A Security Fortify Administrator is needed for a large government contract. This position will be responsible for Monitoring security systems, and analyzes potential threats and vulnerabilities to client systems in the Virtual Data Center (VDC).
o Triage results from application scans, and prioritize findings
o Prepares Fortify Vulnerability reporting.
o Assists in development and implementation of technical security policies.
o Provides security analysis and consultation services for product, system and network architecture designs pertaining to application vulnerability management tools.
o Advanced knowledge of IP Network architectures including multi-tier defense in depth strategies.
o Identifies trends and root causes of application vulnerabilities and configuration settings.
o Provide Risk Analysis of Fortify Scans to application/business owner with recommended application changes.
o Coordinate the Fortify application testing
o Ensure application vulnerability scanning procedures meet CMS security requirements.
o Working knowledge of Fortify tools
o Participate in application SCA to provide Fortify Scans to business owner.
o Performs any other Information Security duties as assigned.
The successful candidate should have astrong track record of performance in the following areas:
• Bachelor’sDegree in Computer Science or related field; or equivalent post high schooleducation and/or work related experience.
• Five or more years’ experience in IT security
• Any experienceworking with compliance and regulatory program requirements especially FISMA regulated environments.
• Experienceanalyzing network, event and security logs, and/or IDS alert logs.
• Programming language skills including Java, .NET and others
• Understandingof software build environments (i.e. Maven, CruzControl, etc.)
• Proven project management and organizational skills, specifically managing multiple concurrent projects
• Excellentanalytical, problem solving and decision making skills, applied with a solution-focused attitude
• Excellentwritten communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
• Strongself-directed work habits, exhibiting initiative, drive, creativity, maturity,self-assurance and professionalism
• Excellent teamwork skills
• Travel to support audits (approximately 5%)
• Advance and/or working knowledge of HP Fortify Software Security Center
• Advanceand/or working knowledge of WebInspect
• Experience in performing application risk assessments.
• Experience working with third party application development teams.
Knowledgeof the following:
o MicrosoftWindows Server and Desktop Operating Systems
o MicrosoftActive Directory
o MicrosoftSQL Server
o Firewall,HIDS/IDS, SIEM
o Webserver fundamentals
o VulnerabilityScanning Tools (Retina, Nessus)
o Industrybest practice security standards related to the above (DISA STIG, NIST)