web Application Scanning tools
  • Perform vulnerability assessment of internal and external applications via automated and manual techniques
  • Direct and consult with development teams in the remediation efforts of security findings and explain risk and trade-offs in differing methods of remediation
  • Interface with external security services to receive, triage, and resolve vulnerabilities
  • Conduct or manage penetration testing, in which simulated attacks on the systems are highlighted to find any weaknesses that might be exploited by a malicious party
  • Work with technical and non-technical teams to define and document application security requirements vulnerability validation and manual source code reviews

Required:
  • Bachelor's degree from an accredited university required, Computer Science program strongly preferred
  • 4+ years of experience as an engineer, implementing and monitoring security measures for the protection of computer systems, networks and web applications
  • 4+ years of experience identifying and defining web application security vulnerabilities
  • Desired Certification in Information Security - CISSP, CISM, CEH, GPEN, GWAPT
  • Experience with the following Web Assessment tools such as: Contrast, Veracode, Fortify, WebInspect, BURP Suite PRO, SoapUI
  • Familiarity with Security technologies, including authentication/access control mechanisms, encryption, penetration testing, Source Code Analysis and Web Vulnerability Assessment
  • Have hands on experience resolving web application vulnerabilities
  • Thorough understanding of the latest security principles, techniques, and protocols
  • Experience with data stream and data messaging services, including syslog, web API Get calls, JSON, etc.
  • An understanding of ethical hacking methodologies, Secure Coding, frameworks, and industry resources, e.g. OWASP, NIST publications, SANS/CWE
  • Working knowledge of network protocols and Wintel/Linux/Unix system internals and transport protocols (TCP, TLS, HTTP/S, UDP)
  • Demonstrated In-depth knowledge and understanding of computer applications to demonstrate proficiency with development frameworks& languages (Java, NET, C/C++, C#, PHP etc.)
  • Ability to conduct Manual Source Code Security Analysis of developer source looking for coding flaws and errors for remediation
  • In addition, the ideal candidate must have strong communication and problem-solving skills. Must be able to build and maintain relationships with varying levels of management within all departments.