Company: TM3 Solutions, Inc.
Posted on: January 26, 2023
JOB DESCRIPTION:Security Control Assessor to support our federal
customer located in Washington, DC. - Responsibilities.ROLE AND
- Conduct security assessments in accordance with current NIST
and DHS guidance, as well as policies and procedures for all
systems and applications. This includes all Major Applications
(MA), General Support Systems (GSS) and/or any subsystems, minor
applications or other information systems.
- Provide the subject matter expertise to support the capability
to assess up to eight (8) individual systems simultaneously per
federal government schedule
- Provide the subject matter expertise and proficiency using
tools for security assessments, including but not limited to
Nessus, WebInspect, DB Protect, Fortify, Appscan, Information
Assurance Compliance System (IACS), RSA Archer, Nipper, Burp Suite
Pro, WebSphere, ActiveState Perl, Aquafold, SoapUI Pro, Ultraedit,
SNSScan, SolarWinds Engineers Toolset, Fortify and/or other as
- Develop and provide all documentation necessary for performing
a Security Control Assessment
- Be proficient at testing, analyzing and interpreting Security
Assessment Results for all systems
- Conduct Security Control Assessments for each system as part of
the Security Authorization Process.QUALIFICATIONS AND EDUCATION
- Must be US Citizen
- -Active Top Secret/SCI Clearance
- Skilled at reviewing Database scans such as dBProtect
- Knowledge of databases and configurations to be able to
identify false positives, items of lower importance, items that are
a needed config, etc.
- Ability to create complex queries and dashboard, configure
alerting, etc. in Splunk. Must know what the most critical events
are per DB, application layer, and must know the type of audit logs
most systems create.
- Must have experience with Fortify or another static code
analysis tool, particularly especially interpreting the results and
- Must have some programming/code experience, the ability to
review code or code scans reports and determine false positives,
correct severity ratings based on function of the systems, exposure
- Must know Burp Suite Pro, or other static code tools.
- Must have the ability to do Dynamic code scan review and manual
testing using WebInspect. Knowledge of interfaces is key.
- API and Microservice knowledge.
- Cloud architecture knowledge (AWS experience is a must).
- Knowledge of container platforms.
- Ability to read and interpret Twistlock scans.
- Ability to read and analyze Nessus. Tenable.io (TIO) experience
is ideal, with the ability to read reports, interpret results and
determine where any checks may have failed or were configured too
stringently, or where the configuration would impact system
functionality to recommend improvements.
- At least three (3) years of specialized experience in one of
the below positions: Information Systems Security Officer,
Information Systems Security Engineer, Information Systems Security
Auditor or Information Systems Security Manager.
- A minimum of three (3) years of experience with analyzing,
assessing and implementing corrective actions based on
vulnerability management tools.
- A minimum of three (3) years of experience with leading
projects, technical writing, administrative tasks, and conducting
- Must have at least one (1) of the following certification:
Security+, CASP, GSEC, GSLC, CISSP, CEH, CISM or CISA
Keywords: TM3 Solutions, Inc., Alexandria , Security Assessor, Other , Alexandria, Virginia
Didn't find what you're looking for? Search again!