Job Details
Job Title: Apps and Server Vulnerability Engineer (Onsite)
Location: Washington, DC
Duration:12 Months+
Job Description:
We are looking for a talented and experienced Application and Server Vulnerability Assessment Engineer to join our team. The ideal candidate will be responsible for performing comprehensive security assessments of web applications, mobile applications, and servers, including penetration testing and vulnerability assessment. The successful candidate will have a strong understanding of security vulnerabilities and threats, as well as experience in remediation techniques.
Key Responsibilities:
- Conduct vulnerability assessments of web applications, mobile applications, and servers using both manual and automated tools.
- Perform penetration testing to identify potential weaknesses and vulnerabilities.
- Analyze security vulnerabilities and develop remediation plans.
- Work with development teams to ensure the implementation of security best practices.
- Stay current with emerging security threats, vulnerabilities, and industry trends.
- Produce reports outlining findings and recommended remediation steps.
- Communicate security risks and solutions to both technical and non-technical stakeholders.
- Requirements:
- Bachelor s degree in computer science, Information Security, or related field.
- At least 3 years of experience in application and server vulnerability assessment.
- Experience with vulnerability scanning tools such as Nessus, Qualys, or OpenVAS.
- Experience with web application security testing tools such as Metasploit, Burp Suite, or Kali Linux.
- Knowledge of OWASP Top 10 and CWE/SANS Top 25.
- Experience with programming languages such as Python, Ruby, or Perl.
- Strong understanding of security vulnerabilities and remediation techniques.
- Excellent written and verbal communication skills.
- Ability to work independently or in a team environment.
- Willingness to work on-site 3 days a week.
Responsibilities:- Expertise in implementing, administrating and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus, network traffic analyzers and malware analysis tools.
- Utilizes advanced experience with scripting and tool automation such as Perl, PowerShell, Regex.
- Develops, leads, and executes information security incident response plans.
- Develops standard and complex IT solutions & services, driven by business requirements and industry standards.
- May also leverage dynamic and static code assessment tools to measure vulnerability of applications throughout the SDLC.
Minimum Education/Certification Requirements:- BS Degree in IT, Cybersecurity, or Engineering, or equivalent experience
Skills:
SkillsRequired / DesiredAmountof Experience1-5 yrs. implementing, administering, and operating IS tech such as firewalls, IDS/IPS, SIEM, Antivirus, net traffic analyzers, and malware analysisRequired3Years1-5 yrs. utilizing advanced experience with scripting and tool automation such as Perl, PowerShell, RegexRequired3Years1-5 yrs. developing, leading, and executing information security incident response plansRequired3Years1-5 yrs. developing standard and complex IT solutions & services, driven by business requirements and industry standardsRequired3YearsBS Degree in IT, Cybersecurity, Engineering, or equivalent experienceRequired