Vulnerability Assessment Lead
Knowledge Consulting Group - Washington, D.C.This job is no longer active. View similar jobs
- Knowledge Consulting ... Knowledge Consulting Group
- Washington, D.C.
- Job Type
- Job Classification
- Full Time
- not provided
- not provided
- Company Ref #
- AJE Ref #
- [+] More
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
Candidate will be responsible for performing various security assessments, educating the client on the inherent risks, and providing meaningful hardening and mitigation strategies. Job responsibilities include network and web-based application penetration tests, physical security assessments, logical security audits, and hands-on technical security evaluations and implementations. Additionally, this person will be expected to develop subject matter expertise or focused capabilities in the topics of database security, wireless security, or application and development security.
Responsibilities:- Conduct network and web-based application security assessments
- Conduct physical security assessments
- Conduct logical security audits and hands-on technical security evaluations and implementations
- Develop subject matter expertise of focused capabilities in the topics of database security, wireless security, or application and development security
- Conduct wireless security assessments
- Conduct social engineering assessments
Demonstrated technical experience with:- Web Application Penetration Testing.
- Linux, MS Windows.
- Vulnerability Detection and Remediation.
- Network Switching and Routing (Cisco).
Must also have:- Ability to function as project lead
- 6 plus years of experience in information security with specific application penetration testing experience.
- Working knowledge of TCP/IP ports and protocols.
- In depth familiarity with Windows and Unix operating systems.
- Familiarity with web proxy tools such as Paros and/or Burp.
- Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
- Familiarity with penetration testing tools such as BackTrack, Nessus, nmap, MetaSpolit, vulnerability scanning tools, tcpdump, wireshark, Nikto, etc.
- Familiarity with scripting in UNIX shell, PERL, or Python.
Technical writing experience (required): - Application assessment reports
- Standard operating procedures documents
- Formal policy and procedure documents
- Personal (required):
- Excellent written and oral communication skills.
- Self motivated and able to work in an independent manner. Personal (required):- Excellent written and oral communication skills.
- Self motivated and able to work in an independent manner.
Other Qualifications (desired):- Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
- Familiarity with web application testing tools such as WebInspect a
- CISSP, GIAC, GWAPT, GPEN, CEH, LPT, or CCNA certification a plus.
- Advanced degree in an IT related field a plus.
- Working knowledge of firewalls and other network security products.
- Knowledge of applied cryptographic protocols.
- Familiarity with XML, SOAP, and Ajax.
- Experience using Nessus, WebInspect, AppDetective, Qualys, Nipper, Nmap
- Dental Insurance
- Health Insurance
- Life Insurance
- 401K / Retirement Plan
- Sick Leave
- Vision Insurance
Tuition Reimbursement, Technical Training/Certs, Utilization Bonus