Sr. Security Engineer WebApp Tester
Telos Corporation Washington, DC 20002 2016-12-03
Job Description:
We’re looking for a Sr. Security Engineer WebApp Tester
to join our growing team. This is your chance to work
with a wide range of security technologies, and develop
new security solutions including cloud implementations.
This team supports application whitelisting,
vulnerability scanning, web application scanning,
integrity monitoring, and a large enterprise SIEM
solution for our client. The successful candidate will
have a strong background in IT Security Operations and
system administration, will be driven and focused on
learning and developing their skills. If you’ve got that
‘can-do’ attitude and possess the skills below, we’d
love to talk to you about this exciting opportunity.
This role is based in downtown Washington DC, with an up
to 60 percent telework option. The salary will be based
on education and experience and we offer an excellent
benefits package. This candidate will be required to
favorably pass a background check.
Responsibilities:
testing; capable of conducting hands-on, technical risk
assessments of web applications. Ability to demonstrate
manual testing experience including all of OWASP Top 10
services, as well as corporate applications and
environments
resolving vulnerabilities, security architecture, secure
software design and threat modeling.
JSON, SOAP, REST, and AJAX), software development
frameworks, operating systems, and networking
technologies. Understanding of various web application
frameworks such as ASP.NET, J2EE
life cycle
technologies
information to both technical and non-technical
audiences
Other General Responsibilities Include:
the way
more effective and add value for our client
assist with remediation efforts
rules, reports, and alarms
environment
configuration to a production-ready state
Qualys, BurpSuite. This person will have a good
understanding of web application scanning tools, a
deep understanding how web applications are
architected and the exploitation of associated
threat. Some hints of experience with programming
languages would be a good sign. They must be
familiar with tool deployment/tuning/upgrade and be
able to run scans, fix issues, and explain reports
to clients. (Desired: 5+ years of experience)
operating systems. They will understand permissions
in both OS types and be familiar with authentication
mechanisms particularly as it relates to scan tools.
They must have experience installing and configuring
both operating systems. (Desired: 5+ years of
experience)
some experience with FISMA, particularly its
application in terms of Continuous Monitoring and
Continuous Diagnostics and Mitigation. (Desired: 5+
years of experience)
organizational skills are required
requires US citizenship.
accepted an offer of employment
also be contingent upon confirmation from the Social
Security Administration (“SSA”) and/or the
Department of Homeland Security (“DHS”) of your
authorization to work in the United States
Highly Desirable Experience:
Network Vulnerability Scan tools such as Tenable Nessus
(Security Center). The candidate must have experience
deploying DPs (scanners), configuring the product
console (e.g. Security Center), upgrading and tuning the
product, and experience troubleshooting issues with the
console and various scan issues such as host
authentication. They must be able to explain their
autonomous role with these tools. They must also be
knowledgeable about different types of Vulnerabilities
and their mitigation. (Desired: 5+ years of experience)
We’re looking for a Sr. Security Engineer WebApp Tester
to join our growing team. This is your chance to work
with a wide range of security technologies, and develop
new security solutions including cloud implementations.
This team supports application whitelisting,
vulnerability scanning, web application scanning,
integrity monitoring, and a large enterprise SIEM
solution for our client. The successful candidate will
have a strong background in IT Security Operations and
system administration, will be driven and focused on
learning and developing their skills. If you’ve got that
‘can-do’ attitude and possess the skills below, we’d
love to talk to you about this exciting opportunity.
This role is based in downtown Washington DC, with an up
to 60 percent telework option. The salary will be based
on education and experience and we offer an excellent
benefits package. This candidate will be required to
favorably pass a background check.
Responsibilities:
- Demonstrated web application security skills, including
testing; capable of conducting hands-on, technical risk
assessments of web applications. Ability to demonstrate
manual testing experience including all of OWASP Top 10
- Recommends courses of action to mitigate security
services, as well as corporate applications and
environments
- Manage all security-related testing for portfolio sites
resolving vulnerabilities, security architecture, secure
software design and threat modeling.
- Train and mentor junior team members
- Fluent in a variety of web application protocols, web
JSON, SOAP, REST, and AJAX), software development
frameworks, operating systems, and networking
technologies. Understanding of various web application
frameworks such as ASP.NET, J2EE
- Web Server configuration knowledge: Microsoft IIS,
- Experience in shell scripting, Python, Perl, or similar
- Ability to manage security testing projects with little
- Experience with Web application development, system
life cycle
- Systems: Expertise in system administration: Linux,
technologies
- Excellent written and verbal communication skills along
information to both technical and non-technical
audiences
Other General Responsibilities Include:
- Provide technical leadership for existing and new
the way
- Be able to work autonomously
- Configuring, maintaining, and monitoring an enterprise
- Security tool development: researching, planning, and
more effective and add value for our client
- Running host vulnerability scans, web application
- Further developing scan tools to continue to develop
- Interpreting vulnerability and web application scan
assist with remediation efforts
- Configuring and developing an enterprise SIEM solution
rules, reports, and alarms
- Researching and developing new security solutions
- Research security vulnerabilities and provide reports
- Triage security vulnerabilities and recommend
environment
- Troubleshooting issues with security tools. Owning the
- Deploying new security tools, configuring their host
configuration to a production-ready state
- Document existing and new solutions
- Mentor and assist other Security Engineers on the team
- Bachelors Degree in IT/Security (or additional years
- CISSP, GWAPT, GWEB, or GPEN
- Web application Scan Tools: HP WebInspect, AMP,
Qualys, BurpSuite. This person will have a good
understanding of web application scanning tools, a
deep understanding how web applications are
architected and the exploitation of associated
threat. Some hints of experience with programming
languages would be a good sign. They must be
familiar with tool deployment/tuning/upgrade and be
able to run scans, fix issues, and explain reports
to clients. (Desired: 5+ years of experience)
- Systems administration: The candidate must have
operating systems. They will understand permissions
in both OS types and be familiar with authentication
mechanisms particularly as it relates to scan tools.
They must have experience installing and configuring
both operating systems. (Desired: 5+ years of
experience)
- Supporting a government client's compliance with
some experience with FISMA, particularly its
application in terms of Continuous Monitoring and
Continuous Diagnostics and Mitigation. (Desired: 5+
years of experience)
- A professional attitude regarding attention to
organizational skills are required
- The successful candidate must meet eligibility
requires US citizenship.
- Telos maintains a drug-free workplace and will
accepted an offer of employment
- Telos Corporation participates in the E-Verify
also be contingent upon confirmation from the Social
Security Administration (“SSA”) and/or the
Department of Homeland Security (“DHS”) of your
authorization to work in the United States
Highly Desirable Experience:
Network Vulnerability Scan tools such as Tenable Nessus
(Security Center). The candidate must have experience
deploying DPs (scanners), configuring the product
console (e.g. Security Center), upgrading and tuning the
product, and experience troubleshooting issues with the
console and various scan issues such as host
authentication. They must be able to explain their
autonomous role with these tools. They must also be
knowledgeable about different types of Vulnerabilities
and their mitigation. (Desired: 5+ years of experience)
