Security Operations & Web Application Scanning Specialist (Security Clearance Required)
Security Operations & Web Application Scanning Specialist (Security Clearance Required)
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 97000 - 112000
1 Vacancy
Job Description
Shift: Standard
Pay Range: $97000 - $112000
Responsibilities:
- Identify gaps or vulnerabilities in devices and applications which includes managing and modifying applications security scan profile as per the baseline standards on a weekly basis with reporting.
- Perform monthly security analysis and reporting of the different layers of the systems (application database layers) by performing manual testing and automated system vulnerability assessment scans using various web application operating systems and database vulnerability scanners.
- Perform network vulnerability assessments and applications security testing on both native and web based mobile applications on different mobile platforms as well as networked devices. This should be completed monthly or as needed.
- Review the systems security architecture and create security test plans based on existing and planned controls and recommendations. Complete monthly or as needed with reports provided to supervisor.
- Review scanner reports and work with the application development community to remediate issues following a risk-based approach. This should be done daily with weekly reports to the supervisor.
- Work with application development and patch management teams daily to resolve vulnerabilities including recommending and monitoring remediation activities. Provide reports weekly to the supervisor and as needed.
- Continuously monitor the published vulnerabilities for various applications operating systems. This should be done daily. Based on the publicly disclosed vulnerabilities determine the patching priority and notify the stakeholders immediately with report provided to supervisor and ACISO. Review the applied patch by scanning the disclosed vulnerabilities.
- Engineer solutions: perform dynamic and static security testing as part of the Software Development Life Cycle (SDLC) monthly and/or as needed.
- Perform perimeter threat analysis by researching and reporting threat trends and utilize the analysis for continuous security posture improvement completed weekly with reporting given to supervisor weekly.
- Monthly Assessment and reporting to include threat modelling documenting potential risk vectors recommending and applicable and proportional controls and ensure risk identified if any is addressed
- 5 Years of experience in systems vulnerability management and software patching
- Excellent analytical skills
- Understanding of TCP/IP and network communications
- General knowledge of web and network content scripting languages.
- Packet-level behavioral familiarity with most major TCP/IP application protocols
- Experience in how to operate patch management Web Application Scanning management and perimeter security tools such as Nessus Tenable SecurityCenter Tanium Burp Suite NMAP CheckMarx Splunk and other open-source tools as needed and approved.
- Experience in reviewing security architectures including cloud and carrying out application security risk assessments independently.
- Well versed in multiple security technologies such as SIEM; Intrusion Detection Systems; End-point security; Web Proxy/Content Filtering; Active Directory PKI Radius RSA SecureID Log Analysis
- Experience with web mobile and network application security
- Strong understanding of OWASP top 10 and similar application security methodologies
- Strong understanding of cryptography and SSL certificate lifecycle management
- Experience with security tools including static code analysis and vulnerability scanning
- Platform experience. E.g. Linux Redhat CentOS or similar
- Experience with agile software development practices and methodologies
- Comprehensive Web Application Firewall F5 ASM & iRule experience.
- Any security configuration and/or automation experience is highly desirable
Certification Requirements
- Active Secret Security Clearance
- Security OR one of the following:
- CEH
- CASP
- SSCP
- CISA
- CISM
- GCIH
- GSEC
- CISSP
Equal Employment Opportunity (EEO) Statement
Ryan Consulting Group Inc. is an equal opportunity employer. We are dedicated to ensuring equal employment opportunities in all aspects of employment including recruitment hiring promotion training compensation benefits and termination. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability veteran status or any other characteristic protected by applicable law.
Ryan Consulting Group Inc. is also committed to complying with the Americans with Disabilities Act (ADA) and providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or accommodation due to a disability in the application process please contact
Drug-Free Workplace Statement
Ryan Consulting Group Inc. is committed to maintaining a drug-free workplace in compliance with the Drug-Free Workplace Act of 1988 which is a requirement for all federal contractors. We recognize the impact that drug and alcohol abuse can have on the safety health and productivity of our workforce and we are dedicated to providing a work environment that is free from illegal drugs and alcohol. All employment offers are conditional upon successfully passing a drug screening.
Pay Transparency Statement
Ryan Consulting Group Inc. complies with all relevant pay transparency laws in each state and jurisdiction where we operate. This includes providing salary ranges and pay data in compliance with state or local regulations where applicable.
We also ensure that applicants and employees in relevant states are informed of their right to inquire about pay information as required by state or local laws. Employees and applicants in states where pay transparency laws are in effect can expect to be provided with salary information upon request during the hiring process.
Required Experience:
Unclear Seniority
Employment Type
Full-Time
