|

Get new similar jobs by email for

Security Assessment & Penetrat...

By continuing you agree to Monster's Privacy policy, Terms of use and use of cookies.
Monster
 
 
 
 

Job Summary

Company
Knowledge Consulting Group
Location
Reston, VA 20191
Industries
Computer/IT Services
Job Type
Full Time
Employee
Years of Experience
5+ to 7 Years
Education Level
Bachelor's Degree
Career Level
Experienced (Non-Manager)
Job Reference Code
1438

Security Assessment & Penetration Test Engineer

About the Job

Knowledge Consulting Group (KCG) is one of the largest privately held cybersecurity services firms in the United States; serving as a Federal Government Contractor and supporting Commercial customers. We operate as a trusted cyber advisor to our customers across the country. We take great pride in maintaining a single focus on being the leader in cybersecurity services, providing risk management, governance, operations, and compliance services, utilizing our CISO framework methodology. We are uniquely positioned as a trusted cyber advisor with over 90 percent of our cyber professionals holding security clearances and security-specific certifications. With over 12 years of experience in providing cybersecurity services to our customers, we have a strong record of past performance in advising and executing cyber missions for all types of organizations and sectors. 


Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level. Active clearance is preferred.


The Senior Security Engineer will work in KCG's Risk Assurance Services Division supporting federal and commercial clients. This versatile position will involve conducting federal security assessments and deploying enterprise solutions for commercial clients. In this important role, the Senior Security Engineer will get an opportunity to evaluate the technical security controls for federal agencies, deploy security solutions for Fortune 1000 corporations, and make a difference in securing critical systems.

  • Conduct NIST technical security assessments for federal clients.
  • Deploy enterprise solutions for commercial clients (e.g., Nexpose).
  • Conduct training on how to use technical solutions.
  • Identify technical infrastructure/components under scope for technical testing
  • Prepare rules of engagements (ROE)/ Technical Evaluation Plan (TEP)for different federal assessments.
  • Identify tools and resources required to complete the technical assessments.
  • Communicate with customer and KCG management to resolve conflicts and technical issues before conducting testing testing.
  • Complete technical testing and communicate results and risk with customer.
  • Develop technical report for technical and executive audience


Requirements:

  • Proficient in Windows and Linux operating systems
  • Proficient in nmap scanning (Slow Scans, Service detection, OS detection, namp Scripts)        
  • Working knowledge of web application scanning tools (Burp, Nikto, Zap) and interpreting results.
  • Working knowledge of vulnerability scanners (Nexpose, Nessus) and interpreting results.
  • Working knowledge of using Nipper (network infrastructure parser) for different network devices and interpreting results.
  • Working knowledge of using database scanning tools (Appdetective, Scuba) and interpreting results.


Ability to complete manual configuration review for different operating system (Linux, Solaris, Windos XP, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2012)  based on the CIS benchmarks


Ability to complete manual configuration review for different database servers (MySql, MSSQL, Oracle) based on the CIS benchmarks.


Ability to complete manual configuration review for web application based on the OWASP  and NIST guidelines.

Must also have:

  • Five plus years of experience in information security
  • Experience with NIST 800 Special Publications.  
  • Proficient in SQL.


Technical writing experience (required):

  • Security assessment reports
  • Technical evaluation plans
  • Technical reports for technical audience (System Admin, Network Admin, Database Admin, Application Developers)
  • Technical reports for executive audience (System Owner, ISSO)


Personal (required):

  • Excellent written and oral communication skills.
  • Self motivated, entrepreneurial spirit, and able to work in an independent manner.
  • Strong customer service skills.
  • Team player should be able to work with senior and junior team members
  • Ability to multitask, meet deadlines, and work under pressure for multiple projects/customers


**This position may involve 25-50% domestic travel consisting of week-long engagements, back on weekends.**   


Strong verbal and written communication skills are highly preferred.  It is highly desired that candidates possess strong interpersonal skills.  Candidates must be fluent in the English language. 

Candidates may be asked to provide a writing sample.


Knowledge Consulting Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, or disability status.

If interested in the position, please apply directly through our website:

https://ch.tbe.taleo.net/CH14/ats/careers/requisition.jsp?org=KNOWLEDGECG&cws=1&rid=2319

 

If you have questions or have trouble applying, you may contact:  katie.hanson@knowledgecg.com.


 

Job Tools

  • Follow Company
    Your information may be shared with the company.
  • Following Company
  • Print
  • Share
  • Report this job

Quantcast