Senior Security Engineer

Telos Corporation Washington, DC 20002 2016-12-03
Job Description:
We’re looking for a Sr. Security Engineer to join our
growing team. This is your chance to work with a wide
range of security technologies, and develop new security
solutions including cloud implementations. This team
supports application whitelisting, vulnerability
scanning, web application scanning, integrity
monitoring, and a large enterprise SIEM solution for our
client. The successful candidate will have a strong
background in IT Security Operations and system
administration, will be driven and focused on learning
and developing their skills. If you’ve got that ‘can-do’
attitude and possess the skills below, we’d love to talk
to you about this exciting opportunity.
This role is based in downtown Washington DC, with an up
to 60 percent telework option. The salary will be based
on education and experience and we offer an excellent
benefits package. This candidate will be required to
favorably pass a background check.

  • Supports agency wide vulnerability management and
identification program and continuous monitoring for
certification & accreditation,
  • Supports agency reporting using detailed data
gathering and analysis
  • Supports incident handling activities by providing
support to IR team for incident analysis, coordination
and response
  • Daily operations of agency vulnerability scanning
tools and supporting infrastructure
  • Support Administration of agency vulnerability
scanning tools and all supporting infrastructure,
including evaluations on Vendor recommendations ** Tools
used on a regular basis are Tripwire IP360 Federal,
Tenable SecurityCenter, Nessus, HP WebInspect, Kali
Linux (Backtrack), Metasploit Pro, and Kismet
  • Demonstrated web application security skills,
including vulnerability assessment, scanning, and
security testing; capable of conducting hands-on,
technical risk assessments of web applications. Ability
to demonstrate manual testing experience including all
of OWASP Top 10
  • Recommends courses of action to mitigate security
vulnerabilities and threats to consumer products and web
services, as well as corporate applications and
  • Manage all security-related testing for portfolio
sites and consult with their product and engineering
teams on resolving vulnerabilities, security
architecture, secure software design and threat
  • Fluent in a variety of web application protocols, web
services (components including JavaScript, HTML5, XML,
JSON, SOAP, REST, and AJAX), software development
frameworks, operating systems, and networking
technologies. Understanding of various web application
frameworks such as ASP.NET, J2EE
  • Web Server configuration knowledge: Microsoft IIS,
Apache HTTP Server, Apache Tomcat
  • Experience with Web application development, system
administration, and the software and system development
life cycle
  • Expertise in system administration: Linux, UNIX and
Windows system administration, or related technologies
  • Excellent written and verbal communication skills
along with the proven ability to present complex,
technical information to both technical and
non-technical audiences

Other General Responsibilities Include:
  • Configuring, maintaining, and monitoring an enterprise
Application Whitelisting solution.
  • Security tool development: researching, planning, and
implementing new tool features to make security tools
more effective and add value for our client
  • Running host vulnerability scans, web application
scans, adding new hosts to weekly and monthly scan lists
  • Further developing scan tools to continue to develop
our client’s continuous monitoring program
  • Interpreting vulnerability and web application scan
reports and explaining these to internal customers to
assist with remediation efforts
  • Configuring and developing an enterprise SIEM solution
including signature tuning, development of correlation
rules, reports, and alarms
  • Researching and developing new security solutions
  • Research security vulnerabilities and provide reports
as needed.
  • Triage security vulnerabilities and recommend
mitigation suggestions based on knowledge of the
  • Troubleshooting issues with security tools. Owning the
problem and seeing it through to resolution
  • Deploying new security tools, configuring their host
systems and the tool from an out-of-the-box
configuration to a production-ready state
  • Document existing and new solutions
  • Bachelors Degree in IT/Security (or additional years
of direct IT Security experience)
  • Web application Scan Tools: Ideally HP WebInspect,
AMP, Software Security Center or WebInspect Enterprise.
This person will have a good understanding of web
application scanning tools, a deep understanding how web
applications are architected and the exploitation of
associated threat. . Some hints of experience with
programming languages would be a good sign. They must be
familiar with tool deployment/tuning/upgrade and be able
to run scans, fix issues, and explain reports to
clients. (Desired: 5+ years of experience)
  • Systems administration: The candidate must have
experience with Windows and Linux/UNIX server operating
systems. They will understand permissions in both OS
types and be familiar with authentication mechanisms
particularly as it relates to scan tools. They must have
experience installing and configuring both operating
systems. (Desired: 5+ years of experience)
  • Analyzing and interpreting scan reports, and being
able to explain the details to ISSOs and clients with a
more limited security background within government
business units. The candidate must have experience in
guiding the remediation (patching) process. (Desired: 5+
years of experience)
  • Supporting a government client's compliance with
FISMA, including SCAP experience. The candidate should
have some experience with FISMA, particularly its
application in terms of Continuous Monitoring and
Continuous Diagnostics and Mitigation. (Desired: 5+
years of experience)
  • A professional attitude regarding attention to detail
and customer service and excellent organizational skills
are required
  • The successful candidate must meet eligibility
requirements to access sensitive information, which
requires US citizenship.
  • Telos maintains a drug-free workplace and will conduct
drug testing on all applicants who have accepted an
offer of employment
  • Telos Corporation participates in the E-Verify
program. Therefore, any employment with Telos will also
be contingent upon confirmation from the Social Security
Administration (“SSA”) and/or the Department of Homeland
Security (“DHS”) of your authorization to work in the
United States

Highly Desirable Experience:
  • Application Whitelisting experience in a large
enterprise environment (Preferably with Bit9). The
candidate will possess solid experience, and will have
been through server migrations and tool upgrades. The
candidate will be experienced in policy creation,
tuning, and monitoring. The candidate should be able to
articulate examples of the
projects/enhancements/upgrades they have personally been
responsible for this area. They will have worked
autonomously with an enterprise Application Whitelisting
Product. (Desired: 5+ years of experience)
  • Network Vulnerability Scan tools such as Tenable
Nessus (SecurityCenter), Qualys, or BurpSuite. The
candidate must have experience deploying scanners,
configuring the product console (e.g. SecurityCenter),
upgrading and tuning the product, and experience
troubleshooting issues with the console and various scan
issues such as host authentication. They must be able to
explain their autonomous role with these tools. They
must also be knowledgeable about different types of
vulnerabilities and their mitigation. (Desired: 5+ years
of experience)