Security Assessor

Company: TM3 Solutions, Inc.
Location: Alexandria
Posted on: January 26, 2023

Job Description:

JOB DESCRIPTION:Security Control Assessor to support our federal customer located in Washington, DC. - Responsibilities.ROLE AND RESPONSIBILITIES:

• Conduct security assessments in accordance with current NIST and DHS guidance, as well as policies and procedures for all systems and applications. This includes all Major Applications (MA), General Support Systems (GSS) and/or any subsystems, minor applications or other information systems.
• Provide the subject matter expertise to support the capability to assess up to eight (8) individual systems simultaneously per federal government schedule
• Provide the subject matter expertise and proficiency using tools for security assessments, including but not limited to Nessus, WebInspect, DB Protect, Fortify, Appscan, Information Assurance Compliance System (IACS), RSA Archer, Nipper, Burp Suite Pro, WebSphere, ActiveState Perl, Aquafold, SoapUI Pro, Ultraedit, SNSScan, SolarWinds Engineers Toolset, Fortify and/or other as required
• Develop and provide all documentation necessary for performing a Security Control Assessment
• Be proficient at testing, analyzing and interpreting Security Assessment Results for all systems
• Conduct Security Control Assessments for each system as part of the Security Authorization Process.QUALIFICATIONS AND EDUCATION REQUIREMENTS: -
  • Must be US Citizen
  • -Active Top Secret/SCI Clearance
  • Skilled at reviewing Database scans such as dBProtect
  • Knowledge of databases and configurations to be able to identify false positives, items of lower importance, items that are a needed config, etc.
  • Ability to create complex queries and dashboard, configure alerting, etc. in Splunk. Must know what the most critical events are per DB, application layer, and must know the type of audit logs most systems create.
  • Must have experience with Fortify or another static code analysis tool, particularly especially interpreting the results and recommending improvements.
  • Must have some programming/code experience, the ability to review code or code scans reports and determine false positives, correct severity ratings based on function of the systems, exposure and mitigations.
  • Must know Burp Suite Pro, or other static code tools.
  • Must have the ability to do Dynamic code scan review and manual testing using WebInspect. Knowledge of interfaces is key.
  • API and Microservice knowledge.
  • Cloud architecture knowledge (AWS experience is a must).
  • Knowledge of container platforms.
  • Ability to read and interpret Twistlock scans.
  • Ability to read and analyze Nessus. Tenable.io (TIO) experience is ideal, with the ability to read reports, interpret results and determine where any checks may have failed or were configured too stringently, or where the configuration would impact system functionality to recommend improvements.
  • At least three (3) years of specialized experience in one of the below positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor or Information Systems Security Manager.
  • A minimum of three (3) years of experience with analyzing, assessing and implementing corrective actions based on vulnerability management tools.
  • A minimum of three (3) years of experience with leading projects, technical writing, administrative tasks, and conducting briefings.REQUIRED CERTIFICATIONS:
    • Must have at least one (1) of the following certification: Security+, CASP, GSEC, GSLC, CISSP, CEH, CISM or CISA

Keywords: TM3 Solutions, Inc., Alexandria , Security Assessor, Other , Alexandria, Virginia