Senior Vulnerability Management Engineer
This job is no longer active.
View similar jobs.
POST DATE 9/13/2020
END DATE 9/18/2020
Jacobs is looking for a Senior Vulnerability Management Engineer to provide Onsite support in Reston, VA.Job Description: The Candidate will be responsible for conducting vulnerability scans at the network, operating system, database, and application levels on financial systems within this organizations enterprise. The Senior-Level engineering candidate will be performing vulnerability scanning and analysis to eliminate false positives and to aggregate findings by specific best practice criteria. The candidate must have experience providing recommendations for remediation and collecting evidence to verify the vulnerability no longer exists. The candidate will be validating the vulnerabilities identified against the National Institute of Science and Technology (NIST) Framework, National Vulnerability Database (NVD) and Security Best Practice standards such as CIS Benchmarks, DISA STIGs and vendor hardening standards. The ideal candidate will have prior experience performing full scope Risk Management processes for a federal client, to include Certification and Accreditation (C&A), FISMA Self Assessments, Technical Assessments (Vulnerability analysis, penetration testing), and Risk Assessments. The candidate should have experience using vulnerability and security testing tools and reviewing the results from tools such as Nessus, HP WebInspect, QualysGuard, AppDetective, and Burp Suite.
Qualifications: Demonstrated 7+ years of technical experience with the following techniques: Vulnerability Scanning and Analysis Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems Network Switching/Routing and TCP/IP Databases MS SQL, Oracle, DB2) Web application vulnerability scanners Qualys WAS, WebInspect, AppScan) Database vulnerability scanners AppDetective, DbProtect) General purpose vulnerability scanners QualysGuard, Nessus) Security configuration checklists DISA STIGs, CIS Benchmarks) NIST Special Publications 800-53, 800-37)Additional Requirements: Certifications like CEH, CCNA, CCNP, GSEC and others are preferred. 5+ years experience and understanding of NIST 800-53, NIST 800-53A, NIST 800-30 and NIST 800-37. 5+ years prior experience performing security control assessments of all NIST 800-53 controls. Experience configuring and using technical assessment tools such as Nessus, HP WebInspect, AppDetective, BurpSuite, Wireshark, QualysGuard and Redseal. 5+ years of Risk Management Framework (RMF) implementation experience. Proficiency understanding the technical architecture of IT systems built using Windows, UNIX, Linux, IBM AIX, VMware, Citrix, Oracle and MySQL platforms. Strong documentation and communication (written and verbal) skills. Working knowledge of common network devices Working knowledge of Windows and Unix operating systems Working knowledge of common database platforms Self-motivated and able to work in an independent manner. Must be able to obtain Public Trust level clearance. (SF-85 and SF-86 submission required).Essential Functions: