Senior Security Engineer
Telos Corporation Washington, DC 20002 2016-12-03
Job Description:
We’re looking for a Sr. Security Engineer to join our
growing team. This is your chance to work with a wide
range of security technologies, and develop new security
solutions including cloud implementations. This team
supports application whitelisting, vulnerability
scanning, web application scanning, integrity
monitoring, and a large enterprise SIEM solution for our
client. The successful candidate will have a strong
background in IT Security Operations and system
administration, will be driven and focused on learning
and developing their skills. If you’ve got that ‘can-do’
attitude and possess the skills below, we’d love to talk
to you about this exciting opportunity.
This role is based in downtown Washington DC, with an up
to 60 percent telework option. The salary will be based
on education and experience and we offer an excellent
benefits package. This candidate will be required to
favorably pass a background check.
Responsibilities:
certification & accreditation,
and response
including evaluations on Vendor recommendations ** Tools
used on a regular basis are Tripwire IP360 Federal,
Tenable SecurityCenter, Nessus, HP WebInspect, Kali
Linux (Backtrack), Metasploit Pro, and Kismet
security testing; capable of conducting hands-on,
technical risk assessments of web applications. Ability
to demonstrate manual testing experience including all
of OWASP Top 10
services, as well as corporate applications and
environments
teams on resolving vulnerabilities, security
architecture, secure software design and threat
modeling.
JSON, SOAP, REST, and AJAX), software development
frameworks, operating systems, and networking
technologies. Understanding of various web application
frameworks such as ASP.NET, J2EE
life cycle
technical information to both technical and
non-technical audiences
Other General Responsibilities Include:
more effective and add value for our client
assist with remediation efforts
rules, reports, and alarms
environment
configuration to a production-ready state
This person will have a good understanding of web
application scanning tools, a deep understanding how web
applications are architected and the exploitation of
associated threat. . Some hints of experience with
programming languages would be a good sign. They must be
familiar with tool deployment/tuning/upgrade and be able
to run scans, fix issues, and explain reports to
clients. (Desired: 5+ years of experience)
systems. They will understand permissions in both OS
types and be familiar with authentication mechanisms
particularly as it relates to scan tools. They must have
experience installing and configuring both operating
systems. (Desired: 5+ years of experience)
more limited security background within government
business units. The candidate must have experience in
guiding the remediation (patching) process. (Desired: 5+
years of experience)
have some experience with FISMA, particularly its
application in terms of Continuous Monitoring and
Continuous Diagnostics and Mitigation. (Desired: 5+
years of experience)
are required
requires US citizenship.
offer of employment
be contingent upon confirmation from the Social Security
Administration (“SSA”) and/or the Department of Homeland
Security (“DHS”) of your authorization to work in the
United States
Highly Desirable Experience:
candidate will possess solid experience, and will have
been through server migrations and tool upgrades. The
candidate will be experienced in policy creation,
tuning, and monitoring. The candidate should be able to
articulate examples of the
projects/enhancements/upgrades they have personally been
responsible for this area. They will have worked
autonomously with an enterprise Application Whitelisting
Product. (Desired: 5+ years of experience)
candidate must have experience deploying scanners,
configuring the product console (e.g. SecurityCenter),
upgrading and tuning the product, and experience
troubleshooting issues with the console and various scan
issues such as host authentication. They must be able to
explain their autonomous role with these tools. They
must also be knowledgeable about different types of
vulnerabilities and their mitigation. (Desired: 5+ years
of experience)
We’re looking for a Sr. Security Engineer to join our
growing team. This is your chance to work with a wide
range of security technologies, and develop new security
solutions including cloud implementations. This team
supports application whitelisting, vulnerability
scanning, web application scanning, integrity
monitoring, and a large enterprise SIEM solution for our
client. The successful candidate will have a strong
background in IT Security Operations and system
administration, will be driven and focused on learning
and developing their skills. If you’ve got that ‘can-do’
attitude and possess the skills below, we’d love to talk
to you about this exciting opportunity.
This role is based in downtown Washington DC, with an up
to 60 percent telework option. The salary will be based
on education and experience and we offer an excellent
benefits package. This candidate will be required to
favorably pass a background check.
Responsibilities:
- Supports agency wide vulnerability management and
certification & accreditation,
- Supports agency reporting using detailed data
- Supports incident handling activities by providing
and response
- Daily operations of agency vulnerability scanning
- Support Administration of agency vulnerability
including evaluations on Vendor recommendations ** Tools
used on a regular basis are Tripwire IP360 Federal,
Tenable SecurityCenter, Nessus, HP WebInspect, Kali
Linux (Backtrack), Metasploit Pro, and Kismet
- Demonstrated web application security skills,
security testing; capable of conducting hands-on,
technical risk assessments of web applications. Ability
to demonstrate manual testing experience including all
of OWASP Top 10
- Recommends courses of action to mitigate security
services, as well as corporate applications and
environments
- Manage all security-related testing for portfolio
teams on resolving vulnerabilities, security
architecture, secure software design and threat
modeling.
- Fluent in a variety of web application protocols, web
JSON, SOAP, REST, and AJAX), software development
frameworks, operating systems, and networking
technologies. Understanding of various web application
frameworks such as ASP.NET, J2EE
- Web Server configuration knowledge: Microsoft IIS,
- Experience with Web application development, system
life cycle
- Expertise in system administration: Linux, UNIX and
- Excellent written and verbal communication skills
technical information to both technical and
non-technical audiences
Other General Responsibilities Include:
- Configuring, maintaining, and monitoring an enterprise
- Security tool development: researching, planning, and
more effective and add value for our client
- Running host vulnerability scans, web application
- Further developing scan tools to continue to develop
- Interpreting vulnerability and web application scan
assist with remediation efforts
- Configuring and developing an enterprise SIEM solution
rules, reports, and alarms
- Researching and developing new security solutions
- Research security vulnerabilities and provide reports
- Triage security vulnerabilities and recommend
environment
- Troubleshooting issues with security tools. Owning the
- Deploying new security tools, configuring their host
configuration to a production-ready state
- Document existing and new solutions
- Bachelors Degree in IT/Security (or additional years
- Web application Scan Tools: Ideally HP WebInspect,
This person will have a good understanding of web
application scanning tools, a deep understanding how web
applications are architected and the exploitation of
associated threat. . Some hints of experience with
programming languages would be a good sign. They must be
familiar with tool deployment/tuning/upgrade and be able
to run scans, fix issues, and explain reports to
clients. (Desired: 5+ years of experience)
- Systems administration: The candidate must have
systems. They will understand permissions in both OS
types and be familiar with authentication mechanisms
particularly as it relates to scan tools. They must have
experience installing and configuring both operating
systems. (Desired: 5+ years of experience)
- Analyzing and interpreting scan reports, and being
more limited security background within government
business units. The candidate must have experience in
guiding the remediation (patching) process. (Desired: 5+
years of experience)
- Supporting a government client's compliance with
have some experience with FISMA, particularly its
application in terms of Continuous Monitoring and
Continuous Diagnostics and Mitigation. (Desired: 5+
years of experience)
- A professional attitude regarding attention to detail
are required
- The successful candidate must meet eligibility
requires US citizenship.
- Telos maintains a drug-free workplace and will conduct
offer of employment
- Telos Corporation participates in the E-Verify
be contingent upon confirmation from the Social Security
Administration (“SSA”) and/or the Department of Homeland
Security (“DHS”) of your authorization to work in the
United States
Highly Desirable Experience:
- Application Whitelisting experience in a large
candidate will possess solid experience, and will have
been through server migrations and tool upgrades. The
candidate will be experienced in policy creation,
tuning, and monitoring. The candidate should be able to
articulate examples of the
projects/enhancements/upgrades they have personally been
responsible for this area. They will have worked
autonomously with an enterprise Application Whitelisting
Product. (Desired: 5+ years of experience)
- Network Vulnerability Scan tools such as Tenable
candidate must have experience deploying scanners,
configuring the product console (e.g. SecurityCenter),
upgrading and tuning the product, and experience
troubleshooting issues with the console and various scan
issues such as host authentication. They must be able to
explain their autonomous role with these tools. They
must also be knowledgeable about different types of
vulnerabilities and their mitigation. (Desired: 5+ years
of experience)
