*Please submit resumes to go...@cy-tec.com*
*Just a reminder, the hiring manager is looking for a very technical professional with demonstrated knowledge of running web application testing tools (e.g., Cenzic Hailstorm /HP Web Inspect), identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plans. Additional job requirement details below. * *Job Title: Information Security Engineer – Level II (5+Years) Department/Division: OIS Language Preferences: English [Essential] Appointment Term: 6 (six) months – subject to renewal Location: Washington, DC Duties and Accountability The contractor will have responsibilities for specific individual tasks and for working as an integral part of the team in executing OIS’s work program. Specific responsibilities include: · Review scanner reports and work with the line of business development teams to remediate issues following a risk based approach. · Work with Threat and Vulnerability team and network operations team to mitigate vulnerabilities through recommending and monitoring of remediation activities. · Perform automated system vulnerability assessment scans using various web and application vulnerability scanners, analyze reports and assist IT staff with remediation efforts. · Perform manual vulnerability assessment and penetration testing of applications, produce report and assist with remediation. · Analyze existing and proposed processes and products and produce technical accreditation reports. · Interface with scanning vendors and the development teams to prepare C&A requests, oversee vendor scanning, interpreting results and discussing remediation recommendations with development teams. · Perform risk assessments of new C&A requests to determine the level of testing and verification required. · Coordinate web application testing activities with external managed service provider. · Assist with the security vulnerability evaluation of proposed implementation of COTS solutions. Selection Criteria 1. Academic/professional training to at least a Bachelor’s Degree or its international equivalent, preferably in Computer Science, or Computer Engineering; 2. At least 3 years of practice as an Information Security Engineer; 3. Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications; 4. Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility; 5. Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results; 6. Demonstrated knowledge of running web application testing tools (e.g., Cenzic Hailstorm /HP Web Inspect), identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plan; 7. Proven level of understanding of web application technologies and database management systems and related security concepts; 8. In-depth knowledge of common website vulnerabilities such as SQL injection, cross-site scripting, remote/local file inclusion, etc.; in-depth knowledge of common website exploit techniques such as character encoding, privilege escalation, directory traversal, etc. 9. Demonstrable skills in identifying and mitigating security weaknesses, and incorporating security into enterprise software development lifecycles 10. Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP). 11. Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the WBG. 12. Ability to collaborate with senior management stakeholders to identify requirements and drive compliance with approved standards.* Thanks & Regards *Gopal Yash* * * *CyberTec, Inc.,* 11710 Plaza America Drive, Suite 2000, Reston, Virginia – 20190 Fax: 866-515-7595 Email: go...@cy-tec.com <mo...@cy-tec.com> www.cy-tec.com -- You received this message because you are subscribed to the Google Groups "REQSRESUMES" group. To post to this group, send email to reqsresu...@googlegroups.com. To unsubscribe from this group, send email to reqsresumes+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/reqsresumes?hl=en.