Sr. Security Engineer WebApp Tester

Telos Corporation Washington, DC 20002 2016-12-03
Job Description:
We’re looking for a Sr. Security Engineer WebApp Tester
to join our growing team. This is your chance to work
with a wide range of security technologies, and develop
new security solutions including cloud implementations.
This team supports application whitelisting,
vulnerability scanning, web application scanning,
integrity monitoring, and a large enterprise SIEM
solution for our client. The successful candidate will
have a strong background in IT Security Operations and
system administration, will be driven and focused on
learning and developing their skills. If you’ve got that
‘can-do’ attitude and possess the skills below, we’d
love to talk to you about this exciting opportunity.
This role is based in downtown Washington DC, with an up
to 60 percent telework option. The salary will be based
on education and experience and we offer an excellent
benefits package. This candidate will be required to
favorably pass a background check.

  • Demonstrated web application security skills, including
vulnerability assessment, scanning, and security
testing; capable of conducting hands-on, technical risk
assessments of web applications. Ability to demonstrate
manual testing experience including all of OWASP Top 10
  • Recommends courses of action to mitigate security
vulnerabilities and threats to consumer products and web
services, as well as corporate applications and
  • Manage all security-related testing for portfolio sites
and consult with their product and engineering teams on
resolving vulnerabilities, security architecture, secure
software design and threat modeling.
  • Train and mentor junior team members
  • Fluent in a variety of web application protocols, web
services (components including JavaScript, HTML5, XML,
JSON, SOAP, REST, and AJAX), software development
frameworks, operating systems, and networking
technologies. Understanding of various web application
frameworks such as ASP.NET, J2EE
  • Web Server configuration knowledge: Microsoft IIS,
Apache HTTP Server, Apache Tomcat
  • Experience in shell scripting, Python, Perl, or similar
tool and automation languages
  • Ability to manage security testing projects with little
  • Experience with Web application development, system
administration, and the software and system development
life cycle
  • Systems: Expertise in system administration: Linux,
UNIX and Windows system administration, or related
  • Excellent written and verbal communication skills along
with the proven ability to present complex, technical
information to both technical and non-technical

Other General Responsibilities Include:
  • Provide technical leadership for existing and new
security solutions for our client. Plan, design and lead
the way
  • Be able to work autonomously
  • Configuring, maintaining, and monitoring an enterprise
Application Whitelisting solution.
  • Security tool development: researching, planning, and
implementing new tool features to make security tools
more effective and add value for our client
  • Running host vulnerability scans, web application
scans, adding new hosts to weekly and monthly scan lists
  • Further developing scan tools to continue to develop
our client’s continuous monitoring program
  • Interpreting vulnerability and web application scan
reports and explaining these to internal customers to
assist with remediation efforts
  • Configuring and developing an enterprise SIEM solution
including signature tuning, development of correlation
rules, reports, and alarms
  • Researching and developing new security solutions
  • Research security vulnerabilities and provide reports
as needed.
  • Triage security vulnerabilities and recommend
mitigation suggestions based on knowledge of the
  • Troubleshooting issues with security tools. Owning the
problem and seeing it through to resolution
  • Deploying new security tools, configuring their host
systems and the tool from an out-of-the-box
configuration to a production-ready state
  • Document existing and new solutions
  • Mentor and assist other Security Engineers on the team
  • Bachelors Degree in IT/Security (or additional years
of direct IT Security experience)
  • Web application Scan Tools: HP WebInspect, AMP,
Software Security Center, WebInspect Enterprise,
Qualys, BurpSuite. This person will have a good
understanding of web application scanning tools, a
deep understanding how web applications are
architected and the exploitation of associated
threat. Some hints of experience with programming
languages would be a good sign. They must be
familiar with tool deployment/tuning/upgrade and be
able to run scans, fix issues, and explain reports
to clients. (Desired: 5+ years of experience)
  • Systems administration: The candidate must have
experience with Windows and Linux/UNIX server
operating systems. They will understand permissions
in both OS types and be familiar with authentication
mechanisms particularly as it relates to scan tools.
They must have experience installing and configuring
both operating systems. (Desired: 5+ years of
  • Supporting a government client's compliance with
FISMA, including SCAP experience. The should have
some experience with FISMA, particularly its
application in terms of Continuous Monitoring and
Continuous Diagnostics and Mitigation. (Desired: 5+
years of experience)
  • A professional attitude regarding attention to
detail and customer service and excellent
organizational skills are required
  • The successful candidate must meet eligibility
requirements to access sensitive information, which
requires US citizenship.
  • Telos maintains a drug-free workplace and will
conduct drug testing on all applicants who have
accepted an offer of employment
  • Telos Corporation participates in the E-Verify
program. Therefore, any employment with Telos will
also be contingent upon confirmation from the Social
Security Administration (“SSA”) and/or the
Department of Homeland Security (“DHS”) of your
authorization to work in the United States

Highly Desirable Experience:
Network Vulnerability Scan tools such as Tenable Nessus
(Security Center). The candidate must have experience
deploying DPs (scanners), configuring the product
console (e.g. Security Center), upgrading and tuning the
product, and experience troubleshooting issues with the
console and various scan issues such as host
authentication. They must be able to explain their
autonomous role with these tools. They must also be
knowledgeable about different types of Vulnerabilities
and their mitigation. (Desired: 5+ years of experience)